SET(CMAKE_C_FLAGS_CCOV "-O2 -g --coverage")
SET(CMAKE_CXX_FLAGS_CCOV "-O2 -std=c++0x -g --coverage")
-#SET(SMACK_ENABLE ON)
-
-OPTION(DPL_LOG "DPL logs status" ON)
-IF(DPL_LOG)
- MESSAGE(STATUS "Logging enabled for DPL")
- ADD_DEFINITIONS("-DDPL_LOGS_ENABLED")
-ELSE(DPL_LOG)
- MESSAGE(STATUS "Logging disabled for DPL")
-ENDIF(DPL_LOG)
-
# If supported for the target machine, emit position-independent code,suitable
# for dynamic linking and avoiding any limit on the size of the global offset
# table. This option makes a difference on the m68k, PowerPC and SPARC.
# (BJ: our ARM too?)
ADD_DEFINITIONS("-fPIC")
-# Set the default ELF image symbol visibility to hidden - all symbols will be
-# marked with this unless overridden within the code.
-#ADD_DEFINITIONS("-fvisibility=hidden")
# Set compiler warning flags
-#ADD_DEFINITIONS("-Werror") # Make all warnings into errors.
ADD_DEFINITIONS("-Wall") # Generate all warnings
ADD_DEFINITIONS("-Wextra") # Generate even more extra warnings
-ADD_DEFINITIONS("-Wno-variadic-macros") # Inhibit variadic macros warnings (needed for ORM)
-ADD_DEFINITIONS("-Wno-deprecated") # No warnings about deprecated features
-ADD_DEFINITIONS("-std=c++0x") # No warnings about deprecated features
-
-ADD_DEFINITIONS("-DSOCKET_CONNECTION") #defines sockets as used IPC
-#ADD_DEFINITIONS("-DDBUS_CONNECTION") #defines DBus as used IPC
STRING(REGEX MATCH "([^.]*)" API_VERSION "${VERSION}")
ADD_DEFINITIONS("-DAPI_VERSION=\"$(API_VERSION)\"")
-IF(SMACK_ENABLE)
- ADD_DEFINITIONS("-DWRT_SMACK_ENABLED")
-ENDIF(SMACK_ENABLE)
-
-############################# Targets names ###################################
-
-SET(TARGET_DAEMON "security-server")
-SET(TARGET_ACE_DAO_RO_LIB "ace-dao-ro")
-SET(TARGET_ACE_DAO_RW_LIB "ace-dao-rw")
-SET(TARGET_ACE_LIB "ace")
-SET(TARGET_ACE_CLIENT_LIB "ace-client")
-SET(TARGET_ACE_SETTINGS_LIB "ace-settings")
-SET(TARGET_ACE_INSTALL_LIB "ace-install")
-SET(TARGET_ACE_POPUP_VALIDATION_LIB "ace-popup-validation")
-SET(TARGET_COMMUNICATION_CLIENT_LIB "communication-client")
-SET(TARGET_WRT_OCSP_LIB "wrt-ocsp")
-SET(TARGET_SEC_SRV_LIB "sec-srv")
-SET(security-server-client "security-server-client")
-
-############################# Communicatin Client #############################
-
-SET(COMMUNICATION_CLIENT_DIR
- ${PROJECT_SOURCE_DIR}/communication_client
- )
+SET(TARGET_SECURITY_SERVER "security-server")
+SET(TARGET_SECURITY_CLIENT "security-server-client")
-SET(COMMUNICATION_CLIENT_SRC_DIR
- ${COMMUNICATION_CLIENT_DIR}/src
- )
-
-SET(COMMUNICATION_CLIENT_INCLUDE_DIR
- ${COMMUNICATION_CLIENT_DIR}/include
- )
-
-SET(COMMUNICATION_CLIENT_SOURCES
- ${COMMUNICATION_CLIENT_SRC_DIR}/SecurityCommunicationClient.cpp
- ${PROJECT_SOURCE_DIR}/socket_connection/client/SecuritySocketClient.cpp
- ${PROJECT_SOURCE_DIR}/socket_connection/connection/SocketConnection.cpp
- ${PROJECT_SOURCE_DIR}/socket_connection/connection/SocketStream.cpp
- )
-
-SET(COMMUNICATION_CLIENT_INCLUDES
- ${COMMUNICATION_CLIENT_DEPS_INCLUDE_DIRS}
- ${COMMUNICATION_CLIENT_INCLUDE_DIR}
- ${PROJECT_SOURCE_DIR}/src/daemon/sockets
- ${PROJECT_SOURCE_DIR}/src/daemon/dbus
- ${PROJECT_SOURCE_DIR}/src/daemon/socket
- ${PROJECT_SOURCE_DIR}/src/daemon/socket/api
- ${PROJECT_SOURCE_DIR}/socket_connection/client
- ${PROJECT_SOURCE_DIR}/socket_connection/connection
- )
-
-############################# subdirectories ##################################
-
-ADD_SUBDIRECTORY(ace)
-ADD_SUBDIRECTORY(ace_client)
-ADD_SUBDIRECTORY(ace_common)
-ADD_SUBDIRECTORY(ace_install)
-ADD_SUBDIRECTORY(ace_settings)
-ADD_SUBDIRECTORY(ace_popup_validation)
-ADD_SUBDIRECTORY(communication_client)
-ADD_SUBDIRECTORY(wrt_ocsp)
ADD_SUBDIRECTORY(src)
ADD_SUBDIRECTORY(build)
-ADD_SUBDIRECTORY(etc)
-
-Copyright (c) 2010 - 2013 Samsung Electronics Co., Ltd. All rights reserved.
+Copyright (c) 2000 - 2011 Samsung Electronics Co., Ltd. All rights reserved.
Apache License
Version 2.0, January 2004
same "printed page" as the copyright notice for easier
identification within third-party archives.
- Copyright (c) 2013 Samsung Electronics Co., Ltd. All rights reserved.
+ Copyright [yyyy] [name of copyright owner]
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
-Copyright (c) 2010 - 2013 Samsung Electronics Co., Ltd. All rights reserved.
+Copyright (c) Samsung Electronics Co., Ltd. All rights reserved.
Except as noted, this software is licensed under Apache License, Version 2.
-Please, see the LICENSE.APLv2.0 file for Apache License, Version 2 terms and conditions.
+Please, see the LICENSE file for Apache License terms and conditions.
+++ /dev/null
-# Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-######################################################################
-
-#DB vcore
-PKG_CHECK_MODULES(ACE_DB_DEP
- dpl-efl
- REQUIRED)
-
-#DB ace
-ADD_CUSTOM_COMMAND(
- OUTPUT ${CMAKE_BINARY_DIR}/ace/database_checksum_ace.h
- COMMAND ${CMAKE_SOURCE_DIR}/ace/orm/gen_db_md5.sh
- ARGS ${CMAKE_BINARY_DIR}/ace/database_checksum_ace.h
- ${CMAKE_SOURCE_DIR}/ace/orm/ace_db
- DEPENDS ${CMAKE_SOURCE_DIR}/ace/orm/ace_db
- ${CMAKE_SOURCE_DIR}/ace/orm/gen_db_md5.sh
- COMMENT "Generating ACE database checksum"
- )
-
-STRING(REPLACE ";" ":" DEPENDENCIES "${ACE_DB_DEP_INCLUDE_DIRS}")
-
-ADD_CUSTOM_COMMAND( OUTPUT .ace.db
- COMMAND rm -f ${CMAKE_CURRENT_BINARY_DIR}/.ace.db
- COMMAND CPATH=${DEPENDENCIES} gcc -Wall -include ${CMAKE_BINARY_DIR}/ace/database_checksum_ace.h -I${PROJECT_SOURCE_DIR}/ace/orm -E ${PROJECT_SOURCE_DIR}/ace/orm/ace_db_sql_generator.h | grep --invert-match "^#" > ${CMAKE_CURRENT_BINARY_DIR}/ace_db.sql
- COMMAND sqlite3 ${CMAKE_CURRENT_BINARY_DIR}/.ace.db ".read ${CMAKE_CURRENT_BINARY_DIR}/ace_db.sql" || rm -f ${CMAKE_CURRENT_BINARY_DIR}/.ace.db
- DEPENDS ${CMAKE_BINARY_DIR}/ace/database_checksum_ace.h ${PROJECT_SOURCE_DIR}/ace/orm/ace_db_sql_generator.h ${PROJECT_SOURCE_DIR}/ace/orm/ace_db
- )
-
-ADD_CUSTOM_COMMAND( OUTPUT .ace.db-journal
- COMMAND touch
- ARGS ${CMAKE_CURRENT_BINARY_DIR}/.ace.db-journal
- )
-
-ADD_CUSTOM_TARGET(Sqlite3DbACE ALL DEPENDS .ace.db .ace.db-journal)
-
-INSTALL(FILES ${CMAKE_CURRENT_BINARY_DIR}/ace_db.sql
- DESTINATION share/wrt-engine/
- )
-
-###########################################################
-
-INCLUDE(FindPkgConfig)
-
-SET(ACE_TEST_PATH "/usr/apps/org.tizen.policy")
-
-INSTALL(FILES
- ${CMAKE_CURRENT_SOURCE_DIR}/configuration/bondixml.xsd
- ${CMAKE_CURRENT_SOURCE_DIR}/configuration/UnrestrictedPolicy.xml
- ${CMAKE_CURRENT_SOURCE_DIR}/configuration/WAC2.0Policy.xml
- ${CMAKE_CURRENT_SOURCE_DIR}/configuration/TizenPolicy.xml
- DESTINATION /usr/etc/ace
- PERMISSIONS OWNER_READ OWNER_WRITE GROUP_READ GROUP_WRITE)
-
-SET(ACE_LIB_DEPS_BASIC
- dpl-efl
- dpl-db-efl
- dpl-event-efl
- ecore
- appcore-efl
- openssl
- sqlite3
- dlog
- vconf
- db-util
- libpcrecpp
- icu-uc
- libxml-2.0
- )
-
-IF(SMACK_ENABLED)
- LIST(APPEND ACE_LIB_DEPS_BASIC libprivilege-control)
-ENDIF(SMACK_ENABLED)
-
-PKG_CHECK_MODULES(ACE_LIB_DEPS ${ACE_LIB_DEPS_BASIC} REQUIRED)
-
-SET(WRT_ACE_DIR ${PROJECT_SOURCE_DIR}/ace)
-
-SET(ACE_SOURCES
- ${WRT_ACE_DIR}/engine/PolicyEvaluator.cpp
- ${WRT_ACE_DIR}/engine/PolicyInformationPoint.cpp
- ${WRT_ACE_DIR}/engine/CombinerImpl.cpp
- ${WRT_ACE_DIR}/engine/parser.cpp
- ${WRT_ACE_DIR}/engine/PolicyEnforcementPoint.cpp
- ${WRT_ACE_DIR}/engine/SettingsLogic.cpp
- ${WRT_ACE_DIR}/engine/Attribute.cpp
- ${WRT_ACE_DIR}/engine/Condition.cpp
- ${WRT_ACE_DIR}/engine/Policy.cpp
- ${WRT_ACE_DIR}/engine/Rule.cpp
- ${WRT_ACE_DIR}/engine/Subject.cpp
- ${WRT_ACE_DIR}/engine/TreeNode.cpp
- ${WRT_ACE_DIR}/engine/ConfigurationManager.cpp
-)
-
-INCLUDE_DIRECTORIES(${ACE_LIB_DEPS_INCLUDE_DIRS})
-INCLUDE_DIRECTORIES(${WRT_ACE_DIR}/include)
-
-SET(WITH_ACE_SETTINGS_SERVER_SOURCES
- ${WITH_ACE_SETTINGS_SERVER_NONE_SOURCES}
- )
-
-ADD_LIBRARY(${TARGET_ACE_LIB} SHARED
- ${ACE_SOURCES}
- ${WITH_ACE_SETTINGS_SERVER_SOURCES}
-)
-
-SET_TARGET_PROPERTIES(${TARGET_ACE_LIB} PROPERTIES
- SOVERSION ${API_VERSION}
- VERSION ${VERSION})
-
-SET_TARGET_PROPERTIES(${TARGET_ACE_LIB} PROPERTIES
- COMPILE_FLAGS -fPIC)
-
-TARGET_LINK_LIBRARIES(${TARGET_ACE_LIB}
- ${TARGET_ACE_DAO_RW_LIB}
- ${ACE_LIB_DEPS_LIBRARIES}
-)
-
-INSTALL(TARGETS ${TARGET_ACE_LIB}
- DESTINATION lib)
-
-INSTALL(FILES
- include/ace/WRT_INTERFACE.h
- DESTINATION
- include/ace
- )
-
-add_subdirectory(dao)
+++ /dev/null
-!!!options!!! stop
-ACE - Access Control Engine - security module for Device APIs
+++ /dev/null
-<policy-set id="Tizen-Policy" combine="first-matching-target">
- <policy id="Tizen-Policy-Partner-API" description="Partner API" combine="permit-overrides">
- <!-- Partner API. This is finger-print of tizen-distributor-root-ca-partner.pem -->
- <target>
- <subject>
- <subject-match attr="distributor-key-root-fingerprint" func="equal">
- sha-1 67:37:DE:B7:B9:9D:D2:DB:A5:2C:42:DE:CB:2F:2C:3E:33:97:E1:85
- </subject-match>
- </subject>
- </target>
-
- <rule effect="permit">
- <condition combine="or">
- <resource-match attr="device-cap" func="equal" match="tizen" />
- </condition>
- </rule>
-
- <!-- access to application -->
- <rule effect="permit">
- <condition combine="or">
- <resource-match attr="device-cap" func="equal" match="application.kill" />
- <resource-match attr="device-cap" func="equal" match="application.launch" />
- <resource-match attr="device-cap" func="equal" match="application.read" />
- </condition>
- </rule>
-
- <!-- access to bluetooth -->
- <rule effect="permit">
- <condition combine="or">
- <resource-match attr="device-cap" func="equal" match="bluetooth.admin" />
- <resource-match attr="device-cap" func="equal" match="bluetooth.gap" />
- <resource-match attr="device-cap" func="equal" match="bluetooth.spp" />
- </condition>
- </rule>
-
- <!-- access to calendar -->
- <rule effect="permit">
- <condition combine="or">
- <resource-match attr="device-cap" func="equal" match="calendar.read" />
- <resource-match attr="device-cap" func="equal" match="calendar.write" />
- </condition>
- </rule>
-
- <!-- access to call history -->
- <rule effect="permit">
- <condition combine="or">
- <resource-match attr="device-cap" func="equal" match="callhistory.read" />
- <resource-match attr="device-cap" func="equal" match="callhistory.write" />
- </condition>
- </rule>
-
- <!-- access to contact -->
- <rule effect="permit">
- <condition combine="or">
- <resource-match attr="device-cap" func="equal" match="contact.read" />
- <resource-match attr="device-cap" func="equal" match="contact.write" />
- </condition>
- </rule>
-
- <!-- access to content -->
- <rule effect="permit">
- <condition combine="or">
- <resource-match attr="device-cap" func="equal" match="content.read" />
- <resource-match attr="device-cap" func="equal" match="content.write" />
- </condition>
- </rule>
-
- <!-- access to NFC -->
- <rule effect="permit">
- <condition combine="or">
- <resource-match attr="device-cap" func="equal" match="nfc.admin" />
- <resource-match attr="device-cap" func="equal" match="nfc.tag" />
- <resource-match attr="device-cap" func="equal" match="nfc.p2p" />
- <resource-match attr="device-cap" func="equal" match="nfc.cardemulation" />
- <resource-match attr="device-cap" func="equal" match="nfc.common" />
- </condition>
- </rule>
-
- <!-- access to systeminfo -->
- <rule effect="permit">
- <condition combine="or">
- <resource-match attr="device-cap" func="equal" match="systeminfo" />
- </condition>
- </rule>
-
- <!-- access to system setting -->
- <rule effect="permit">
- <condition combine="or">
- <resource-match attr="device-cap" func="equal" match="setting" />
- </condition>
- </rule>
-
- <!-- access to download feature -->
- <rule effect="permit">
- <condition combine="or">
- <resource-match attr="device-cap" func="equal" match="download" />
- </condition>
- </rule>
-
- <!-- access to power feature -->
- <rule effect="permit">
- <condition combine="or">
- <resource-match attr="device-cap" func="equal" match="power" />
- </condition>
- </rule>
-
- <!-- access to push feature -->
- <rule effect="permit">
- <condition combine="or">
- <resource-match attr="device-cap" func="equal" match="push" />
- </condition>
- </rule>
-
- <!-- access to timeutil -->
- <rule effect="permit">
- <condition combine="or">
- <resource-match attr="device-cap" func="equal" match="time" />
- </condition>
- </rule>
-
- <!-- access to external network -->
- <!-- XMLHttpRequestTizen and externalNetworkAccessTizen defined for Tizen Webapp -->
- <!-- Function of two capabilities are same to XMLHttpRequest and externalNetworkAccess of WAC -->
- <rule effect="permit">
- <condition combine="or">
- <resource-match attr="device-cap" func="equal" match="XMLHttpRequest" />
- <resource-match attr="device-cap" func="equal" match="externalNetworkAccess" />
- </condition>
- </rule>
-
- <!-- access to external network on roaming status -->
- <rule effect="permit">
- <condition combine="and">
- <condition combine="or">
- <resource-match attr="device-cap" func="equal" match="XMLHttpRequest" />
- <resource-match attr="device-cap" func="equal" match="externalNetworkAccess" />
- </condition>
- <environment-match attr="roaming" match="true" />
- </condition>
- </rule>
-
- <rule effect="permit">
- <condition combine="or">
- <resource-match attr="device-cap" func="equal" match="alarm" />
- </condition>
- </rule>
-
- <rule effect="permit">
- <condition combine="or">
- <resource-match attr="device-cap" func="equal" match="log" />
- </condition>
- </rule>
-
- <rule effect="permit">
- <condition combine="or">
- <resource-match attr="device-cap" func="equal" match="messaging.read" />
- <resource-match attr="device-cap" func="equal" match="messaging.write" />
- <resource-match attr="device-cap" func="equal" match="messaging.send" />
- </condition>
- </rule>
-
- <rule effect="permit">
- <condition combine="or">
- <resource-match attr="device-cap" func="equal" match="filesystem.read" />
- <resource-match attr="device-cap" func="equal" match="filesystem.write" />
- </condition>
- </rule>
-
- <rule effect="permit">
- <condition combine="or">
- <resource-match attr="device-cap" func="equal" match="notification.read" />
- <resource-match attr="device-cap" func="equal" match="notification.write" />
- </condition>
- </rule>
-
- <rule effect="permit">
- <condition combine="or">
- <resource-match attr="device-cap" func="equal" match="networkbearerselection" />
- </condition>
- </rule>
-
- <rule effect="permit">
- <condition combine="or">
- <resource-match attr="device-cap" func="equal" match="datacontrol.consumer" />
- </condition>
- </rule>
-
- <rule effect="permit">
- <condition combine="or">
- <resource-match attr="device-cap" func="equal" match="se" />
- </condition>
- </rule>
-
- <rule effect="permit">
- <condition combine="or">
- <resource-match attr="device-cap" func="equal" match="account.read" />
- <resource-match attr="device-cap" func="equal" match="account.write" />
- </condition>
- </rule>
-
- <rule effect="deny" />
- </policy>
- <policy id="Tizen-Policy-Trusted" description="Tizen's policy for trusted domain" combine="permit-overrides">
- <!-- This is finger-print of certificate for TIZEN SDK (tizen.root.preproduction.cert.pem) -->
- <target>
- <subject>
- <subject-match attr="distributor-key-root-fingerprint" func="equal">
- sha-1 AD:A1:44:89:6A:35:6D:17:01:E9:6F:46:C6:00:7B:78:BE:2E:D9:4E
- </subject-match>
- </subject>
- </target>
-
- <rule effect="permit">
- <condition combine="or">
- <resource-match attr="device-cap" func="equal" match="tizen" />
- </condition>
- </rule>
-
- <!-- access to application -->
- <rule effect="permit">
- <condition combine="or">
- <resource-match attr="device-cap" func="equal" match="application.launch" />
- <resource-match attr="device-cap" func="equal" match="application.read" />
- </condition>
- </rule>
-
- <!-- access to bluetooth -->
- <rule effect="permit">
- <condition combine="or">
- <resource-match attr="device-cap" func="equal" match="bluetooth.admin" />
- <resource-match attr="device-cap" func="equal" match="bluetooth.gap" />
- <resource-match attr="device-cap" func="equal" match="bluetooth.spp" />
- </condition>
- </rule>
-
- <!-- access to calendar -->
- <rule effect="permit">
- <condition combine="or">
- <resource-match attr="device-cap" func="equal" match="calendar.read" />
- <resource-match attr="device-cap" func="equal" match="calendar.write" />
- </condition>
- </rule>
-
- <!-- access to call history -->
- <rule effect="permit">
- <condition combine="or">
- <resource-match attr="device-cap" func="equal" match="callhistory.read" />
- <resource-match attr="device-cap" func="equal" match="callhistory.write" />
- </condition>
- </rule>
-
- <!-- access to contact -->
- <rule effect="permit">
- <condition combine="or">
- <resource-match attr="device-cap" func="equal" match="contact.read" />
- <resource-match attr="device-cap" func="equal" match="contact.write" />
- </condition>
- </rule>
-
- <!-- access to content -->
- <rule effect="permit">
- <condition combine="or">
- <resource-match attr="device-cap" func="equal" match="content.read" />
- <resource-match attr="device-cap" func="equal" match="content.write" />
- </condition>
- </rule>
-
- <!-- access to NFC -->
- <rule effect="permit">
- <condition combine="or">
- <resource-match attr="device-cap" func="equal" match="nfc.admin" />
- <resource-match attr="device-cap" func="equal" match="nfc.tag" />
- <resource-match attr="device-cap" func="equal" match="nfc.p2p" />
- <resource-match attr="device-cap" func="equal" match="nfc.cardemulation" />
- <resource-match attr="device-cap" func="equal" match="nfc.common" />
- </condition>
- </rule>
-
- <!-- access to systeminfo -->
- <rule effect="permit">
- <condition combine="or">
- <resource-match attr="device-cap" func="equal" match="systeminfo" />
- </condition>
- </rule>
-
- <!-- access to system setting -->
- <rule effect="permit">
- <condition combine="or">
- <resource-match attr="device-cap" func="equal" match="setting" />
- </condition>
- </rule>
-
- <!-- access to download feature -->
- <rule effect="permit">
- <condition combine="or">
- <resource-match attr="device-cap" func="equal" match="download" />
- </condition>
- </rule>
-
- <!-- access to power feature -->
- <rule effect="permit">
- <condition combine="or">
- <resource-match attr="device-cap" func="equal" match="power" />
- </condition>
- </rule>
-
- <!-- access to push feature -->
- <rule effect="permit">
- <condition combine="or">
- <resource-match attr="device-cap" func="equal" match="push" />
- </condition>
- </rule>
-
- <!-- access to timeutil -->
- <rule effect="permit">
- <condition combine="or">
- <resource-match attr="device-cap" func="equal" match="time" />
- </condition>
- </rule>
-
- <!-- access to external network -->
- <!-- XMLHttpRequestTizen and externalNetworkAccessTizen defined for Tizen Webapp -->
- <!-- Function of two capabilities are same to XMLHttpRequest and externalNetworkAccess of WAC -->
- <rule effect="permit">
- <condition combine="or">
- <resource-match attr="device-cap" func="equal" match="XMLHttpRequest" />
- <resource-match attr="device-cap" func="equal" match="externalNetworkAccess" />
- </condition>
- </rule>
-
- <!-- access to external network on roaming status -->
- <rule effect="permit">
- <condition combine="and">
- <condition combine="or">
- <resource-match attr="device-cap" func="equal" match="XMLHttpRequest" />
- <resource-match attr="device-cap" func="equal" match="externalNetworkAccess" />
- </condition>
- <environment-match attr="roaming" match="true" />
- </condition>
- </rule>
-
- <rule effect="permit">
- <condition combine="or">
- <resource-match attr="device-cap" func="equal" match="alarm" />
- </condition>
- </rule>
-
- <rule effect="permit">
- <condition combine="or">
- <resource-match attr="device-cap" func="equal" match="log" />
- </condition>
- </rule>
-
- <rule effect="permit">
- <condition combine="or">
- <resource-match attr="device-cap" func="equal" match="messaging.read" />
- <resource-match attr="device-cap" func="equal" match="messaging.write" />
- <resource-match attr="device-cap" func="equal" match="messaging.send" />
- </condition>
- </rule>
-
- <rule effect="permit">
- <condition combine="or">
- <resource-match attr="device-cap" func="equal" match="filesystem.read" />
- <resource-match attr="device-cap" func="equal" match="filesystem.write" />
- </condition>
- </rule>
-
- <rule effect="permit">
- <condition combine="or">
- <resource-match attr="device-cap" func="equal" match="notification.read" />
- <resource-match attr="device-cap" func="equal" match="notification.write" />
- </condition>
- </rule>
-
- <rule effect="deny" />
- </policy>
-
- <policy id="Tizen-Policy-Untrusted" description="Tizen's policy for untrusted domain" combine="permit-overrides">
- <!-- Specific Untrusted Policy for Tizen -->
-
- <rule effect="permit">
- <condition combine="or">
- <resource-match attr="device-cap" func="equal" match="tizen" />
- </condition>
- </rule>
-
- <!-- access to application -->
- <rule effect="permit">
- <condition combine="or">
- <resource-match attr="device-cap" func="equal" match="application.launch" />
- <resource-match attr="device-cap" func="equal" match="application.read" />
- </condition>
- </rule>
-
- <!-- access to bluetooth -->
- <rule effect="permit">
- <condition combine="or">
- <resource-match attr="device-cap" func="equal" match="bluetooth.admin" />
- <resource-match attr="device-cap" func="equal" match="bluetooth.gap" />
- <resource-match attr="device-cap" func="equal" match="bluetooth.spp" />
- </condition>
- </rule>
-
- <!-- access to calendar -->
- <rule effect="permit">
- <condition combine="or">
- <resource-match attr="device-cap" func="equal" match="calendar.read" />
- <resource-match attr="device-cap" func="equal" match="calendar.write" />
- </condition>
- </rule>
-
- <!-- access to call history -->
- <rule effect="permit">
- <condition combine="or">
- <resource-match attr="device-cap" func="equal" match="callhistory.read" />
- <resource-match attr="device-cap" func="equal" match="callhistory.write" />
- </condition>
- </rule>
-
- <!-- access to contact -->
- <rule effect="permit">
- <condition combine="or">
- <resource-match attr="device-cap" func="equal" match="contact.read" />
- <resource-match attr="device-cap" func="equal" match="contact.write" />
- </condition>
- </rule>
-
- <!-- access to content -->
- <rule effect="permit">
- <condition combine="or">
- <resource-match attr="device-cap" func="equal" match="content.read" />
- <resource-match attr="device-cap" func="equal" match="content.write" />
- </condition>
- </rule>
-
- <!-- access to NFC -->
- <rule effect="permit">
- <condition combine="or">
- <resource-match attr="device-cap" func="equal" match="nfc.admin" />
- <resource-match attr="device-cap" func="equal" match="nfc.tag" />
- <resource-match attr="device-cap" func="equal" match="nfc.p2p" />
- <resource-match attr="device-cap" func="equal" match="nfc.cardemulation" />
- <resource-match attr="device-cap" func="equal" match="nfc.common" />
- </condition>
- </rule>
-
- <!-- access to systeminfo -->
- <rule effect="permit">
- <condition combine="or">
- <resource-match attr="device-cap" func="equal" match="systeminfo" />
- </condition>
- </rule>
-
- <!-- access to system setting -->
- <rule effect="permit">
- <condition combine="or">
- <resource-match attr="device-cap" func="equal" match="setting" />
- </condition>
- </rule>
-
- <!-- access to download feature -->
- <rule effect="permit">
- <condition combine="or">
- <resource-match attr="device-cap" func="equal" match="download" />
- </condition>
- </rule>
-
- <!-- access to power feature -->
- <rule effect="permit">
- <condition combine="or">
- <resource-match attr="device-cap" func="equal" match="power" />
- </condition>
- </rule>
-
- <!-- access to push feature -->
- <rule effect="permit">
- <condition combine="or">
- <resource-match attr="device-cap" func="equal" match="push" />
- </condition>
- </rule>
-
- <!-- access to timeutil -->
- <rule effect="permit">
- <condition combine="or">
- <resource-match attr="device-cap" func="equal" match="time" />
- </condition>
- </rule>
-
- <!-- access to external network -->
- <!-- XMLHttpRequestTizen and externalNetworkAccessTizen defined for Tizen Webapp -->
- <!-- Function of two capabilities are same to XMLHttpRequest and externalNetworkAccess of WAC -->
- <rule effect="permit">
- <condition combine="or">
- <resource-match attr="device-cap" func="equal" match="XMLHttpRequest" />
- <resource-match attr="device-cap" func="equal" match="externalNetworkAccess" />
- </condition>
- </rule>
-
- <!-- access to external network on roaming status -->
- <rule effect="permit">
- <condition combine="and">
- <condition combine="or">
- <resource-match attr="device-cap" func="equal" match="XMLHttpRequest" />
- <resource-match attr="device-cap" func="equal" match="externalNetworkAccess" />
- </condition>
- <environment-match attr="roaming" match="true" />
- </condition>
- </rule>
-
- <rule effect="permit">
- <condition combine="or">
- <resource-match attr="device-cap" func="equal" match="alarm" />
- </condition>
- </rule>
-
- <rule effect="permit">
- <condition combine="or">
- <resource-match attr="device-cap" func="equal" match="log" />
- </condition>
- </rule>
-
- <rule effect="permit">
- <condition combine="or">
- <resource-match attr="device-cap" func="equal" match="messaging.read" />
- <resource-match attr="device-cap" func="equal" match="messaging.write" />
- <resource-match attr="device-cap" func="equal" match="messaging.send" />
- </condition>
- </rule>
-
- <rule effect="permit">
- <condition combine="or">
- <resource-match attr="device-cap" func="equal" match="filesystem.read" />
- <resource-match attr="device-cap" func="equal" match="filesystem.write" />
- </condition>
- </rule>
-
- <rule effect="permit">
- <condition combine="or">
- <resource-match attr="device-cap" func="equal" match="notification.read" />
- <resource-match attr="device-cap" func="equal" match="notification.write" />
- </condition>
- </rule>
-
- <rule effect="deny" />
- </policy>
-</policy-set>
+++ /dev/null
-<policy-set id="Policy-1" combine="first-matching-target">
- <policy>
- <rule effect="permit" />
- </policy>
-</policy-set>
+++ /dev/null
-<policy-set id="WAC-Policy" combine="first-matching-target">
- <policy id="WAC-Policy-Trusted" description="WAC's policy for trusted domain" combine="permit-overrides">
- <target>
- <subject>
- <!-- This is finger-print of certificate for WAC Test Widget (operator.root.cert.pem) -->
- <subject-match attr="distributor-key-root-fingerprint" func="equal">
- sha-1 4A:9D:7A:4B:3B:29:D4:69:0A:70:B3:80:EC:A9:44:6B:03:7C:9A:38
- </subject-match>
- </subject>
- <subject>
- <!-- This is finger-print of certificate for WAC Publish ID (wac.publisher.pem) -->
- <subject-match attr="author-key-root-fingerprint" func="equal">
- sha-1 A6:00:BC:53:AC:37:5B:6A:03:C3:7A:8A:E0:1B:87:8B:82:94:9B:C2
- </subject-match>
- </subject>
- <subject>
- <!-- This is finger-print of certificate for WAC Production (wac.root.production.pem) -->
- <subject-match attr="distributor-key-root-fingerprint" func="equal">
- sha-1 A0:59:D3:37:E8:C8:2E:7F:38:84:7D:21:A9:9E:19:A9:8E:EC:EB:E1
- </subject-match>
- </subject>
- <subject>
- <!-- This is finger-print of certificate for WAC Preproduction (wac.root.preproduction.pem) -->
- <subject-match attr="distributor-key-root-fingerprint" func="equal">
- sha-1 8D:1F:CB:31:68:11:DA:22:59:26:58:13:6C:C6:72:C9:F0:DE:84:2A
- </subject-match>
- </subject>
- </target>
-
- <!-- access to external network -->
- <rule effect="permit">
- <condition combine="and">
- <condition combine="or">
- <resource-match attr="device-cap" func="equal" match="XMLHttpRequest" />
- <resource-match attr="device-cap" func="equal" match="externalNetworkAccess" />
- <resource-match attr="device-cap" func="equal" match="messaging.send" />
- </condition>
- <environment-match attr="roaming" match="true" />
- </condition>
- </rule>
- <rule effect="permit" />
- </policy>
-
- <policy id="WAC-Policy-Untrusted" description="WAC's policy for untrusted domain" combine="deny-overrides">
- <!-- Specific Untrusted Policy for WAC -->
- <!-- access to accelerometer -->
- <rule effect="permit">
- <condition combine="or">
- <resource-match attr="device-cap" func="equal" match="accelerometer" />
- </condition>
- </rule>
-
- <!-- access to calendar -->
- <rule effect="permit">
- <condition combine="or">
- <resource-match attr="device-cap" func="equal" match="pim.calendar.read" />
- <resource-match attr="device-cap" func="equal" match="pim.calendar.write" />
- </condition>
- </rule>
-
- <!-- access to camera -->
- <rule effect="permit">
- <condition combine="or">
- <resource-match attr="device-cap" func="equal" match="camera.show" />
- </condition>
- </rule>
- <rule effect="permit">
- <condition combine="or">
- <resource-match attr="device-cap" func="equal" match="camera.capture" />
- </condition>
- </rule>
-
- <!-- access to contact -->
- <rule effect="permit">
- <condition combine="or">
- <resource-match attr="device-cap" func="equal" match="pim.contact.read" />
- <resource-match attr="device-cap" func="equal" match="pim.contact.write" />
- </condition>
- </rule>
-
- <!-- access to device-interaction -->
- <rule effect="permit">
- <condition combine="or">
- <resource-match attr="device-cap" func="equal" match="deviceinteraction" />
- </condition>
- </rule>
-
- <!-- access to device-status -->
- <rule effect="permit">
- <condition combine="or">
- <resource-match attr="device-cap" func="equal" match="devicestatus.deviceinfo" />
- <resource-match attr="device-cap" func="equal" match="devicestatus.networkinfo" />
- </condition>
- </rule>
-
- <!-- access to filesystem -->
- <rule effect="permit">
- <condition combine="and">
- <condition combine="or">
- <resource-match attr="device-cap" func="equal" match="filesystem.read" />
- <resource-match attr="device-cap" func="equal" match="filesystem.write" />
- </condition>
- <condition combine="or">
- <resource-match attr="param:location" func="equal">wgt-private</resource-match>
- <resource-match attr="param:location" func="equal">wgt-private-tmp</resource-match>
- <resource-match attr="param:location" func="equal">wgt-package</resource-match>
- </condition>
- </condition>
- </rule>
-
- <!-- access to messaging -->
- <rule effect="permit">
- <condition combine="or">
- <resource-match attr="device-cap" func="equal" match="messaging.find" />
- <resource-match attr="device-cap" func="equal" match="messaging.subscribe" />
- <resource-match attr="device-cap" func="equal" match="messaging.write" />
- </condition>
- </rule>
-
- <!-- access to message send on roaming status -->
- <rule effect="deny">
- <condition combine="and">
- <resource-match attr="device-cap" func="equal" match="messaging.send" />
- <environment-match attr="roaming" match="true" />
- </condition>
- </rule>
-
- <!-- access to geolocation -->
- <rule effect="permit">
- <condition combine="or">
- <resource-match attr="device-cap" func="equal" match="geolocation" />
- </condition>
- </rule>
-
- <!-- access to orientation -->
- <rule effect="permit">
- <condition combine="or">
- <resource-match attr="device-cap" func="equal" match="orientation" />
- </condition>
- </rule>
-
- <!-- access to task -->
- <rule effect="permit">
- <condition combine="or">
- <resource-match attr="device-cap" func="equal" match="pim.task.read" />
- <resource-match attr="device-cap" func="equal" match="pim.task.write" />
- </condition>
- </rule>
- <!-- access to external network -->
- <rule effect="permit">
- <condition combine="or">
- <resource-match attr="device-cap" func="equal" match="XMLHttpRequest" />
- <resource-match attr="device-cap" func="equal" match="externalNetworkAccess" />
- </condition>
- </rule>
-
- <!-- access to external network on roaming status -->
- <rule effect="permit">
- <condition combine="and">
- <condition combine="or">
- <resource-match attr="device-cap" func="equal" match="XMLHttpRequest" />
- <resource-match attr="device-cap" func="equal" match="externalNetworkAccess" />
- </condition>
- <environment-match attr="roaming" match="true" />
- </condition>
- </rule>
-
- </policy>
-</policy-set>
+++ /dev/null
-<?xml version="1.0" encoding="UTF-8"?>
-<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" elementFormDefault="qualified">
- <xs:element name="policy-set">
- <xs:complexType>
- <xs:sequence>
- <xs:element minOccurs="0" ref="target"/>
- <xs:choice minOccurs="0" maxOccurs="unbounded">
- <xs:element ref="policy-set"/>
- <xs:element ref="policy"/>
- </xs:choice>
- </xs:sequence>
- <xs:attributeGroup ref="policy-set.attlist"/>
- </xs:complexType>
- </xs:element>
- <xs:attributeGroup name="policy-set.attlist">
- <xs:attribute name="combine" default="deny-overrides">
- <xs:simpleType>
- <xs:restriction base="xs:token">
- <xs:enumeration value="deny-overrides"/>
- <xs:enumeration value="permit-overrides"/>
- <xs:enumeration value="first-matching-target"/>
- </xs:restriction>
- </xs:simpleType>
- </xs:attribute>
- <xs:attribute name="id"/>
- </xs:attributeGroup>
- <xs:element name="policy">
- <xs:complexType>
- <xs:sequence>
- <xs:element minOccurs="0" ref="target"/>
- <xs:element minOccurs="0" maxOccurs="unbounded" ref="rule"/>
- </xs:sequence>
- <xs:attributeGroup ref="policy.attlist"/>
- </xs:complexType>
- </xs:element>
- <xs:attributeGroup name="policy.attlist">
- <xs:attribute name="combine" default="deny-overrides">
- <xs:simpleType>
- <xs:restriction base="xs:token">
- <xs:enumeration value="deny-overrides"/>
- <xs:enumeration value="permit-overrides"/>
- <xs:enumeration value="first-applicable"/>
- </xs:restriction>
- </xs:simpleType>
- </xs:attribute>
- <xs:attribute name="description"/>
- <xs:attribute name="id"/>
- </xs:attributeGroup>
- <xs:element name="rule">
- <xs:complexType>
- <xs:sequence>
- <xs:element minOccurs="0" ref="condition"/>
- </xs:sequence>
- <xs:attributeGroup ref="rule.attlist"/>
- </xs:complexType>
- </xs:element>
- <xs:attributeGroup name="rule.attlist">
- <xs:attribute name="effect" default="permit">
- <xs:simpleType>
- <xs:restriction base="xs:token">
- <xs:enumeration value="permit"/>
- <xs:enumeration value="prompt-blanket"/>
- <xs:enumeration value="prompt-session"/>
- <xs:enumeration value="prompt-oneshot"/>
- <xs:enumeration value="deny"/>
- </xs:restriction>
- </xs:simpleType>
- </xs:attribute>
- </xs:attributeGroup>
- <xs:element name="target">
- <xs:complexType>
- <xs:sequence>
- <xs:element maxOccurs="unbounded" ref="subject"/>
- </xs:sequence>
- </xs:complexType>
- </xs:element>
- <xs:element name="subject">
- <xs:complexType>
- <xs:sequence>
- <xs:element maxOccurs="unbounded" ref="subject-match"/>
- </xs:sequence>
- </xs:complexType>
- </xs:element>
- <xs:element name="condition">
- <xs:complexType>
- <xs:choice maxOccurs="unbounded">
- <xs:element ref="condition"/>
- <xs:element ref="subject-match"/>
- <xs:element ref="resource-match"/>
- <xs:element ref="environment-match"/>
- </xs:choice>
- <xs:attributeGroup ref="condition.attlist"/>
- </xs:complexType>
- </xs:element>
- <xs:attributeGroup name="condition.attlist">
- <xs:attribute name="combine" default="and">
- <xs:simpleType>
- <xs:restriction base="xs:token">
- <xs:enumeration value="and"/>
- <xs:enumeration value="or"/>
- </xs:restriction>
- </xs:simpleType>
- </xs:attribute>
- </xs:attributeGroup>
- <xs:attributeGroup name="match-attrs">
- <xs:attribute name="attr" use="required"/>
- <xs:attribute name="match"/>
- <xs:attribute name="func" default="glob">
- <xs:simpleType>
- <xs:restriction base="xs:token">
- <xs:enumeration value="equal"/>
- <xs:enumeration value="glob"/>
- <xs:enumeration value="regexp"/>
- </xs:restriction>
- </xs:simpleType>
- </xs:attribute>
- </xs:attributeGroup>
- <xs:element name="subject-match">
- <xs:complexType mixed="true">
- <xs:attributeGroup ref="subject-match.attlist"/>
- </xs:complexType>
- </xs:element>
- <xs:attributeGroup name="subject-match.attlist">
- <xs:attributeGroup ref="match-attrs"/>
- </xs:attributeGroup>
- <xs:complexType name="match-model" mixed="true">
- <xs:choice minOccurs="0" maxOccurs="unbounded">
- <xs:element ref="subject-attr"/>
- <xs:element ref="resource-attr"/>
- <xs:element ref="environment-attr"/>
- </xs:choice>
- </xs:complexType>
- <xs:element name="resource-match">
- <xs:complexType>
- <xs:complexContent>
- <xs:extension base="match-model">
- <xs:attributeGroup ref="resource-match.attlist"/>
- </xs:extension>
- </xs:complexContent>
- </xs:complexType>
- </xs:element>
- <xs:attributeGroup name="resource-match.attlist">
- <xs:attributeGroup ref="match-attrs"/>
- </xs:attributeGroup>
- <xs:element name="environment-match">
- <xs:complexType>
- <xs:complexContent>
- <xs:extension base="match-model">
- <xs:attributeGroup ref="environment-match.attlist"/>
- </xs:extension>
- </xs:complexContent>
- </xs:complexType>
- </xs:element>
- <xs:attributeGroup name="environment-match.attlist">
- <xs:attributeGroup ref="match-attrs"/>
- </xs:attributeGroup>
- <xs:attributeGroup name="attr-attrs">
- <xs:attribute name="attr" use="required"/>
- </xs:attributeGroup>
- <xs:element name="subject-attr">
- <xs:complexType>
- <xs:attributeGroup ref="subject-attr.attlist"/>
- </xs:complexType>
- </xs:element>
- <xs:attributeGroup name="subject-attr.attlist">
- <xs:attributeGroup ref="attr-attrs"/>
- </xs:attributeGroup>
- <xs:element name="resource-attr">
- <xs:complexType>
- <xs:attributeGroup ref="resource-attr.attlist"/>
- </xs:complexType>
- </xs:element>
- <xs:attributeGroup name="resource-attr.attlist">
- <xs:attributeGroup ref="attr-attrs"/>
- </xs:attributeGroup>
- <xs:element name="environment-attr">
- <xs:complexType>
- <xs:attributeGroup ref="environment-attr.attlist"/>
- </xs:complexType>
- </xs:element>
- <xs:attributeGroup name="environment-attr.attlist">
- <xs:attributeGroup ref="attr-attrs"/>
- </xs:attributeGroup>
-</xs:schema>
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/**
- *
- *
- * @file AceDAO.cpp
- * @author Krzysztof Jackiewicz (k.jackiewicz@samsung.com)
- * @version 0.1
- * @brief
- */
-
-#include <ace-dao-rw/AceDAO.h>
-
-#include <openssl/md5.h>
-#include <dpl/foreach.h>
-#include <dpl/string.h>
-#include <dpl/log/log.h>
-#include <dpl/db/orm.h>
-#include <ace-dao-ro/AceDAOUtilities.h>
-#include <ace-dao-ro/AceDAOConversions.h>
-#include <ace-dao-ro/AceDatabase.h>
-
-using namespace DPL::DB::ORM;
-using namespace DPL::DB::ORM::ace;
-using namespace AceDB::AceDaoUtilities;
-using namespace AceDB::AceDaoConversions;
-
-namespace {
-char const * const EMPTY_SESSION = "";
-} // namespace
-
-namespace AceDB{
-
-void AceDAO::setPromptDecision(
- WidgetHandle widgetHandle,
- int ruleId,
- const DPL::OptionalString &session,
- PromptDecision decision)
-{
- Try {
- ScopedTransaction transaction(&AceDaoUtilities::m_databaseInterface);
-
- ACE_DB_DELETE(del, AcePromptDecision, &AceDaoUtilities::m_databaseInterface);
- del->Where(
- And(
- Equals<AcePromptDecision::app_id>(widgetHandle),
- Equals<AcePromptDecision::rule_id>(ruleId)));
- del->Execute();
-
- AcePromptDecision::Row row;
- row.Set_rule_id(ruleId);
- row.Set_decision(promptDecisionToInt(decision));
- row.Set_app_id(widgetHandle);
- row.Set_session(session);
- ACE_DB_INSERT(insert, AcePromptDecision, &AceDaoUtilities::m_databaseInterface);
- insert->Values(row);
- insert->Execute();
-
- transaction.Commit();
- }
- Catch(DPL::DB::SqlConnection::Exception::Base) {
- ReThrowMsg(Exception::DatabaseError, "Failed to setUserSetting");
- }
-}
-
-void AceDAO::removePolicyResult(
- const BaseAttributeSet &attributes)
-{
- Try {
- ScopedTransaction transaction(&AceDaoUtilities::m_databaseInterface);
-
- auto attrHash = convertToHash(attributes);
-
- ACE_DB_DELETE(del,
- AcePolicyResult,
- &AceDaoUtilities::m_databaseInterface);
- del->Where(Equals<AcePolicyResult::hash>(attrHash));
- del->Execute();
- transaction.Commit();
- }
- Catch(DPL::DB::SqlConnection::Exception::Base) {
- ReThrowMsg(Exception::DatabaseError, "Failed to removeVerdict");
- }
-}
-
-void AceDAO::clearAllSettings(void)
-{
- clearWidgetDevCapSettings();
- clearDevCapSettings();
-}
-
-void AceDAO::setDevCapSetting(const std::string &resource,
- PreferenceTypes preference)
-{
- Try {
- ACE_DB_UPDATE(update, AceDevCap, &AceDaoUtilities::m_databaseInterface);
- AceDevCap::Row row;
- row.Set_general_setting(preferenceToInt(preference));
- update->Values(row);
- update->Where(
- Equals<AceDevCap::id_uri>(DPL::FromUTF8String(resource)));
- update->Execute();
- }
- Catch(DPL::DB::SqlConnection::Exception::Base) {
- ReThrowMsg(Exception::DatabaseError, "Failed to SetResourceSetting");
- }
-}
-
-void AceDAO::removeDevCapSetting(const std::string &resource)
-{
- Try {
- ACE_DB_UPDATE(update, AceDevCap, &AceDaoUtilities::m_databaseInterface);
- AceDevCap::Row row;
- row.Set_general_setting(preferenceToInt(PreferenceTypes::PREFERENCE_DEFAULT));
- update->Values(row);
- update->Where(
- Equals<AceDevCap::id_uri>(DPL::FromUTF8String(resource)));
- update->Execute();
- }
- Catch(DPL::DB::SqlConnection::Exception::Base) {
- ReThrowMsg(Exception::DatabaseError, "Failed to removeResourceSetting");
- }
-}
-
-
-void AceDAO::setWidgetDevCapSetting(const std::string &resource,
- WidgetHandle handler,
- PreferenceTypes preference)
-{
- Try {
- ScopedTransaction transaction(&AceDaoUtilities::m_databaseInterface);
- // TODO JOIN
- AceDevCap::Row rrow;
- if (!getResourceByUri(resource, rrow)) {
- ThrowMsg(Exception::DatabaseError, "Resource not found");
- }
-
- ACE_DB_INSERT(insert,
- AceWidgetDevCapSetting,
- &AceDaoUtilities::m_databaseInterface);
-
- AceWidgetDevCapSetting::Row row;
- row.Set_app_id(handler);
- int rid = rrow.Get_resource_id();
- row.Set_resource_id(rid);
- row.Set_access_value(preferenceToInt(preference));
- insert->Values(row);
- insert->Execute();
-
- transaction.Commit();
- }
- Catch(DPL::DB::SqlConnection::Exception::Base) {
- ReThrowMsg(Exception::DatabaseError, "Failed to setUserSetting");
- }
-}
-
-void AceDAO::removeWidgetDevCapSetting(const std::string &resource,
- WidgetHandle handler)
-{
- Try {
- ScopedTransaction transaction(&AceDaoUtilities::m_databaseInterface);
- AceDevCap::Row rrow;
- if (!getResourceByUri(resource, rrow)) {
- ThrowMsg(Exception::DatabaseError, "resource not found");
- }
-
- ACE_DB_DELETE(del,
- AceWidgetDevCapSetting,
- &AceDaoUtilities::m_databaseInterface);
-
- Equals<AceWidgetDevCapSetting::app_id> e1(handler);
- Equals<AceWidgetDevCapSetting::resource_id> e2(rrow.Get_resource_id());
- del->Where(And(e1, e2));
- del->Execute();
- transaction.Commit();
- }
- Catch(DPL::DB::SqlConnection::Exception::Base) {
- ReThrowMsg(Exception::DatabaseError, "Failed to clearUserSettings");
- }
-}
-
-
-void AceDAO::setPolicyResult(const BaseAttributeSet &attributes,
- const ExtendedPolicyResult &exResult)
-{
- Try {
- ScopedTransaction transaction(&AceDaoUtilities::m_databaseInterface);
-
- // TODO: this call is connected with logic.
- // It should be moved to PolicyEvaluator
- addAttributes(attributes);
-
- auto attrHash = convertToHash(attributes);
-
- ACE_DB_DELETE(del, AcePolicyResult, &AceDaoUtilities::m_databaseInterface)
- del->Where(Equals<AcePolicyResult::hash>(attrHash));
- del->Execute();
-
- ACE_DB_INSERT(insert, AcePolicyResult, &AceDaoUtilities::m_databaseInterface);
- AcePolicyResult::Row row;
- row.Set_decision(PolicyResult::serialize(exResult.policyResult));
- row.Set_hash(attrHash);
- row.Set_rule_id(exResult.ruleId);
- insert->Values(row);
- insert->Execute();
-
- transaction.Commit();
- }
- Catch(DPL::DB::SqlConnection::Exception::Base) {
- ReThrowMsg(Exception::DatabaseError, "Failed to addVerdict");
- }
-}
-
-void AceDAO::resetDatabase(void)
-{
- Try {
- ScopedTransaction transaction(&AceDaoUtilities::m_databaseInterface);
- ACE_DB_DELETE(del1, AcePolicyResult, &AceDaoUtilities::m_databaseInterface);
- del1->Execute();
- ACE_DB_DELETE(del2, AceWidgetDevCapSetting, &AceDaoUtilities::m_databaseInterface);
- del2->Execute();
- ACE_DB_DELETE(del3, AceDevCap, &AceDaoUtilities::m_databaseInterface);
- del3->Execute();
- ACE_DB_DELETE(del4, AceSubject, &AceDaoUtilities::m_databaseInterface);
- del4->Execute();
- ACE_DB_DELETE(del5, AceAttribute, &AceDaoUtilities::m_databaseInterface);
- del5->Execute();
- ACE_DB_DELETE(del6, AcePromptDecision, &AceDaoUtilities::m_databaseInterface);
- del6->Execute();
-
- transaction.Commit();
-
- // TODO there is no such query yet in ORM.
- // GlobalConnection::DataCommandAutoPtr command =
- // GlobalConnectionSingleton::Instance().PrepareDataCommand(
- // "VACUUM");
- // command->Step();
- }
- Catch(DPL::DB::SqlConnection::Exception::Base) {
- ReThrowMsg(Exception::DatabaseError, "Failed to resetDatabase");
- }
-}
-
-void AceDAO::clearPolicyCache(void)
-{
- Try {
- ScopedTransaction transaction(&AceDaoUtilities::m_databaseInterface);
- ACE_DB_DELETE(del1, AcePolicyResult, &AceDaoUtilities::m_databaseInterface);
- del1->Execute();
- ACE_DB_DELETE(del2, AceAttribute, &AceDaoUtilities::m_databaseInterface);
- del2->Execute();
- ACE_DB_DELETE(del3, AcePromptDecision, &AceDaoUtilities::m_databaseInterface);
- del3->Execute();
-
- transaction.Commit();
- }
- Catch(DPL::DB::SqlConnection::Exception::Base) {
- ReThrowMsg(Exception::DatabaseError, "Failed to clearPolicyCache");
- }
-}
-
-void AceDAO::clearDevCapSettings()
-{
- Try {
- ACE_DB_UPDATE(update, AceDevCap, &AceDaoUtilities::m_databaseInterface);
- AceDevCap::Row row;
- row.Set_general_setting(-1);
- update->Values(row);
- update->Execute();
- }
- Catch(DPL::DB::SqlConnection::Exception::Base) {
- ReThrowMsg(Exception::DatabaseError, "Failed to clearResourceSettings");
- }
-}
-
-void AceDAO::clearWidgetDevCapSettings()
-{
- Try {
- ACE_DB_DELETE(del, AceWidgetDevCapSetting, &AceDaoUtilities::m_databaseInterface);
- del->Execute();
- }
- Catch(DPL::DB::SqlConnection::Exception::Base) {
- ReThrowMsg(Exception::DatabaseError, "Failed to clearUserSettings");
- }
-}
-
-int AceDAO::addResource(const std::string &request)
-{
- LogDebug("addResource: " << request);
- Try {
- ScopedTransaction transaction(&AceDaoUtilities::m_databaseInterface);
- AceDevCap::Row rrow;
- if (getResourceByUri(request, rrow)) {
- transaction.Commit();
- return rrow.Get_resource_id();
- }
-
- ACE_DB_INSERT(insert, AceDevCap, &AceDaoUtilities::m_databaseInterface);
- AceDevCap::Row row;
- row.Set_id_uri(DPL::FromUTF8String(request));
- row.Set_general_setting(-1);
- insert->Values(row);
- int id = insert->Execute();
- transaction.Commit();
- return id;
- }
- Catch(DPL::DB::SqlConnection::Exception::Base) {
- ReThrowMsg(Exception::DatabaseError, "Failed in addResource");
- }
-}
-
-void AceDAO::addAttributes(const BaseAttributeSet &attributes)
-{
- Try {
- BaseAttributeSet::const_iterator iter;
-
- for (iter = attributes.begin(); iter != attributes.end(); ++iter) {
- ACE_DB_SELECT(select, AceAttribute, &AceDaoUtilities::m_databaseInterface);
- select->Where(Equals<AceAttribute::name>(DPL::FromUTF8String(
- *(*iter)->getName())));
- std::list<AceAttribute::Row> rows = select->GetRowList();
- if (!rows.empty()) {
- continue;
- }
-
- ACE_DB_INSERT(insert, AceAttribute, &AceDaoUtilities::m_databaseInterface);
- AceAttribute::Row row;
- row.Set_name(DPL::FromUTF8String(*(*iter)->getName()));
- row.Set_type(attributeTypeToInt((*iter)->getType()));
- insert->Values(row);
- insert->Execute();
- }
- }
- Catch(DPL::DB::SqlConnection::Exception::Base) {
- ReThrowMsg(Exception::DatabaseError, "Failed in addAttributes");
- }
-}
-
-void AceDAO::setRequestedDevCaps(
- WidgetHandle widgetHandle,
- const RequestedDevCapsMap &permissions)
-{
- Try {
- FOREACH(it, permissions) {
- ACE_DB_INSERT(insert, AceRequestedDevCaps,
- &AceDaoUtilities::m_databaseInterface);
- AceRequestedDevCaps::Row row;
- row.Set_app_id(widgetHandle);
- row.Set_dev_cap(it->first);
- row.Set_grant_smack(it->second ? 1 : 0);
- insert->Values(row);
- insert->Execute();
- }
- } Catch(DPL::DB::SqlConnection::Exception::Base) {
- ReThrowMsg(Exception::DatabaseError, "Failed in setStaticDevCapPermissions");
- }
-}
-
-void AceDAO::setAcceptedFeature(
- WidgetHandle widgetHandle,
- const FeatureNameVector &vector)
-{
- Try {
- ScopedTransaction transaction(&AceDaoUtilities::m_databaseInterface);
- FOREACH(it, vector) {
- ACE_DB_INSERT(insert, AceAcceptedFeature,
- &AceDaoUtilities::m_databaseInterface);
- AceAcceptedFeature::Row row;
- row.Set_app_id(widgetHandle);
- row.Set_feature(*it);
- insert->Values(row);
- insert->Execute();
- }
- transaction.Commit();
- } Catch(DPL::DB::SqlConnection::Exception::Base) {
- ReThrowMsg(Exception::DatabaseError, "Failed in setAcceptedFeature");
- }
-}
-
-void AceDAO::removeAcceptedFeature(
- WidgetHandle widgetHandle)
-{
- Try
- {
- ACE_DB_DELETE(del, AceAcceptedFeature,
- &AceDaoUtilities::m_databaseInterface);
- del->Where(Equals<AceAcceptedFeature::app_id>(widgetHandle));
- del->Execute();
- } Catch(DPL::DB::SqlConnection::Exception::Base) {
- ReThrowMsg(Exception::DatabaseError, "Failed in removeAcceptedFeature");
- }
-}
-
-void AceDAO::registerWidgetInfo(WidgetHandle handle,
- const WidgetRegisterInfo& info,
- const WidgetCertificateDataList& dataList)
-{
- Try
- {
- ScopedTransaction transaction(&AceDaoUtilities::m_databaseInterface);
-
- ACE_DB_INSERT(insert, WidgetInfo, &AceDaoUtilities::m_databaseInterface);
- WidgetInfo::Row wi;
- wi.Set_app_id(handle);
- wi.Set_widget_type(static_cast<int>(info.type));
- wi.Set_widget_id(info.widget_id);
- wi.Set_widget_version(info.version);
- wi.Set_author_name(info.authorName);
- wi.Set_share_href(info.shareHref);
- insert->Values(wi);
- insert->Execute();
-
- WidgetCertificateDataList::const_iterator it;
- for (it = dataList.begin(); it != dataList.end(); ++it)
- {
- WidgetCertificateFingerprint::Row wcf;
- wcf.Set_app_id(handle);
- wcf.Set_owner(it->owner);
- wcf.Set_chainid(it->chainId);
- wcf.Set_type(it->type);
- wcf.Set_md5_fingerprint(DPL::FromUTF8String(it->strMD5Fingerprint));
- wcf.Set_sha1_fingerprint(DPL::FromUTF8String(it->strSHA1Fingerprint));
- wcf.Set_common_name(it->strCommonName);
- ACE_DB_INSERT(insert, WidgetCertificateFingerprint, &AceDaoUtilities::m_databaseInterface);
- insert->Values(wcf);
- insert->Execute();
- }
- transaction.Commit();
- } Catch(DPL::DB::SqlConnection::Exception::Base) {
- ReThrowMsg(Exception::DatabaseError, "Failed in registerWidgetInfo");
- }
-}
-
-void AceDAO::unregisterWidgetInfo(WidgetHandle handle)
-{
- if(AceDAO::isWidgetInstalled(handle)) {
- Try
- {
- ACE_DB_DELETE(del, WidgetInfo, &AceDaoUtilities::m_databaseInterface);
- del->Where(Equals<WidgetInfo::app_id>(handle));
- del->Execute();
- } Catch(DPL::DB::SqlConnection::Exception::Base) {
- ReThrowMsg(Exception::DatabaseError, "Failed in unregisterWidgetInfo");
- }
- }
-}
-
-}
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/**
- *
- *
- * @file AceDaoConversions.h
- * @author Krzysztof Jackiewicz (k.jackiewicz@samsung.com)
- * @author Grzegorz Krawczyk (g.krawczyk@samsung.com)
- * @version 0.1
- * @brief
- */
-
-#include <openssl/md5.h>
-#include <dpl/foreach.h>
-
-#include <ace-dao-ro/AceDAOConversions.h>
-
-namespace AceDB {
-
-DPL::String AceDaoConversions::convertToHash(const BaseAttributeSet &attributes)
-{
- unsigned char attrHash[MD5_DIGEST_LENGTH];
- std::string attrString;
- FOREACH(it, attributes) {
- // [CR] implementation of it->toString() is not secure, 24.03.2010
- attrString.append((*it)->toString());
- }
-
- MD5((unsigned char *) attrString.c_str(), attrString.length(), attrHash);
-
- char attrHashCoded[MD5_DIGEST_LENGTH*2 + 1];
- for (int i = 0; i < MD5_DIGEST_LENGTH; ++i) {
- sprintf(&attrHashCoded[i << 1],
- "%02X",
- static_cast<int>(attrHash[i]));
- }
- return DPL::FromASCIIString(attrHashCoded);
-}
-
-
-}
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/**
- *
- *
- * @file AceDAOReadOnlyReadOnly.cpp
- * @author Krzysztof Jackiewicz (k.jackiewicz@samsung.com)
- * @author Grzegorz Krawczyk (g.krawczyk@samsung.com)
- * @version 0.1
- * @brief
- */
-
-#include <list>
-#include <utility>
-
-#include <ace-dao-ro/AceDAOReadOnly.h>
-#include <ace-dao-ro/AceDAOUtilities.h>
-#include <ace-dao-ro/AceDAOConversions.h>
-#include <ace-dao-ro/AceDatabase.h>
-#include <dpl/foreach.h>
-
-using namespace DPL::DB::ORM;
-using namespace DPL::DB::ORM::ace;
-using namespace AceDB::AceDaoUtilities;
-using namespace AceDB::AceDaoConversions;
-
-namespace AceDB {
-
-static const int DB_ALLOW_ALWAYS = 0;
-static const int DB_ALLOW_FOR_SESSION = 1;
-static const int DB_ALLOW_THIS_TIME = 2;
-static const int DB_DENY_ALWAYS = 3;
-static const int DB_DENY_FOR_SESSION = 4;
-static const int DB_DENY_THIS_TIME = 5;
-
-static const int DB_APP_UNKNOWN = 0;
-static const int DB_APP_WAC20 = 1;
-static const int DB_APP_TIZEN = 2;
-
-int AceDAOReadOnly::promptDecisionToInt(PromptDecision decision)
-{
- if (PromptDecision::ALLOW_ALWAYS == decision) {
- return DB_ALLOW_ALWAYS;
- } else if (PromptDecision::DENY_ALWAYS == decision) {
- return DB_DENY_ALWAYS;
- } else if (PromptDecision::ALLOW_THIS_TIME == decision) {
- return DB_ALLOW_THIS_TIME;
- } else if (PromptDecision::DENY_THIS_TIME == decision) {
- return DB_DENY_THIS_TIME;
- } else if (PromptDecision::ALLOW_FOR_SESSION == decision) {
- return DB_ALLOW_FOR_SESSION;
- }
- // DENY_FOR_SESSION
- return DB_DENY_FOR_SESSION;
-}
-
-PromptDecision AceDAOReadOnly::intToPromptDecision(int dec) {
- if (dec == DB_ALLOW_ALWAYS) {
- return PromptDecision::ALLOW_ALWAYS;
- } else if (dec == DB_DENY_ALWAYS) {
- return PromptDecision::DENY_ALWAYS;
- } else if (dec == DB_ALLOW_THIS_TIME) {
- return PromptDecision::ALLOW_THIS_TIME;
- } else if (dec == DB_DENY_THIS_TIME) {
- return PromptDecision::DENY_THIS_TIME;
- } else if (dec == DB_ALLOW_FOR_SESSION) {
- return PromptDecision::ALLOW_FOR_SESSION;
- }
- // DB_DENY_FOR_SESSION
- return PromptDecision::DENY_FOR_SESSION;
-}
-
-int AceDAOReadOnly::appTypeToInt(AppTypes app_type)
-{
- switch (app_type) {
- case AppTypes::Unknown:
- return DB_APP_UNKNOWN;
- case AppTypes::WAC20:
- return DB_APP_WAC20;
- case AppTypes::Tizen:
- return DB_APP_TIZEN;
- default:
- return DB_APP_UNKNOWN;
- }
-
-}
-
-AppTypes AceDAOReadOnly::intToAppType(int app_type)
-{
- switch (app_type) {
- case DB_APP_UNKNOWN:
- return AppTypes::Unknown;
- case DB_APP_WAC20:
- return AppTypes::WAC20;
- case DB_APP_TIZEN:
- return AppTypes::Tizen;
- default:
- return AppTypes::Unknown;
- }
-}
-
-void AceDAOReadOnly::attachToThreadRO()
-{
- AceDaoUtilities::m_databaseInterface.AttachToThread(
- DPL::DB::SqlConnection::Flag::RO);
-}
-
-void AceDAOReadOnly::attachToThreadRW()
-{
- AceDaoUtilities::m_databaseInterface.AttachToThread(
- DPL::DB::SqlConnection::Flag::RW);
-}
-
-void AceDAOReadOnly::detachFromThread()
-{
- AceDaoUtilities::m_databaseInterface.DetachFromThread();
-}
-
-OptionalCachedPromptDecision AceDAOReadOnly::getPromptDecision(
- WidgetHandle widgetHandle,
- int ruleId)
-{
- Try {
- // get matching subject verdict
- ACE_DB_SELECT(select, AcePromptDecision, &AceDaoUtilities::m_databaseInterface);
-
- select->Where(
- And(
- Equals<AcePromptDecision::rule_id>(ruleId),
- Equals<AcePromptDecision::app_id>(widgetHandle)));
-
- std::list<AcePromptDecision::Row> rows = select->GetRowList();
- if (rows.empty()) {
- return OptionalCachedPromptDecision();
- }
-
- AcePromptDecision::Row row = rows.front();
- CachedPromptDecision decision;
- decision.decision = intToPromptDecision(row.Get_decision());
- decision.session = row.Get_session();
-
- return OptionalCachedPromptDecision(decision);
- }
- Catch(DPL::DB::SqlConnection::Exception::Base) {
- ReThrowMsg(Exception::DatabaseError, "Failed to getPromptDecision");
- }
-}
-
-void AceDAOReadOnly::getAttributes(BaseAttributeSet *attributes)
-{
- if (NULL == attributes) {
- LogError("NULL pointer");
- return;
- }
- attributes->clear();
- std::string aname;
- int type;
- Try {
- ACE_DB_SELECT(select, AceAttribute, &AceDaoUtilities::m_databaseInterface);
- typedef std::list<AceAttribute::Row> RowList;
- RowList list = select->GetRowList();
-
- FOREACH(i, list) {
- BaseAttributePtr attribute(new BaseAttribute());
- DPL::String name = i->Get_name();
- aname = DPL::ToUTF8String(name);
- type = i->Get_type();
-
- attribute->setName(&aname);
- attribute->setType(intToAttributeType(type));
- attributes->insert(attribute);
- }
- }
- Catch(DPL::DB::SqlConnection::Exception::Base) {
- ReThrowMsg(Exception::DatabaseError, "Failed to getAttributes");
- }
-}
-
-OptionalExtendedPolicyResult AceDAOReadOnly::getPolicyResult(
- const BaseAttributeSet &attributes)
-{
-
- auto attrHash = convertToHash(attributes);
- return getPolicyResult(attrHash);
-}
-
-OptionalExtendedPolicyResult AceDAOReadOnly::getPolicyResult(
- const DPL::String &attrHash)
-{
- Try {
- // get matching subject verdict
- ACE_DB_SELECT(select, AcePolicyResult, &AceDaoUtilities::m_databaseInterface);
- Equals<AcePolicyResult::hash> e1(attrHash);
- select->Where(e1);
-
- std::list<AcePolicyResult::Row> rows = select->GetRowList();
- if (rows.empty()) {
- return OptionalExtendedPolicyResult();
- }
-
- AcePolicyResult::Row row = rows.front();
- int decision = row.Get_decision();
- ExtendedPolicyResult res;
- res.policyResult = PolicyResult::deserialize(decision);
- res.ruleId = row.Get_rule_id();
- return OptionalExtendedPolicyResult(res);
- }
- Catch(DPL::DB::SqlConnection::Exception::Base) {
- ReThrowMsg(Exception::DatabaseError, "Failed to getVerdict");
- }
-}
-
-PreferenceTypes AceDAOReadOnly::getDevCapSetting(const std::string &resource)
-{
- Try {
- AceDevCap::Row row;
- if (!getResourceByUri(resource, row)) {
- return PreferenceTypes::PREFERENCE_DEFAULT;
- }
- return intToPreference(row.Get_general_setting());
- }
- Catch(DPL::DB::SqlConnection::Exception::Base) {
- ReThrowMsg(Exception::DatabaseError, "Failed to getResourceSetting");
- }
-}
-
-void AceDAOReadOnly::getDevCapSettings(PreferenceTypesMap *globalSettingsMap)
-{
- if (NULL == globalSettingsMap) {
- LogError("Null pointer");
- return;
- }
- globalSettingsMap->clear();
- Try {
- ACE_DB_SELECT(select, AceDevCap, &AceDaoUtilities::m_databaseInterface);
- typedef std::list<AceDevCap::Row> RowList;
- RowList list = select->GetRowList();
-
- FOREACH(i, list) {
- PreferenceTypes p = intToPreference(i->Get_general_setting());
- globalSettingsMap->insert(make_pair(DPL::ToUTF8String(
- i->Get_id_uri()), p));
- }
- }
- Catch(DPL::DB::SqlConnection::Exception::Base) {
- ReThrowMsg(Exception::DatabaseError, "Failed to getResourceSettings");
- }
-}
-
-void AceDAOReadOnly::getWidgetDevCapSettings(BasePermissionList *outputList)
-{
- if (NULL == outputList) {
- LogError("NULL pointer");
- return;
- }
- outputList->clear();
- Try {
- std::string resourceName;
- PreferenceTypes allowAccess;
-
- ACE_DB_SELECT(select,
- AceWidgetDevCapSetting,
- &AceDaoUtilities::m_databaseInterface);
-
- typedef std::list<AceWidgetDevCapSetting::Row> RowList;
- RowList list = select->GetRowList();
-
- // TODO JOIN
- FOREACH(i, list) {
- int app_id = i->Get_app_id();
- int res_id = i->Get_resource_id();
-
- ACE_DB_SELECT(resourceSelect, AceDevCap, &AceDaoUtilities::m_databaseInterface);
- resourceSelect->Where(Equals<AceDevCap::resource_id>(res_id));
- AceDevCap::Row rrow = resourceSelect->GetSingleRow();
-
- resourceName = DPL::ToUTF8String(rrow.Get_id_uri());
-
- if (!resourceName.empty()) {
- allowAccess = intToPreference(i->Get_access_value());
- outputList->push_back(
- BasePermission(app_id,
- resourceName,
- allowAccess));
- }
- }
- }
- Catch(DPL::DB::SqlConnection::Exception::Base) {
- ReThrowMsg(Exception::DatabaseError, "Failed to findUserSettings");
- }
-}
-
-PreferenceTypes AceDAOReadOnly::getWidgetDevCapSetting(
- const std::string &resource,
- WidgetHandle handler)
-{
- Try {
- AceDevCap::Row rrow;
- if (!getResourceByUri(resource, rrow)) {
- return PreferenceTypes::PREFERENCE_DEFAULT;
- }
- int resourceId = rrow.Get_resource_id();
-
- // get matching user setting
- ACE_DB_SELECT(select, AceWidgetDevCapSetting, &AceDaoUtilities::m_databaseInterface);
-
- select->Where(And(Equals<AceWidgetDevCapSetting::resource_id>(resourceId),
- Equals<AceWidgetDevCapSetting::app_id>(handler)));
-
- std::list<int> values =
- select->GetValueList<AceWidgetDevCapSetting::access_value>();
- if (values.empty()) {
- return PreferenceTypes::PREFERENCE_DEFAULT;
- }
- return intToPreference(values.front());
- }
- Catch(DPL::DB::SqlConnection::Exception::Base) {
- ReThrowMsg(Exception::DatabaseError, "Failed in getUserSetting");
- }
-}
-
-void AceDAOReadOnly::getRequestedDevCaps(
- WidgetHandle widgetHandle,
- RequestedDevCapsMap *permissions)
-{
- if (NULL == permissions) {
- LogError("NULL pointer");
- return;
- }
- permissions->clear();
- Try {
- ACE_DB_SELECT(select, AceRequestedDevCaps,
- &AceDaoUtilities::m_databaseInterface);
- select->Where(
- Equals<AceRequestedDevCaps::app_id>(widgetHandle));
- std::list<AceRequestedDevCaps::Row> list = select->GetRowList();
-
- FOREACH(i, list) {
- permissions->insert(std::make_pair(i->Get_dev_cap(),
- i->Get_grant_smack() == 1));
- }
- } Catch(DPL::DB::SqlConnection::Exception::Base) {
- ReThrowMsg(Exception::DatabaseError, "Failed to getRequestedDevCaps");
- }
-}
-
-void AceDAOReadOnly::getAcceptedFeature(
- WidgetHandle widgetHandle,
- FeatureNameVector *fvector)
-{
- if (NULL == fvector) {
- LogError("NULL pointer");
- return;
- }
-
- fvector->clear();
- Try {
- ACE_DB_SELECT(select, AceAcceptedFeature,
- &AceDaoUtilities::m_databaseInterface);
- select->Where(
- Equals<AceAcceptedFeature::app_id>(widgetHandle));
- std::list<AceAcceptedFeature::Row> list = select->GetRowList();
-
- FOREACH(i, list) {
- fvector->push_back(i->Get_feature());
- }
- } Catch(DPL::DB::SqlConnection::Exception::Base) {
- ReThrowMsg(Exception::DatabaseError, "Failed to getRequestedDevCaps");
- }
-}
-
-AppTypes AceDAOReadOnly::getWidgetType(WidgetHandle handle)
-{
- Try {
- ACE_DB_SELECT(select, WidgetInfo, &AceDaoUtilities::m_databaseInterface);
- select->Where(Equals<WidgetInfo::app_id>(handle));
- WidgetInfo::Select::RowList rows = select->GetRowList();
- DPL::OptionalInt res;
- if (!rows.empty()) {
- res = rows.front().Get_widget_type();
- AppTypes retType = (res.IsNull() ? AppTypes::Unknown : static_cast<AppTypes>(*res));
- return retType;
- } else {
- LogDebug("Can not find widget type");
- return AppTypes::Unknown;
- }
- }
- Catch(DPL::DB::SqlConnection::Exception::Base) {
- ReThrowMsg(Exception::DatabaseError, "Failed to getWidgetType");
- }
-}
-
-std::string AceDAOReadOnly::getVersion(WidgetHandle widgetHandle)
-{
- Try
- {
- ACE_DB_SELECT(select, WidgetInfo, &AceDaoUtilities::m_databaseInterface);
- select->Where(Equals<WidgetInfo::app_id>(widgetHandle));
- WidgetInfo::Select::RowList rows = select->GetRowList();
- DPL::OptionalString res;
- if(!rows.empty()) {
- res = rows.front().Get_widget_version();
- return (res.IsNull() ? "" : DPL::ToUTF8String(*res));
- } else {
- LogDebug("Widget not installed");
- return "";
- }
- } Catch(DPL::DB::SqlConnection::Exception::Base) {
- ReThrowMsg(Exception::DatabaseError, "Failed to getVersion");
- }
-}
-
-std::string AceDAOReadOnly::getAuthorName(WidgetHandle widgetHandle)
-{
- Try
- {
- ACE_DB_SELECT(select, WidgetInfo, &AceDaoUtilities::m_databaseInterface);
- select->Where(Equals<WidgetInfo::app_id>(widgetHandle));
- WidgetInfo::Select::RowList rows = select->GetRowList();
- DPL::OptionalString res;
- if(!rows.empty()) {
- res = rows.front().Get_author_name();
- return (res.IsNull() ? "" : DPL::ToUTF8String(*res));
- } else {
- LogDebug("Widget not installed");
- return "";
- }
- } Catch(DPL::DB::SqlConnection::Exception::Base) {
- ReThrowMsg(Exception::DatabaseError, "Failed to getAuthorName");
- }
-}
-
-std::string AceDAOReadOnly::getGUID(WidgetHandle widgetHandle)
-{
- Try
- {
- ACE_DB_SELECT(select, WidgetInfo, &AceDaoUtilities::m_databaseInterface);
- select->Where(Equals<WidgetInfo::app_id>(widgetHandle));
- WidgetInfo::Select::RowList rows = select->GetRowList();
- DPL::OptionalString res;
- if(!rows.empty()) {
- res = rows.front().Get_widget_id();
- return (res.IsNull() ? "" : DPL::ToUTF8String(*res));
- } else {
- LogDebug("Widget not installed");
- return "";
- }
- } Catch(DPL::DB::SqlConnection::Exception::Base) {
- ReThrowMsg(Exception::DatabaseError, "Failed to getGUID");
- }
-}
-
-WidgetCertificateCNList AceDAOReadOnly::getKeyCommonNameList(
- WidgetHandle widgetHandle,
- WidgetCertificateData::Owner owner,
- WidgetCertificateData::Type type)
-{
- Try {
- ACE_DB_SELECT(select, WidgetCertificateFingerprint, &AceDaoUtilities::m_databaseInterface);
- select->Where(And(And(
- Equals<WidgetCertificateFingerprint::app_id>(widgetHandle),
- Equals<WidgetCertificateFingerprint::owner>(owner)),
- Equals<WidgetCertificateFingerprint::type>(type)));
- WidgetCertificateFingerprint::Select::RowList rows = select->GetRowList();
-
- WidgetCertificateCNList out;
- FOREACH(it, rows)
- {
- DPL::Optional<DPL::String> cn = it->Get_common_name();
- out.push_back(cn.IsNull() ? "" : DPL::ToUTF8String(*cn));
- }
- return out;
- }
- Catch(DPL::DB::SqlConnection::Exception::Base) {
- ReThrowMsg(Exception::DatabaseError, "Failed to getKeyCommonNameList");
- }
-}
-
-FingerPrintList AceDAOReadOnly::getKeyFingerprints(
- WidgetHandle widgetHandle,
- WidgetCertificateData::Owner owner,
- WidgetCertificateData::Type type)
-{
- Try
- {
- ACE_DB_SELECT(select, WidgetCertificateFingerprint, &AceDaoUtilities::m_databaseInterface);
- select->Where(And(And(
- Equals<WidgetCertificateFingerprint::app_id>(widgetHandle),
- Equals<WidgetCertificateFingerprint::owner>(owner)),
- Equals<WidgetCertificateFingerprint::type>(type)));
- WidgetCertificateFingerprint::Select::RowList rows = select->GetRowList();
-
- FingerPrintList keys;
- FOREACH(it, rows)
- {
- DPL::Optional<DPL::String> sha1 = it->Get_sha1_fingerprint();
- if (!sha1.IsNull())
- keys.push_back(DPL::ToUTF8String(*sha1));
- DPL::Optional<DPL::String> md5 = it->Get_md5_fingerprint();
- if (!md5.IsNull())
- keys.push_back(DPL::ToUTF8String(*md5));
- }
- return keys;
- }
- Catch(DPL::DB::SqlConnection::Exception::Base) {
- ReThrowMsg(Exception::DatabaseError, "Failed to getKeyFingerprints");
- }
-}
-
-std::string AceDAOReadOnly::getShareHref(WidgetHandle widgetHandle)
-{
- Try
- {
- ACE_DB_SELECT(select, WidgetInfo, &AceDaoUtilities::m_databaseInterface);
- select->Where(Equals<WidgetInfo::app_id>(widgetHandle));
- WidgetInfo::Select::RowList rows = select->GetRowList();
-
- if(rows.empty())
- ThrowMsg(Exception::DatabaseError, "Cannot find widget. Handle: " << widgetHandle);
-
- DPL::Optional<DPL::String> value = rows.front().Get_share_href();
- std::string ret = "";
- if(!value.IsNull())
- ret = DPL::ToUTF8String(*value);
- return ret;
- }
- Catch(DPL::DB::SqlConnection::Exception::Base) {
- ReThrowMsg(Exception::DatabaseError, "Failed to getShareHref");
- }
-}
-
-WidgetHandleList AceDAOReadOnly::getHandleList()
-{
- LogDebug("Getting DbWidgetHandle List");
- Try
- {
- ACE_DB_SELECT(select, WidgetInfo, &AceDaoUtilities::m_databaseInterface);
- return select->GetValueList<WidgetInfo::app_id>();
- }
- Catch(DPL::DB::SqlConnection::Exception::Base) {
- ReThrowMsg(Exception::DatabaseError, "Failed to list of widget handles");
- }
-}
-
-bool AceDAOReadOnly::isWidgetInstalled(WidgetHandle handle)
-{
- Try {
- ACE_DB_SELECT(select, WidgetInfo, &AceDaoUtilities::m_databaseInterface);
- select->Where(Equals<WidgetInfo::app_id>(handle));
- WidgetInfo::Select::RowList rows = select->GetRowList();
- return !rows.empty() ? true : false;
- } Catch(DPL::DB::SqlConnection::Exception::Base) {
- ReThrowMsg(Exception::DatabaseError, "Failed in isWidgetInstalled");
- }
-}
-
-}
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/**
- *
- *
- * @file AceDaoReadOnly.h
- * @author Krzysztof Jackiewicz (k.jackiewicz@samsung.com)
- * @author Grzegorz Krawczyk (g.krawczyk@samsung.com)
- * @version 0.1
- * @brief
- */
-
-#include <openssl/md5.h>
-#include <dpl/assert.h>
-#include <dpl/foreach.h>
-
-#include <ace-dao-ro/AceDatabase.h>
-#include <ace-dao-ro/AceDAOUtilities.h>
-#include <ace-dao-ro/AceDAOReadOnly.h>
-
-namespace AceDB {
-
-namespace {
-const char* ACE_DB_DATABASE = "/opt/dbspace/.ace.db";
-DPL::DB::SqlConnection::Flag::Type ACE_DB_FLAGS =
- DPL::DB::SqlConnection::Flag::UseLucene;
-}
-
-DPL::DB::ThreadDatabaseSupport AceDaoUtilities::m_databaseInterface(
- ACE_DB_DATABASE, ACE_DB_FLAGS);
-
-BaseAttribute::Type AceDaoUtilities::intToAttributeType(int val)
-{
- switch (val) {
- case 0:
- return BaseAttribute::Type::Subject;
- case 1:
- return BaseAttribute::Type::Environment;
- case 2:
- return BaseAttribute::Type::Resource;
- case 3:
- return BaseAttribute::Type::FunctionParam;
- case 4:
- return BaseAttribute::Type::WidgetParam;
-
- default:
- Assert(0 && "Unknown Attribute type value");
- return BaseAttribute::Type::Subject; //remove compilation warrning
- }
-}
-
-int AceDaoUtilities::attributeTypeToInt(BaseAttribute::Type type)
-{
- // we cannot cast enum -> int because this cast will be removed from next c++ standard
- switch (type) {
- case BaseAttribute::Type::Subject:
- return 0;
- case BaseAttribute::Type::Environment:
- return 1;
- case BaseAttribute::Type::Resource:
- return 2;
- case BaseAttribute::Type::FunctionParam:
- return 3;
- case BaseAttribute::Type::WidgetParam:
- return 4;
-
- default:
- Assert(0 && "Unknown Attribute type!");
- return 0; //remove compilation warrning
- }
-}
-
-int AceDaoUtilities::preferenceToInt(PreferenceTypes p)
-{
- switch (p) {
- case PreferenceTypes::PREFERENCE_PERMIT:
- return 1;
- case PreferenceTypes::PREFERENCE_DENY:
- return 0;
- case PreferenceTypes::PREFERENCE_BLANKET_PROMPT:
- return 2;
- case PreferenceTypes::PREFERENCE_SESSION_PROMPT:
- return 3;
- case PreferenceTypes::PREFERENCE_ONE_SHOT_PROMPT:
- return 4;
-
- default:
- return -1;
- }
-}
-
-PreferenceTypes AceDaoUtilities::intToPreference(int p)
-{
- switch (p) {
- case 1:
- return PreferenceTypes::PREFERENCE_PERMIT;
- case 0:
- return PreferenceTypes::PREFERENCE_DENY;
- case 2:
- return PreferenceTypes::PREFERENCE_BLANKET_PROMPT;
- case 3:
- return PreferenceTypes::PREFERENCE_SESSION_PROMPT;
- case 4:
- return PreferenceTypes::PREFERENCE_ONE_SHOT_PROMPT;
-
- default:
- return PreferenceTypes::PREFERENCE_DEFAULT;
- }
-}
-
-VerdictTypes AceDaoUtilities::intToVerdict(int v)
-{
- switch (v) {
- case -1:
- return VerdictTypes::VERDICT_UNKNOWN;
- case 0:
- return VerdictTypes::VERDICT_DENY;
- case 1:
- return VerdictTypes::VERDICT_PERMIT;
- case 2:
- return VerdictTypes::VERDICT_INAPPLICABLE;
-
- default:
- Assert(0 && "Cannot convert int to verdict");
- return VerdictTypes::VERDICT_UNKNOWN; // remove compile warrning
- }
-}
-
-int AceDaoUtilities::verdictToInt(VerdictTypes v)
-{
- switch (v) {
- case VerdictTypes::VERDICT_UNKNOWN:
- return -1;
- case VerdictTypes::VERDICT_DENY:
- return 0;
- case VerdictTypes::VERDICT_PERMIT:
- return 1;
- case VerdictTypes::VERDICT_INAPPLICABLE:
- return 2;
-
- default:
- Assert(0 && "Unknown Verdict value");
- return -1; // remove compile warrning
- }
-}
-
-bool AceDaoUtilities::getSubjectByUri(const std::string &uri,
- DPL::DB::ORM::ace::AceSubject::Row &row)
-{
- using namespace DPL::DB::ORM;
- using namespace DPL::DB::ORM::ace;
- ACE_DB_SELECT(select, AceSubject, &m_databaseInterface);
- select->Where(Equals<AceSubject::id_uri>(DPL::FromUTF8String(uri)));
- std::list<AceSubject::Row> rows = select->GetRowList();
- if (rows.empty()) {
- return false;
- }
-
- row = rows.front();
- return true;
-}
-
-bool AceDaoUtilities::getResourceByUri(const std::string &uri,
- DPL::DB::ORM::ace::AceDevCap::Row &row)
-{
- using namespace DPL::DB::ORM;
- using namespace DPL::DB::ORM::ace;
- ACE_DB_SELECT(select, AceDevCap, &m_databaseInterface);
- select->Where(Equals<AceDevCap::id_uri>(DPL::FromUTF8String(uri)));
- std::list<AceDevCap::Row> rows = select->GetRowList();
- if (rows.empty()) {
- return false;
- }
-
- row = rows.front();
- return true;
-}
-
-
-}
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file AceDatabase.cpp
- * @author Lukasz Marek (l.marek@samsung.com)
- * @version 1.0
- * @brief This file contains the declaration of ace database
- */
-
-#include <ace-dao-ro/AceDatabase.h>
-
-DPL::Mutex g_aceDbQueriesMutex;
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/**
- *
- *
- * @file BaseAttribute.cpp
- * @author Lukasz Marek (l.marek@samsung.com)
- * @version 0.1
- * @brief
- */
-
-#include <sstream>
-#include <string>
-
-#include <ace-dao-ro/BaseAttribute.h>
-
-namespace AceDB {
-
-const char* BaseAttribute::typeToString(Type type)
-{
- const char * ret = NULL;
- switch (type) {
- case Type::Resource:
- ret = "resource";
- break;
- case Type::Subject:
- ret = "subject";
- break;
- case Type::Environment:
- ret = "environment";
- break;
- default:
- ret = "unknown type";
- break;
- }
-
- return ret;
-}
-
-std::string BaseAttribute::toString() const
-{
- std::string ret;
- const char * SEPARATOR = ";";
-
- ret.append(m_name);
- ret.append(SEPARATOR);
- ret.append(typeToString(m_typeId));
- ret.append(SEPARATOR);
- if (m_undetermindState) {
- ret.append("true");
- } else {
- ret.append("false");
- }
- ret.append(SEPARATOR);
- for (std::list<std::string>::const_iterator it = value.begin();
- it != value.end();
- ++it) {
- std::stringstream num;
- num << it->size();
- ret.append(num.str());
- ret.append(SEPARATOR);
- ret.append(*it);
- ret.append(SEPARATOR);
- }
-
- return ret;
-}
-
-}
+++ /dev/null
-
-SET(ACE_DAO_DEPS_LIST
- dpl-efl
- dpl-db-efl
- ecore
- appcore-efl
- openssl
- vconf
- db-util
- libpcrecpp
- icu-uc
- libxml-2.0
- )
-
-PKG_CHECK_MODULES(ACE_DAO_DEPS ${ACE_DAO_DEPS_LIST} REQUIRED)
-
-set(ACE_SRC_DIR ${PROJECT_SOURCE_DIR}/ace/dao)
-
-set(ACE_DAO_RO_SOURCES
- ${ACE_SRC_DIR}/AceDAOReadOnly.cpp
- ${ACE_SRC_DIR}/AceDAOUtilities.cpp
- ${ACE_SRC_DIR}/AceDAOConversions.cpp
- ${ACE_SRC_DIR}/BaseAttribute.cpp
- ${ACE_SRC_DIR}/AceDatabase.cpp
- ${ACE_SRC_DIR}/PromptModel.cpp
-)
-
-set(ACE_DAO_RW_SOURCES
- ${ACE_SRC_DIR}/AceDAO.cpp
-)
-
-INCLUDE_DIRECTORIES(${ACE_SRC_DIR})
-INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/ace/include)
-INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/ace/orm)
-INCLUDE_DIRECTORIES(${ACE_DAO_DEPS_INCLUDE_DIRS})
-
-ADD_LIBRARY(${TARGET_ACE_DAO_RO_LIB} SHARED
- ${ACE_DAO_RO_SOURCES}
-)
-
-SET_TARGET_PROPERTIES(${TARGET_ACE_DAO_RO_LIB} PROPERTIES
- SOVERSION ${API_VERSION}
- VERSION ${VERSION})
-
-SET_TARGET_PROPERTIES(${TARGET_ACE_DAO_RO_LIB} PROPERTIES
- COMPILE_FLAGS -fPIC)
-
-SET_TARGET_PROPERTIES(${TARGET_ACE_DAO_RO_LIB} PROPERTIES
- COMPILE_FLAGS "-include ${CMAKE_BINARY_DIR}/ace/database_checksum_ace.h")
-
-target_link_libraries(${TARGET_ACE_DAO_RO_LIB}
- ${TARGET_DPL_EFL}
- ${TARGET_DPL_DB_EFL}
- ${ACE_DAO_DEPS_LIBRARY}
- ${ACE_DAO_DEPS_LDFLAGS}
-)
-
-ADD_LIBRARY(${TARGET_ACE_DAO_RW_LIB} SHARED
- ${ACE_DAO_RW_SOURCES}
-)
-
-SET_TARGET_PROPERTIES(${TARGET_ACE_DAO_RW_LIB} PROPERTIES
- SOVERSION ${API_VERSION}
- VERSION ${VERSION})
-
-SET_TARGET_PROPERTIES(${TARGET_ACE_DAO_RW_LIB} PROPERTIES
- COMPILE_FLAGS -fPIC)
-
-SET_TARGET_PROPERTIES(${TARGET_ACE_DAO_RW_LIB} PROPERTIES
- COMPILE_FLAGS "-include ${CMAKE_BINARY_DIR}/ace/database_checksum_ace.h")
-
-target_link_libraries(${TARGET_ACE_DAO_RW_LIB}
- ${ACE_DAO_DEPS_LIST_LIBRARIES}
- ${TARGET_ACE_DAO_RO_LIB}
-)
-
-INSTALL(TARGETS ${TARGET_ACE_DAO_RO_LIB}
- DESTINATION lib)
-
-INSTALL(TARGETS ${TARGET_ACE_DAO_RW_LIB}
- DESTINATION lib)
-
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/* @file PromptModel.cpp
- * @author Justyna Mejzner (j.kwiatkowsk@samsung.com)
- * @author Jaroslaw Osmanski (j.osmanski@samsung.com)
- * @version 1.0
- *
- */
-
-#include <ace-dao-ro/PromptModel.h>
-
-#include <algorithm>
-#include <dpl/log/log.h>
-#include <dpl/assert.h>
-
-namespace {
-
-const char INFO[] = "Widget requires access to:";
-const char DENY[] = "Deny";
-const char ALLOW[] = "Permit";
-
-const char BLANKET_CHECKBOX_LABEL[] = "Keep setting as permanent";
-const char SESSION_CHECKBOX_LABEL[] = "Remember for one run";
-
-Prompt::ButtonLabels aceQuestionLabel = {DENY, ALLOW};
-
-static Prompt::PromptLabels* getModel(
- Prompt::PromptModel::PromptType promptType,
- const std::string& resourceId)
-{
- std::string strLabel;
- strLabel = INFO;
- strLabel += "<br>";
- strLabel += resourceId;
-
- return new Prompt::PromptLabels(promptType, aceQuestionLabel, strLabel);
-}
-
-Prompt::Validity fromPromptTypeToValidity(int aPromptType, bool checkClicked)
-{
- using namespace Prompt;
- PromptModel::PromptType promptTypeEnum =
- static_cast<PromptModel::PromptType>(aPromptType);
- switch (promptTypeEnum) {
- case PromptModel::PROMPT_ONESHOT:
- return Validity::ONCE;
- case PromptModel::PROMPT_SESSION:
- if (checkClicked)
- {
- return Validity::SESSION;
- }
- else
- {
- return Validity::ONCE;
- }
- case PromptModel::PROMPT_BLANKET:
- if (checkClicked)
- {
- return Validity::ALWAYS;
- }
- else
- {
- return Validity::ONCE;
- }
- default:
- Assert(0);
- return Validity::ONCE;
- }
-}
-} // namespace anonymous
-
-namespace Prompt {
-
-
-PromptLabels::PromptLabels(int promptType,
- const Prompt::ButtonLabels& questionLabel,
- const std::string& mainLabel) :
- m_promptType(promptType),
- m_buttonLabels(questionLabel),
- m_mainLabel(mainLabel)
-{
-
-}
-
-int PromptLabels::getPromptType() const
-{
- return m_promptType;
-}
-const ButtonLabels& PromptLabels::getButtonLabels() const
-{
- return m_buttonLabels;
-}
-const std::string& PromptLabels::getMainLabel() const
-{
- return m_mainLabel;
-}
-
-DPL::OptionalString PromptLabels::getCheckLabel() const
-{
- if (PromptModel::PROMPT_BLANKET == m_promptType)
- {
- return DPL::OptionalString(
- DPL::FromUTF8String(BLANKET_CHECKBOX_LABEL));
- }
- else if (PromptModel::PROMPT_SESSION == m_promptType)
- {
- return DPL::OptionalString(
- DPL::FromUTF8String(SESSION_CHECKBOX_LABEL));
- }
-
- return DPL::OptionalString::Null;
-}
-
-bool PromptLabels::isAllowed(const size_t buttonClicked) const
-{
- Assert(buttonClicked < aceQuestionLabel.size() &&
- "Button Clicked number is not in range of questionLabel");
-
- return aceQuestionLabel[buttonClicked] == ALLOW;
-}
-
-PromptAnswer::PromptAnswer(bool isAccessAllowed, Validity validity) :
- m_isAccessAllowed(isAccessAllowed),
- m_validity(validity)
-{
-
-}
-
-PromptAnswer::PromptAnswer(
- int aPromptType, unsigned int buttonAns, bool checkAns)
-{
- Assert(buttonAns < aceQuestionLabel.size() &&
- "Button Clicked number is not in range of questionLabel");
-
- m_isAccessAllowed = aceQuestionLabel[buttonAns] == ALLOW;
- m_validity = fromPromptTypeToValidity(aPromptType, checkAns);
-}
-
-bool PromptAnswer::isAccessAllowed() const
-{
- return m_isAccessAllowed;
-}
-
-Validity PromptAnswer::getValidity() const
-{
- return m_validity;
-}
-
-PromptLabels* PromptModel::getOneShotModel(const std::string& resourceId)
-{
- return getModel(PROMPT_ONESHOT, resourceId);
-}
-
-PromptLabels* PromptModel::getSessionModel(const std::string& resourceId)
-{
- return getModel(PROMPT_SESSION, resourceId);
-}
-
-PromptLabels* PromptModel::getBlanketModel(const std::string& resourceId)
-{
- return getModel(PROMPT_BLANKET, resourceId);
-}
-
-
-} // Prompt
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#include <fnmatch.h>
-#include <pcrecpp.h>
-#include <sstream>
-#include <dpl/foreach.h>
-#include <dpl/log/log.h>
-#include <ace/Attribute.h>
-
-const bool Attribute::alpha[256] = {
- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
- 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 0, 0, 0, 0,
- 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
- 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 0, 0, 0, 0
-};
-const bool Attribute::digit[256] = {
- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
- 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 0, 0, 0, 0, 0
-};
-
-const bool Attribute::mark[256] = {
- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 1, 0, 0, 0, 0, 0, 1, 1, 1, 1, 0, 0, 1, 1, 0,
- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1,
- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0
-};
-
-bool Attribute::searchAndCut(const char *str)
-{
- //TODO
- size_t pos = m_name.rfind(str);
- if (pos == std::string::npos) {
- return false;
- }
- if ((strlen(str) + pos) == m_name.size()) {
- m_name.erase(pos, std::string::npos);
- return true;
- }
- return false;
-}
-
-Attribute::Attribute(const std::string *name,
- const Match matchFunc,
- const Type type_) :
- matchFunction(matchFunc)
-{
- m_name = *name;
- m_typeId = type_;
- m_undetermindState = false;
- if (matchFunction != Match::Equal
- && matchFunction != Match::Glob
- && matchFunction != Match::Regexp)
- {
- //LogDebug("MID: " << matchFunction);
- Assert(0 && "Match function problem");
- }
-
- if (searchAndCut(".scheme")) {
- modifierFunction = Modifier::Scheme;
- } else if (searchAndCut(".authority")) {
- modifierFunction = Modifier::Authority;
- } else if (searchAndCut(".scheme-authority")) {
- modifierFunction = Modifier::SchemeAuthority;
- } else if (searchAndCut(".host")) {
- modifierFunction = Modifier::Host;
- } else if (searchAndCut(".path")) {
- modifierFunction = Modifier::Path;
- } else {
- modifierFunction = Modifier::Non;
- }
-}
-
-static Attribute::MatchResult equal_comparator(const std::string *first,
- const std::string *second)
-{
- if((*first) == (*second)) {
- return Attribute::MatchResult::MRTrue;
- }
- return Attribute::MatchResult::MRFalse;
-}
-
-static Attribute::MatchResult glob_comparator(const std::string *first,
- const std::string *second)
-{
- // order is important
- if (!fnmatch(first->c_str(), second->c_str(), 0)) {
- return Attribute::MatchResult::MRTrue;
- }
- return Attribute::MatchResult::MRFalse;
-}
-
-static Attribute::MatchResult regexp_comparator(const std::string *first,
- const std::string *second)
-{
- // order is important
- pcrecpp::RE re(first->c_str());
- if (re.FullMatch(second->c_str())) {
- return Attribute::MatchResult::MRTrue;
- }
- return Attribute::MatchResult::MRFalse;
-}
-
-Attribute::MatchResult Attribute::lists_comparator(
- const std::list<std::string> *first,
- const std::list<std::string> *second,
- Attribute::MatchResult (*comparator)(const std::string *,
- const std::string *)) const
-{
- //NOTE: BONDI defines all availabe matching function as: if some string from first input bag
- //matches some input string from second input bag, so it's required to find only one matching string
- MatchResult result = MatchResult::MRFalse;
-
- for (std::list<std::string>::const_iterator second_iter = second->begin();
- (second_iter != second->end()) && (result != MatchResult::MRTrue);
- ++second_iter)
- {
- std::string *modified_value = applyModifierFunction(&(*second_iter));
- //Value was not an URI, it will be removed from the string bag (ignored)
- if (modified_value == NULL) {
- continue;
- }
-
- for (std::list<std::string>::const_iterator first_iter = first->begin();
- first_iter != first->end();
- ++first_iter) {
- //Compare attributes
- if ((*comparator)(&(*first_iter), modified_value) == MatchResult::MRTrue) {
- result = MatchResult::MRTrue;
- break; //Only one match is enough
- }
- }
- if (modified_value) {
- delete modified_value;
- modified_value = NULL;
- }
- }
-
- if (result == MatchResult::MRTrue) {
- LogDebug("Returning TRUE");
- } else if (result == MatchResult::MRFalse) {
- LogDebug("Returning FALSE");
- } else if (result == MatchResult::MRUndetermined) {
- LogDebug("Returning UNDETERMINED");
- }
- return result;
-}
-
-std::string * Attribute::applyModifierFunction(const std::string * val) const
-{
- std::string * result = NULL;
- switch (modifierFunction) {
- case Modifier::Scheme:
- result = uriScheme(val);
- break;
- case Modifier::Authority:
- result = uriAuthority(val);
- break;
- case Modifier::SchemeAuthority:
- result = uriSchemeAuthority(val);
- break;
- case Modifier::Host:
- result = uriHost(val);
- break;
- case Modifier::Path:
- result = uriPath(val);
- break;
- default:
- result = new std::string(*val);
- }
-
- return result;
-}
-
-/**
- * this - attribute obtained from xmlPolicy tree
- * attribute - attribute obtained from PIP
- */
-Attribute::MatchResult Attribute::matchAttributes(
- const BaseAttribute *attribute) const
-{
- std::string tempNam = *(attribute->getName());
- std::string tempVal;
- std::string myVal;
-
- if (!(attribute->getValue()->empty())) {
- tempVal = attribute->getValue()->front();
- }
-
- if (!(this->value.empty())) {
- myVal = this->value.front();
- }
-
- LogDebug("Comparing attribute: " << this->m_name << "(" <<
- myVal << ") with: " << tempNam <<
- "(" << tempVal << ")");
-
- Assert(
- (this->m_name == *(attribute->getName())) &&
- "Two completely different attributes are being compared!");
- Assert(
- (this->m_typeId == attribute->getType()) &&
- "Two completely different attributes are being compared!");
-
- if (attribute->isUndetermind()) {
- LogDebug("Attribute match undetermined");
- return MatchResult::MRUndetermined;
- }
-
- //Regardles the algorithm used, if we have empty
- //bag the result is always false
- if (this->isValueEmpty() || attribute->isValueEmpty()) {
- if (this->isValueEmpty()) {
- LogDebug("empty bag in condition comparing");
- }
- if (attribute->isValueEmpty()) {
- LogDebug("empty bag in attribute comparing");
- }
- return MatchResult::MRFalse;
- }
-
- if (this->matchFunction == Match::Equal) {
- return lists_comparator(&(this->value),
- attribute->getValue(),
- equal_comparator);
- } else if (this->matchFunction == Match::Glob) {
- return lists_comparator(&(this->value),
- attribute->getValue(),
- glob_comparator);
- } else if (this->matchFunction == Match::Regexp) {
- return lists_comparator(&(this->value),
- attribute->getValue(),
- regexp_comparator);
- } //[CR] Change to Assert
- Assert(false && " ** Critical :: no match function selected!");
- return MatchResult::MRFalse; // to remove compilator warning
-}
-
-void Attribute::addValue(const std::string *val)
-{
- this->getValue()->push_back(*val);
-}
-
-std::ostream & operator<<(std::ostream & out,
- const Attribute & attr)
-{
- out << "attr: m_name: " << *(attr.getName())
- << " type: " << Attribute::typeToString(attr.getType())
- << " value: ";
- if (attr.m_undetermindState) {
- out << "Undetermined";
- } else if (attr.getValue()->empty()) {
- out << "Empty string bag";
- } else {
- FOREACH (it, *attr.getValue()) {
- out << *it;
- }
- }
- return out;
-}
-
-bool
-Attribute::parse(const std::string *input,
- std::string *val) const
-{
- static const char *pattern =
- "^(([^:/?#]+):)?(//([^/?#]*))?([^?#]*)(\\?([^#]*))?(#(.*))?";
- pcrecpp::RE re(pattern);
- re.FullMatch(input->c_str(), &val[0], &val[1],
- &val[2], &val[3], &val[4],
- &val[5], &val[6], &val[7], &val[8]);
-
-#ifdef ALL_LOGS
- for (int i = 0; i < 9; i++) {
- LogDebug("val " << i << " :" << val[i]);
- }
-#endif
-
- if (find_error(val)) {
- LogDebug("Input is not an URI " << *input);
- for (int i = 0; i < 9; ++i) {
- val[i].clear();
- }
- return false;
- }
-
- return true;
-}
-
-Attribute::~Attribute()
-{
-}
-
-std::string * Attribute::uriScheme(const std::string *input) const
-{
- std::string part[9];
- if (!parse(input, part)) {
- return NULL;
- }
- return new string(part[1]);
-}
-
-std::string *
-Attribute::uriAuthority(const std::string *input) const
-{
- std::string part[9];
- if (!parse(input, part)) {
- return NULL;
- }
- return new string(part[3]);
-}
-
-std::string *
-Attribute::uriSchemeAuthority(const std::string *input) const
-{
- std::string part[9];
- if (!parse(input, part)) {
- return NULL;
- }
-
- if (part[0].size() == 0 || part[2].size() == 0) {
- return new std::string();
- }
- return new string(part[0] + part[2]);
-}
-
-std::string *
-Attribute::uriHost(const std::string *input) const
-{
- std::string part[9];
- if (!parse(input, part)) {
- return NULL;
- }
- return getHost(&(part[3]));
-}
-
-std::string *
-Attribute::uriPath(const std::string *input) const
-{
- //TODO right now uriPath leaves leading '/' in uri, this slash is removed from the string
- //it's not clear if leading '/' is a part of path component or only the separator
- std::string part[9];
- if (!parse(input, part)) {
- return NULL;
- }
-
- std::string * temp = NULL;
-
- if (part[4].at(0) == '/') {
- temp = new string(part[4].substr(1, part[4].length() - 1));
- } else {
- temp = new string(part[4]);
- }
-
- return temp;
-}
-
-bool Attribute::find_error(const std::string *tab) const
-{
- //We are checking tab[1] which contains scheme without ':' at the end
- if (!checkScheme(&(tab[1]))) {
- LogDebug("Check scheme failed, URI is invalid");
- return true; //error found
- }
- if (!checkAuthority(&(tab[3]))) {
- LogDebug("Check authority failed, URI is invalid");
- return true; //error found
- }
-
- if (!checkPath(&(tab[4]))) {
- LogDebug("Check path failed, URI is invalid");
- return true; //error found
- }
-
- return false;
-}
-
-bool Attribute::checkScheme(const std::string *part) const
-{
- Assert(part != NULL && "Checking NULLable string. This should never happen");
-
- bool result = true;
-
- //TODO change part->at to data=part->c_str()
- //TODO can scheme be empty? In absolute URI no, in relative URI yes
- if (part->empty()) {
- //Empty string is a correct schema
- result = true;
- } else if (alpha[(int) (part->at(0))] == 0) {
- result = false; // First scheme character must be alpha
- } else {
- // rest must be alpha or digit or '+' or '-' or '.'
- for (unsigned int i = 1; i < part->size(); ++i) {
- int c = static_cast<int>(part->at(i));
- if (!isSchemeAllowedCharacter(c)) {
- result = false;
- break;
- }
- }
- }
- return result;
-}
-
-bool Attribute::checkAuthority(const std::string *part) const
-{
- Assert(part != NULL && "Checking NULLable string. This should never happen");
-
- //Server is a subset of reg_m_names so here we only check if authority matches reg_m_name
- //Additional check if authority is a valid 'server' component is done in getHost
- if (part->empty()) {
- return true; //empty authority is valid uri
- }
- bool result = true;
-
- const char * data = part->c_str();
- for (size_t i = 0; i < part->length(); ++i) {
- int c = (int) data[i];
- if (isUnreserved(c)) {
- continue;
- }
- if (c == '$') {
- continue;
- }
- if (c == ',') {
- continue;
- }
- if (c == ';') {
- continue;
- }
- if (c == ':') {
- continue;
- }
- if (c == '@') {
- continue;
- }
- if (c == '&') {
- continue;
- }
- if (c == '=') {
- continue;
- }
- if (c == '+') {
- continue;
- }
- if (c == '%') {
- if (isEscaped(data + i)) {
- i += 2; //rewind the two escaped characters
- continue;
- }
- }
- result = false;
- break;
- }
-
- return result;
-}
-
-std::string * Attribute::getHost(const std::string *part) const
-{
- if (part->empty()) {
- return new std::string("");
- }
-
- //Check userinfo
- size_t userInfoPos = part->find("@");
- if (userInfoPos != std::string::npos) {
- std::string data = part->substr(0, userInfoPos);
- if (!isUserInfoAllowedString(&data)) {
- return new string(""); //the authority is not composed of 'server' part
- }
- }
-
- std::string host;
- //If we use host modifier then authority is composed of 'server' part so
- //the port must contain only digits
- size_t portPos = part->find(":");
- if (portPos != std::string::npos) {
- for (unsigned int i = portPos + 1; i < part->size(); ++i) {
- if (!digit[(int) part->at(i)]) {
- return new string(""); //the authority is not composed of 'server' part
- }
- }
- host = part->substr(userInfoPos + 1, portPos - (userInfoPos + 1));
- } else {
- host = part->substr(userInfoPos + 1, part->length() - (userInfoPos + 1));
- }
-
- if (!isHostAllowedString(&host)) {
- //Even if the string is not allowed for host this can still be a valid uri
- return new string("");
- }
-
- return new std::string(host);
-}
-
-bool Attribute::checkPath(const std::string *part) const
-{
- bool result = true;
-
- const char * data = part->c_str();
-
- for (unsigned int i = 0; i < part->size(); ++i) {
- int c = data[i];
- if (c == '/') {
- //If we found slash then the next character must be a part of segment
- //It cannot be '/' so we have to check it immediately
- i++;
- c = data[i];
- if (!isSegmentAllowedCharacter(c)) {
- result = false;
- break;
- }
- } else if (c == ';') {
- //Start param part of segment
- i++; //Param can be empty so we don't have to check what's right after semicolon
- continue;
- } else if (c == '%') {
- //We have to handle escaped characters differently than other segment allowed characters
- //because we need an array
- if (isEscaped(data + i)) {
- i += 2;
- } else {
- result = false;
- break;
- }
- } else {
- if (!isSegmentAllowedCharacter(c)) {
- result = false;
- break;
- }
- }
- }
-
- return result;
-}
-
-bool Attribute::isSchemeAllowedCharacter(int c) const
-{
- bool result = false;
- if (isAlphanum(c)) {
- result = true;
- } else if (c == '+') {
- result = true;
- } else if (c == '-') {
- result = true;
- } else if (c == '.') {
- result = true;
- }
-
- return result;
-}
-
-bool Attribute::isSegmentAllowedCharacter(int c) const
-{
- bool result = true;
-
- // LogDebug("Checking is segment allowed for char "<<(char)c);
-
- if (isUnreserved(c)) { //do nothing, result = true
- } else if (c == ':') { //do nothing, result = true
- } else if (c == '@') { //do nothing, result = true
- } else if (c == '&') { //do nothing, result = true
- } else if (c == '=') { //do nothing, result = true
- } else if (c == '+') { //do nothing, result = true
- } else if (c == '$') { //do nothing, result = true
- } else if (c == ',') { //do nothing, result = true
- } else {
- result = false;
- }
-
- return result;
-}
-
-bool Attribute::isUserInfoAllowedString(const std::string * str) const
-{
- bool result = false;
-
- const char * data = str->c_str();
-
- for (unsigned int i = 0; i < str->length(); ++i) {
- int c = data[i];
- if (isUnreserved(c)) {
- result = true;
- } else if (c == '%') {
- //isEsacped method checks if we don't cross array bounds, so we can
- //safely give data[i] here
- result = isEscaped((data + i));
- if (result == false) {
- break;
- }
- i += 2; //rewind the next two characters sEsacped method checks if we don't cross array bounds, so we can safely rewind
- } else if (c == ',') {
- result = true;
- } else if (c == '$') {
- result = true;
- } else if (c == '+') {
- result = true;
- } else if (c == '=') {
- result = true;
- } else if (c == '&') {
- result = true;
- } else if (c == '@') {
- result = true;
- } else if (c == ':') {
- result = true;
- }
- }
- return result;
-}
-
-bool Attribute::isUnreserved(int c) const
-{
- return isAlphanum(c) || mark[c];
-}
-
-bool Attribute::isAlphanum(int c) const
-{
- return alpha[c] || digit[c];
-}
-
-bool Attribute::isHex(int c) const
-{
- bool result = false;
-
- if (digit[c]) {
- result = true;
- } else if (c == 'A') {
- result = true;
- } else if (c == 'B') {
- result = true;
- } else if (c == 'C') {
- result = true;
- } else if (c == 'D') {
- result = true;
- } else if (c == 'E') {
- result = true;
- } else if (c == 'F') {
- result = true;
- } else if (c == 'a') {
- result = true;
- } else if (c == 'b') {
- result = true;
- } else if (c == 'c') {
- result = true;
- } else if (c == 'd') {
- result = true;
- } else if (c == 'e') {
- result = true;
- } else if (c == 'f') {
- result = true;
- }
-
- return result;
-}
-
-bool Attribute::isEscaped(const char esc[3]) const
-{
- if (esc == NULL) {
- return false;
- }
-
- if ((esc[0] == 0) || (esc[1] == 0) || (esc[2] == 0)) {
- //We get an array that seems to be out of bounds.
- //To be on the safe side return here
- LogDebug("HEX NULLS");
- return false;
- }
-
- if (esc[0] != '%') {
- LogDebug(
- "Error: first character of escaped value must be a precent but is "
- <<
- esc[0]);
- return false;
- }
-
-#ifdef ALL_LOGS
- for (int i = 0; i < 3; i++) {
- LogDebug("HEX " << esc[i]);
- }
-#endif
- return isHex((int) esc[1]) && isHex((int) esc[2]);
-}
-
-bool Attribute::isHostAllowedString(const std::string * str) const
-{
- bool result = true;
-
- if (digit[(int) str->at(0)]) {
- //IPv4 address
- result = isIPv4AllowedString(str);
- } else {
- //Hostname
- result = isHostNameAllowedString(str);
- }
-
- return result;
-}
-
-bool Attribute::isIPv4AllowedString(const std::string * str) const
-{
- LogDebug("Is hostIPv4 allowed String for " << *str);
-
- const char * data = str->c_str();
- bool result = true;
- int digitCounter = 0;
- int dotCounter = 0;
-
- for (unsigned int i = 0; i < str->length(); ++i) {
- if (data[i] == '.') {
- dotCounter++;
- digitCounter = 0;
- } else if (digit[(int) data[i]]) {
- digitCounter++;
- if ((digitCounter > 3) || !digitCounter) {
- result = false;
- break;
- }
- } else {
- result = false;
- break;
- }
- }
- if (dotCounter != 3) {
- result = false;
- }
- return result;
-}
-
-bool Attribute::isHostNameAllowedString(const std::string * str) const
-{
- LogDebug("Is hostname allowed String for " << *str);
-
- int lastPosition = 0; //the position of last dot + 1
- const char * data = str->c_str();
- bool finalDot = false;
- size_t end = str->length();
- bool result = false;
-
- for (size_t i = 0; i < end; ++i) {
- if (data[i] == '.') {
- if (i == str->length() - 1) { //ending dot
- //There can be a leading '.' int the hostm_name
- finalDot = true;
- break;
- } else {
- //we found domain label
- if (!isDomainLabelAllowedString(data + lastPosition, i -
- lastPosition)) {
- result = false;
- goto end;
- }
- lastPosition = i + 1; //Set position to position of last dot + 1
- }
- }
- }
-
- if (finalDot) {
- //we have to rewind one position to check the rightmost string
- //but only in case we find final dot
- end--;
- }
- //Compare only the rightmost string aaa.bbbb.rightmostString.
- result = isTopLabelAllowedString(data + lastPosition, end - lastPosition);
-
-end:
-
- if (result) {
- LogInfo("Hostname is allowed");
- } else {
- LogInfo("Hostname is NOT allowed");
- }
-
- return result;
-}
-
-bool Attribute::isDomainLabelAllowedString(const char * data,
- int length) const
-{
- LogDebug(
- "Is domain allowed String for " << data << " taking first " <<
- length <<
- " chars");
-
- if (!isAlphanum((int) data[0]) || !isAlphanum((int) data[length - 1])) {
- return false;
- }
-
- for (int i = 0; i < length; i++) {
- if ((!isAlphanum(data[i])) && !(data[i] == '-')) {
- return false;
- }
- }
- return true;
-}
-
-bool Attribute::isTopLabelAllowedString(const char * data,
- int length) const
-{
- if ((!alpha[(int) data[0]]) || (!isAlphanum((int) data[length - 1]))) {
- return false;
- }
-
- for (int i = 1; i < length - 1; i++) {
- if ((!isAlphanum(data[i])) && !(data[i] == '-')) {
- return false;
- }
- }
- return true;
-}
-
-void printAttributes(const AttributeSet& attrs)
-{
- if (attrs.empty()) {
- LogWarning("Empty attribute set");
- } else {
- LogDebug("PRINT ATTRIBUTES:");
- for (AttributeSet::const_iterator it = attrs.begin();
- it != attrs.end();
- ++it)
- {
- LogDebug("name: " << *(*it)->getName());
- }
- }
-}
-
-void printAttributes(const std::list<Attribute> & attrs)
-{
- if (attrs.empty()) {
- LogWarning("Empty attribute set");
- } else {
- LogDebug("PRINT ATTRIBUTES:");
- for (std::list<Attribute>::const_iterator it = attrs.begin();
- it != attrs.end();
- ++it
- ) {
- LogDebug(*it);
- }
- }
-}
-
-//KW const char * matchResultToString(Attribute::MatchResult result){
-//KW
-//KW const char * ret = NULL;
-//KW
-//KW switch(result){
-//KW
-//KW case Attribute::MRTrue:
-//KW ret = "true";
-//KW break;
-//KW case Attribute::MRFalse:
-//KW ret = "false";
-//KW break;
-//KW case Attribute::MRUndetermined:
-//KW ret = "undetermined";
-//KW break;
-//KW default:
-//KW ret = "Wrong match result";
-//KW }
-//KW
-//KW return ret;
-//KW
-//KW }
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-//
-//
-//
-// @ Project : Access Control Engine
-// @ File Name : CombinerImpl.cpp
-// @ Date : 2009-05-06
-// @ Author : Samsung
-//
-//
-
-#include <dpl/log/log.h>
-#include <dpl/assert.h>
-#include <dpl/foreach.h>
-
-#include <ace/CombinerImpl.h>
-#include <ace/Rule.h>
-#include <ace/Policy.h>
-
-namespace {
-
-bool denyOverridesPredecessor(
- const ExtendedEffect &first,
- const ExtendedEffect &second)
-{
- if (first.getEffect() == second.getEffect())
- return first.getRuleId() < second.getRuleId();
- return first.getEffect() < second.getEffect();
-}
-
-bool permitOverridePredecessor(
- const ExtendedEffect &first,
- const ExtendedEffect &second)
-{
- if (first.getEffect() == second.getEffect())
- return first.getRuleId() < second.getRuleId();
- return first.getEffect() > second.getEffect();
-}
-
-} //anonymous namespace
-
-ExtendedEffect CombinerImpl::denyOverrides(const ExtendedEffectList &effects)
-{
- if (isError(effects)) {
- return Error;
- }
-
- ExtendedEffect result(Inapplicable);
-
- FOREACH(it, effects) {
- if (denyOverridesPredecessor(*it, result)) {
- result = *it;
- }
- }
- return result;
-}
-
-ExtendedEffect CombinerImpl::permitOverrides(const ExtendedEffectList &effects)
-{
- if (isError(effects)) {
- return Error;
- }
-
- // This magic number must be bigger that the bigest ruleId number from policy file.
- ExtendedEffect result(Deny, 999999);
-
- //Flag used to indicate that any of Deny,prompt-*,permit options appear
- //Consequently if flag is true then result should be return, otherwise inapplicable should be returned
- bool flag = false;
- bool flagUndetermined = false;
-
- FOREACH(it,effects) {
- ExtendedEffect effect = *it;
-
- if (effect.getEffect() == Permit) {
- return effect;
- } // no need for further check if "permit" found
- if (effect.getEffect() == Undetermined) {
- flagUndetermined = true;
- } //check for undetermined
-
- //Set the flag and the result even if effect is equal to result
- //It is done to mark if any "Deny" effect occured
- if (permitOverridePredecessor(effect, result)
- && effect.getEffect() != Inapplicable
- && effect.getEffect() != Undetermined)
- {
- result = effect;
- flag = true;
- }
- }
-
- if (flagUndetermined) {
- return ExtendedEffect(Undetermined);
- }
-
- if (!flag) {
- return ExtendedEffect(Inapplicable);
- }
- return result;
-}
-
-ExtendedEffect CombinerImpl::firstApplicable(
- const ExtendedEffectList & effects)
-{
- if (isError(effects)) {
- return Error;
- }
-
- FOREACH(it,effects) {
- if (it->getEffect() != Inapplicable) {
- return *it;
- }
- }
- return Inapplicable;
-}
-
-ExtendedEffect CombinerImpl::firstMatchingTarget(
- const ExtendedEffectList &effects)
-{
- if (isError(effects)) {
- return Error;
- }
- // effect list constains result of policies which target has been matched.
- //
- // If target does not match policy result is NotMatchingTarget
- // NotMatchingTarget values are not stored on the effects list
- // (you can check it in combinePolicies function).
- //
- // So we are intrested in first value on the list.
- return effects.empty() ? Inapplicable : effects.front();
-}
-
-bool CombinerImpl::isError(const ExtendedEffectList &effects)
-{
- FOREACH(it, effects)
- {
- if (Error == it->getEffect()) {
- return true;
- }
- }
- return false;
-}
-
-ExtendedEffect CombinerImpl::combineRules(const TreeNode * policy)
-{
- const Policy * policyObj = dynamic_cast<const Policy *>(policy->getElement());
- if (!policyObj) {
- LogError("dynamic_cast failed. PolicyObj is null.");
- return Error;
- }
-
- Policy::CombineAlgorithm algorithm = policyObj->getCombineAlgorithm();
-
- Assert(
- algorithm != Policy::FirstTargetMatching &&
- "Policy cannot have algorithm first target matching");
-
- bool isUndetermined = false;
-
- if (!checkIfTargetMatches(policyObj->getSubjects(), isUndetermined)) {
- if (isUndetermined) {
- //TODO Target is undetermined what should we do now ??
- //Right now simply return NotMatchingTarget
- }
- //Target doesn't match
- return NotMatchingTarget;
- }
- //Get all rules
- const ChildrenSet & children = policy->getChildrenSet();
- ChildrenConstIterator it = children.begin();
- ExtendedEffectList effects;
-
- while (it != children.end()) {
- const Rule * rule = dynamic_cast<const Rule *>((*it)->getElement());
-
- if (!rule) {
- LogError("Error in dynamic_cast. rule is null");
- return ExtendedEffect(Error);
- }
-
- ExtendedEffect effect = rule->evaluateRule(this->getAttributeSet());
- effects.push_back(effect);
- if (algorithm == Policy::FirstApplicable && effect.getEffect() != Inapplicable) {
- //For first applicable algorithm we may stop after evaluating first policy
- //which has effect other than inapplicable
- break;
- }
- ++it;
- } //end policy children iteration
-
- //Use combining algorithm
- ExtendedEffect ef = combine(policyObj->getCombineAlgorithm(), effects);
- return ef;
-}
-
-//WARNING this method makes an assumption that Policy target is a policy child
-ExtendedEffect CombinerImpl::combinePolicies(const TreeNode * policy)
-{
- const Policy * policySet = dynamic_cast<const Policy *>(policy->getElement());
-
- if (!policySet) {
- LogError("dynamic_cast failed. Policy set is null.");
- return Error;
- }
-
- bool isUndetermined = false;
- Policy::CombineAlgorithm algorithm = policySet->getCombineAlgorithm();
-
- if (!checkIfTargetMatches(policySet->getSubjects(), isUndetermined)) {
- /* I can't explain this...
- if (isUndetermined) {
- if (algorithm == Policy::FirstTargetMatching) {
- return Undetermined;
- }
- }
- */
- //Target doesn't match
- return NotMatchingTarget;
- }
-
- const ChildrenSet & children = policy->getChildrenSet();
-
- ExtendedEffectList effects;
-
- FOREACH(it, children) {
- ExtendedEffect effect;
-
- if ((*it)->getTypeID() == TreeNode::PolicySet) {
- effect = combinePolicies(*it);
- if (effect.getEffect() != NotMatchingTarget) {
- effects.push_back(effect);
- }
- } else if ((*it)->getTypeID() == TreeNode::Policy) {
- effect = combineRules(*it);
- if (effect.getEffect() != NotMatchingTarget) {
- effects.push_back(effect);
- }
- } else {
- // [CR] fix it
- LogError("effect value is not initialized!");
- return ExtendedEffect(Error);
- }
-
- if (algorithm == Policy::FirstTargetMatching
- && effect.getEffect() != NotMatchingTarget)
- {
- //In First matching target algorithm we may return when first result is found
- break;
- }
- }
-
- //Use combining algorithm
- return combine(policySet->getCombineAlgorithm(), effects);
-}
-
-ExtendedEffect CombinerImpl::combine(
- Policy::CombineAlgorithm algorithm,
- ExtendedEffectList &effects)
-{
- LogDebug("Effects to be combined with algorithm: " << ::toString(algorithm));
- showEffectList(effects);
-
- switch (algorithm) {
- case Policy::DenyOverride:
- return denyOverrides(effects);
- break;
- case Policy::PermitOverride:
- return permitOverrides(effects);
- break;
- case Policy::FirstApplicable:
- return firstApplicable(effects);
- break;
- case Policy::FirstTargetMatching:
- return firstMatchingTarget(effects);
- break;
- default:
- Assert(false && "Wrong combining algorithm used");
- return Error;
- }
-}
-
-/**
- *
- * @param attrSet set of Subject attributes in policy that identifies target
- * @return true if target is determined and matches, false and isUndertmined is set to true if the target is undetermined
- * false and isUndetermined set to false if target is determined but doesn't match
- */
-bool CombinerImpl::checkIfTargetMatches(
- const std::list<const Subject *> * subjectsList,
- bool &isUndetermined)
-{
- if (subjectsList->empty()) {
- return true;
- }
-
- std::list<const Subject *>::const_iterator it = subjectsList->begin();
- bool match = false;
- //According to BONDI 1.0 at least one target must match
- while (it != subjectsList->end()) {
- match = (*it)->matchSubject(this->getAttributeSet(), isUndetermined);
- if (match) { //at least one match
- break;
- }
- ++it;
- }
-
- #ifdef _DEBUG
- if (match == Attribute::MRTrue) {
- LogDebug("Target matches ");
- } else if (match == Attribute::MRUndetermined) {
- LogDebug("Target match undetermined ");
- } else {
- LogDebug("Target doesn't match");
- }
- #endif
- return match;
-}
-
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-//
-// File: Condition.cpp
-// Author: notroot
-//
-// Created on June 3, 2009, 9:00 AM
-//
-
-#include <iostream>
-#include <dpl/log/log.h>
-#include <dpl/foreach.h>
-#include <ace/Condition.h>
-
-/**
- * Check if attribute in condition matches the values obtained from PIP
- * attrSet - attributes from PIP
- */
-
-Attribute::MatchResult Condition::evaluateCondition(
- const AttributeSet * attrSet) const
-{
- //Condition may include either matches of attributes or other conditions
- //in this method all attributes are matched at first and if possible the
- //condition is evaluated. If evaluation is not possible based solely on
- //attributes then we start recursion into child conditions.
-
- Attribute::MatchResult match;
- bool undeterminedMatchFound = false;
- bool isFinalMatch = false;
-
- LogDebug("Attributes to be matched");
- printAttributes(*attrSet);
- LogDebug("Condition attributes values");
- printAttributes(attributes);
-
- if (this->isEmpty()) {
- LogDebug("Condition is empty, returning true");
- //Condition is empty, it means it evaluates to TRUE
- return Attribute::MatchResult::MRTrue;
- }
-
- match = evaluateAttributes(attrSet, isFinalMatch, undeterminedMatchFound);
- if (isFinalMatch) {
- LogDebug("Evaluate attributes returning verdict" ) ; //<< match);
- return match;
- }
-
- match = evaluateChildConditions(attrSet,
- isFinalMatch,
- undeterminedMatchFound);
- if (isFinalMatch) {
- LogDebug("Evaluate child conditions returning verdict" ); // << match);
- return match;
- }
-
- if (undeterminedMatchFound) {
- //If any child condition/attribute-match was undetermined and
- //so far we couldn't make a decision then we must return undetermined
- LogDebug("Evaluate condition returning MRUndetermined");
- return Attribute::MatchResult::MRUndetermined;
- }
-
- if (this->isAndCondition()) {
- match = Attribute::MatchResult::MRTrue;
- } else if (this->isOrCondition()) {
- match = Attribute::MatchResult::MRFalse;
- } else {
- Assert(false && "Condition has to be either AND or OR");
- }
- return match;
-}
-
-// KW Attribute::MatchResult Condition::performORalgorithm(const std::set<Attribute>* attrSet) const{
-// KW
-// KW Attribute::MatchResult match;
-// KW bool undeterminedMatchFound = false;
-// KW bool isFinalMatch = false;
-// KW
-// KW LogDebug("Performing OR algorithm");
-// KW
-// KW match = evaluateAttributes(attrSet, isFinalMatch, undeterminedMatchFound);
-// KW if(isFinalMatch){
-// KW LogDebug("OR algorithm evaluate attributes returning verdict" << match);
-// KW return match;
-// KW }
-// KW
-// KW match = evaluateChildConditions(attrSet, isFinalMatch, undeterminedMatchFound);
-// KW if(isFinalMatch){
-// KW return match;
-// KW }
-// KW
-// KW if(undeterminedMatchFound){
-// KW //If any child condition/attribute-match was undetermined and
-// KW //so far we couldn't make a decision then we must return undetermined
-// KW LogDebug("OR algorithm returning MRUndetermined");
-// KW return Attribute::MRUndetermined;
-// KW }
-// KW
-// KW LogDebug("OR algorithm returning MRFalse");
-// KW return Attribute::MRFalse;
-// KW }
-
-// KW Attribute::MatchResult Condition::performANDalgorithm(const std::set<Attribute>* attrSet) const{
-// KW
-// KW
-// KW Attribute::MatchResult match;
-// KW bool undeterminedMatchFound = false;
-// KW bool isFinalMatch = false;
-// KW
-// KW LogDebug("Performing AND algorithm");
-// KW match = evaluateAttributes(attrSet, isFinalMatch, undeterminedMatchFound);
-// KW if(isFinalMatch){
-// KW LogDebug("AND algorithm evaluate attributes returning verdict" << match);
-// KW return match;
-// KW }
-// KW match = evaluateChildConditions(attrSet, isFinalMatch, undeterminedMatchFound);
-// KW if(isFinalMatch){
-// KW LogDebug("AND algorithm evaluate child returning verdict " << match);
-// KW return match;
-// KW }
-// KW if(undeterminedMatchFound){
-// KW //If any child condition/attribute-match was undetermined and
-// KW //so far we couldn't make a decision then we must return undetermined
-// KW LogDebug("AND algorithm returning Undetermined");
-// KW return Attribute::MRUndetermined;
-// KW }
-// KW
-// KW LogDebug("AND algorithm returning MRTrue");
-// KW return Attribute::MRTrue;
-// KW
-// KW }
-
-Attribute::MatchResult Condition::evaluateAttributes(
- const AttributeSet * attrSet,
- bool& isFinalMatch,
- bool & undeterminedMatchFound) const
-{
- Attribute::MatchResult match = Attribute::MatchResult::MRUndetermined;
-
- std::list<Attribute>::const_iterator condIt = this->attributes.begin();
- while (condIt != this->attributes.end()) {
- //Find the value of needed attribute, based on attribute name
- AttributeSet::const_iterator attr =
- std::find_if(attrSet->begin(),
- attrSet->end(),
- AceDB::BaseAttribute::UnaryPredicate(&(*condIt)));
- if (attr == attrSet->end()) {
- LogError("Couldn't find required attribute. This should not happen");
- Assert(
- false &&
- "Couldn't find attribute required in condition. This should not happen"
- "This means that some attributes has not been obtained from PIP");
- //Return undetermined here because it seems one of the attributes is unknown/undetermined
- isFinalMatch = true;
- match = Attribute::MatchResult::MRUndetermined;
- break;
- }
-
- match = condIt->matchAttributes(&(*(*attr)));
- if ((match == Attribute::MatchResult::MRFalse) && isAndCondition()) {
- //FALSE match found in AND condition
- isFinalMatch = true;
- break;
- } else if ((match == Attribute::MatchResult::MRTrue) && isOrCondition()) {
- //TRUE match found in OR condition
- isFinalMatch = true;
- break;
- } else if (match == Attribute::MatchResult::MRUndetermined) {
- //Just mark that there was undetermined value found
- undeterminedMatchFound = true;
- }
- ++condIt;
- }
-
- return match;
-}
-
-Attribute::MatchResult Condition::evaluateChildConditions(
- const AttributeSet * attrSet,
- bool& isFinalMatch,
- bool & undefinedMatchFound) const
-{
- Attribute::MatchResult match = Attribute::MatchResult::MRUndetermined;
-
- std::list<Condition>::const_iterator it = conditions.begin();
- while (it != conditions.end()) {
- match = it->evaluateCondition(attrSet);
-
- if ((match == Attribute::MatchResult::MRFalse) && isAndCondition()) {
- //FALSE match found in AND condition
- LogDebug("Child conditions results MRFalse)");
- isFinalMatch = true;
- break;
- } else if ((match == Attribute::MatchResult::MRTrue) && isOrCondition()) {
- //TRUE match found in OR condition
- LogDebug("Child conditions result MRTrue");
- isFinalMatch = true;
- break;
- } else if (match == Attribute::MatchResult::MRUndetermined) {
- undefinedMatchFound = true;
- }
- ++it;
- }
-
- return match;
-}
-
-void Condition::getAttributes(AttributeSet * attrSet)
-{
- //Get attributes from current condition
- FOREACH (it, attributes)
- {
- AceDB::BaseAttributePtr attr(new Attribute(it->getName(), it->getMatchFunction(), it->getType()));
- attrSet->insert(attr);
- }
- //Get attributes from any child conditions
- FOREACH (it, conditions)
- {
- it->getAttributes(attrSet);
- }
-}
-
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-#include <dpl/assert.h>
-#include <dpl/log/log.h>
-#include <fcntl.h>
-#include <errno.h>
-#include <error.h>
-#include <malloc.h>
-#include <sys/stat.h>
-#include <ace/ConfigurationManager.h>
-
-using namespace std;
-
-namespace {
-const string currentXMLSchema("bondixml.xsd");
-}
-
-ConfigurationManager * ConfigurationManager::instance = NULL;
-
-
-string ConfigurationManager::getCurrentPolicyFile(void) const
-{
- LogError("ConfigurationManager::getCurrentPolicyFile is DEPRECATED");
- return "";
-}
-
-string ConfigurationManager::getFullPathToCurrentPolicyFile(void) const
-{
- LogError("ConfigurationManager::getFullPathToCurrentPolicyFile"
- "is DEPRECATED");
- return "";
-}
-
-string ConfigurationManager::getFullPathToCurrentPolicyXMLSchema(void) const
-{
- LogError("ConfigurationManager::getFullPathToCurrentPolicyXMLSchema"
- "is DEPRECATED");
- return "";
-}
-
-int ConfigurationManager::addPolicyFile(const string &)
-{
- LogError("ConfigurationManager::addPolicyFile is DEPRECATED");
- return CM_GENERAL_ERROR;
-}
-
-int ConfigurationManager::removePolicyFile(const string&)
-{
- LogError("ConfigurationManager::removePolicyFile is DEPRECATED");
- return CM_GENERAL_ERROR;
-}
-
-int ConfigurationManager::changeCurrentPolicyFile(const string&)
-{
- LogError("ConfigurationManager::changeCurrentPolicyFile is DEPRECATED");
- return CM_GENERAL_ERROR;
-}
-
-string ConfigurationManager::extractFilename(const string&) const
-{
- LogError("ConfigurationManager::extractFilename is DEPRECATED");
- return "";
-}
-
-
-int ConfigurationManager::parse(const string&)
-{
- LogError("ConfigurationManager::parse is DEPRECATED");
- return CM_GENERAL_ERROR;
-}
-
-bool ConfigurationManager::copyFile(FILE*, FILE*, int) const
-{
- LogError("ConfigurationManager::copyFile is DEPRECATED");
- return false;
-}
-
-bool ConfigurationManager::checkIfFileExistst(const string&) const
-{
- LogError("ConfigurationManager::checkIfFileExistst is DEPRECATED");
- return false;
-}
-
-const list<string> & ConfigurationManager::getPolicyFiles() const
-{
- LogError("ConfigurationManager::getPolicyFiles is DEPRECATED");
- static list<string> aList;
- return aList;
-}
-
-const string & ConfigurationManager::getConfigFile() const
-{
- LogError("ConfigurationManager::getConfigFile is DEPRECATED");
- static string returnString("");
- return returnString;
-}
-
-string ConfigurationManager::getFullPathToPolicyFile(PolicyType policy) const
-{
- string storagePath = getStoragePath();
- string fileName;
-
- switch (policy) {
- case PolicyType::WAC2_0: {
- fileName = ACE_WAC_POLICY_FILE_NAME;
- break; }
- case PolicyType::Tizen: {
- fileName = ACE_TIZEN_POLICY_FILE_NAME;
- break; }
- default: {
- LogError("Invalid policy file requested");
- return ""; }
- }
-
- return storagePath + fileName;
-}
-
-string ConfigurationManager::getFullPathToPolicyXMLSchema() const
-{
- string storagePath = getStoragePath();
- if (*(storagePath.rbegin()) == '/')
- {
- return storagePath + currentXMLSchema;
- }
- return storagePath + "/" + currentXMLSchema;
-}
-
-string ConfigurationManager::getStoragePath(void) const
-{
- return ACE_MAIN_STORAGE;
-}
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-//
-//
-//
-// @ Project : Access Control Engine
-// @ File Name : Policy.cpp
-// @ Date : 2009-05-06
-// @ Author : Samsung
-//
-//
-
-#include <ace/Policy.h>
-
-Policy::~Policy()
-{
- for (std::list<const Subject *>::iterator it = subjects->begin();
- it != subjects->end();
- ++it) {
- delete *it;
- }
- delete subjects;
-}
-
-void Policy::printData()
-{
- std::string subject;
- if (subjects != NULL && subjects->size()) {
- subject = (subjects->front())->getSubjectId();
- }
- std::string algorithm = printCombineAlgorithm(this->combineAlgorithm);
-
- std::cout << "subject: " << subject << " algorithm: " << algorithm <<
- std::endl;
-}
-
-std::string Policy::printCombineAlgorithm(CombineAlgorithm algorithm)
-{
- switch (algorithm) {
- case DenyOverride:
- return "DenyOverride";
- case PermitOverride:
- return "PermitOverride";
- case FirstApplicable:
- return "FirstApplicable";
- case FirstTargetMatching:
- return "FirstTargetMatching";
- default:
- return "ERROR: Wrong Algorithm";
- }
-}
-
-const char * toString(Policy::CombineAlgorithm algorithm)
-{
- switch (algorithm) {
- case Policy::DenyOverride:
- return "DenyOverride";
- case Policy::PermitOverride:
- return "PermitOverride";
- case Policy::FirstApplicable:
- return "FirstApplicable";
- case Policy::FirstTargetMatching:
- return "FirstTargetMatching";
- default:
- return "ERROR: Wrong Algorithm";
- }
-}
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/**
- * @file security_logic.cpp
- * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com)
- * @author Ming Jin(ming79.jin@samsung.com)
- * @version 1.0
- * @brief Implementation file for security logic
- */
-#include <ace/PolicyEnforcementPoint.h>
-
-#include <sstream>
-#include <algorithm>
-#include <list>
-#include <string>
-#include <sstream>
-#include <stdexcept>
-#include <cstdlib>
-#include <map>
-
-#include <dpl/assert.h>
-#include <dpl/exception.h>
-#include <dpl/log/log.h>
-
-#include <ace/PolicyEvaluatorFactory.h>
-#include <ace/PolicyResult.h>
-#include <ace/Request.h>
-
-PolicyEnforcementPoint::PolicyEnforcementPoint() :
- m_wrt(0),
- m_res(0),
- m_sys(0),
- m_pdp(0),
- m_pip(0)
-{}
-
-void PolicyEnforcementPoint::terminate()
-{
- LogInfo("PolicyEnforcementPoint is being deinitialized.");
-
- delete m_sys;
- delete m_res;
- delete m_wrt;
- delete m_pdp;
- delete m_pip;
- m_sys = 0;
- m_res = 0;
- m_wrt = 0;
- m_pdp = 0;
- m_pip = 0;
-}
-
-PolicyEnforcementPoint::~PolicyEnforcementPoint()
-{
- Assert((m_sys == 0) && "You must run "
- "PolicyEnforcementPoint::Deinitialize before exit program!");
-}
-
-void PolicyEnforcementPoint::initialize(
- IWebRuntime *wrt,
- IResourceInformation *resource,
- IOperationSystem *operation)
-{
- if (m_wrt) {
- ThrowMsg(PEPException::AlreadyInitialized,
- "Policy Enforcement Point is already initialzed");
- }
-
- m_wrt = wrt;
- m_res = resource;
- m_sys = operation;
-
- if (this->m_pip != NULL) {
- this->m_pip->update(m_wrt, m_res, m_sys);
- return;
- }
-
- this->m_pip = new PolicyInformationPoint(wrt, m_res, m_sys);
- this->m_pdp = new PolicyEvaluator(m_pip);
-
- if (!this->m_pdp->initPDP()) {
- Assert(0);
- }
-}
-
-ExtendedPolicyResult PolicyEnforcementPoint::check(Request &request)
-{
- return m_pdp->getPolicyForRequest(request);
-}
-
-void PolicyEnforcementPoint::updatePolicy(const std::string &policy)
-{
- LogDebug("ACE updatePolicy: " << policy);
- int errorCode = 0;
-
- if (m_pdp == NULL) {
- LogError("Evaluator not set. Ignoring message.");
- Assert(false && "UpdateClient error on receiving event");
- } else {
- LogDebug("Emitting update signal.");
- errorCode = m_pdp->updatePolicy(policy.c_str());
- }
-
- LogDebug("Sending reponse: " << errorCode);
-}
-
-void PolicyEnforcementPoint::updatePolicy()
-{
- LogDebug("ACE updatePolicy");
- if (m_pdp == NULL) {
- LogError("Evaluator not set. Ignoring message.");
- } else {
- m_pdp->updatePolicy();
- }
-}
-
-OptionalExtendedPolicyResult PolicyEnforcementPoint::checkFromCache(Request &request)
-{
- return m_pdp->getPolicyForRequestFromCache(request);
-}
-
-OptionalExtendedPolicyResult PolicyEnforcementPoint::check(Request &request,
- bool fromCacheOnly)
-{
- return m_pdp->getPolicyForRequest(request, fromCacheOnly);
-}
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-//
-//
-//
-// @ Project : Access Control Engine
-// @ File Name : PolicyEvaluator.cpp
-// @ Date : 2009-05-06
-// @ Author : Samsung
-//
-//
-#include <dpl/assert.h>
-#include <dpl/foreach.h>
-
-#include <ace/Attribute.h>
-#include <ace/PolicyEvaluator.h>
-#include <ace/TreeNode.h>
-#include <ace/Policy.h>
-#include <ace/Rule.h>
-#include <ace/Attribute.h>
-#include <ace/SettingsLogic.h>
-#include <ace-dao-rw/AceDAO.h>
-#include <ace-dao-ro/PreferenceTypes.h>
-#include <ace/parser.h>
-
-using namespace AceDB;
-
-PolicyEvaluator::~PolicyEvaluator()
-{
- delete m_combiner;
-}
-
-PolicyEvaluator::PolicyEvaluator(PolicyInformationPoint * pip) :
- m_uniform_policy(NULL),
- m_wac_policy(NULL),
- m_tizen_policy(NULL),
- m_policy_to_use(PolicyType::WAC2_0),
- m_combiner(new CombinerImpl()),
- m_verdictListener(NULL),
- m_pip(pip)
-{}
-
-bool PolicyEvaluator::initPDP()
-{
- updatePolicy();
- // TODO change return value someday to void?
- return true;
-}
-
-bool PolicyEvaluator::fillAttributeWithPolicy()
-{
- if (m_attributeSet.empty()) {
- if (!extractAttributes(m_uniform_policy)) {
- LogInfo("Warning attribute set cannot be extracted. "
- "Returning Deny");
- return false;
- }
- // Adding widget type attribute to distinguish WAC/Tizen widgets
- /**
- * This special attribute of WidgetParam type is handled
- * in PolicyInformationPoint, it is based on WidgetType
- * fron WRT database.
- *
- * It is needed to distinguish cached policy results and cached prompt
- * responses for different policies (WAC/Tizen/any possible
- * other in the future).
- */
- AceDB::BaseAttributePtr attribute(new AceDB::BaseAttribute());
- attribute->setName(POLICY_WIDGET_TYPE_ATTRIBUTE_NAME);
- attribute->setType(AceDB::BaseAttribute::Type::WidgetParam);
- m_attributeSet.insert(attribute);
- AceDAO::addAttributes(m_attributeSet);
- } else {
- LogDebug("Required attribute set already loaded");
- }
- return true;
-}
-
-PolicyResult PolicyEvaluator::effectToPolicyResult(Effect effect)
-{
- if (Effect::Deny == effect) {
- return PolicyEffect::DENY;
- }
- if (Effect::Undetermined == effect) {
- return PolicyResult::Value::UNDETERMINED;
- }
- if (Effect::PromptOneShot == effect) {
- return PolicyEffect::PROMPT_ONESHOT;
- }
- if (Effect::PromptSession == effect) {
- return PolicyEffect::PROMPT_SESSION;
- }
- if (Effect::PromptBlanket == effect) {
- return PolicyEffect::PROMPT_BLANKET;
- }
- if (Effect::Permit == effect) {
- return PolicyEffect::PERMIT;
- }
- if (Effect::Inapplicable == effect) {
- return PolicyDecision::Value::NOT_APPLICABLE;
- }
- return PolicyEffect::DENY;
-}
-
-OptionalExtendedPolicyResult PolicyEvaluator::getPolicyForRequestInternal(
- bool fromCacheOnly)
-{
- //ADD_PROFILING_POINT("Search cached verdict in database", "start");
-
- OptionalExtendedPolicyResult result = AceDAO::getPolicyResult(m_attributeSet);
-
- //ADD_PROFILING_POINT("Search cached verdict in database", "stop");
-
- if (fromCacheOnly || !result.IsNull()) {
- return result;
- }
-
- //ADD_PROFILING_POINT("EvaluatePolicy", "start");
-
- ExtendedEffect policyEffect = evaluatePolicies(getCurrentPolicyTree());
-
- //ADD_PROFILING_POINT("EvaluatePolicy", "stop");
-
- LogDebug("Policy effect is: " << toString(policyEffect.getEffect()));
-
- ExtendedPolicyResult exResult(
- effectToPolicyResult(policyEffect.getEffect()),
- policyEffect.getRuleId());
-
- AceDAO::setPolicyResult(this->m_attributeSet, exResult);
- return OptionalExtendedPolicyResult(exResult);
-}
-
-// +----------------+---------+---------+------+--------+
-// |\User setting | PERMIT | PROMPT* | DENY | DEF |
-// | \ | | | | |
-// |Policy result\ | | | | |
-// |----------------+---------+---------+------+--------+
-// |PERMIT | PERMIT | PROMPT* | DENY | PERMIT |
-// |----------------+---------+---------+------+--------+
-// |PROMPT* | PROMPT* | PR MIN | DENY | PROMPT*|
-// |----------------+---------+---------+------+--------+
-// |DENY | DENY | DENY | DENY | DENY |
-// |----------------+---------+---------+------+--------+
-// |UNDETERMIND | UNDET | UNDET | DENY | UNDET |
-// |----------------+---------+---------+------+--------+
-// |NOT_AP | PEMIT | PROMPT* | DENY | NOT_AP |
-// +----------------+---------+---------+------+--------+
-
-static PolicyResult getMostRestrict(
- PreferenceTypes globalPreference,
- const PolicyResult &policyResult)
-{
- if (globalPreference == PreferenceTypes::PREFERENCE_PERMIT
- && policyResult == PolicyEffect::PERMIT) {
- return PolicyEffect::PERMIT;
- }
-
- if (globalPreference == PreferenceTypes::PREFERENCE_DENY
- || policyResult == PolicyEffect::DENY) {
- return PolicyEffect::DENY;
- }
-
- if (policyResult == PolicyResult::UNDETERMINED) {
- return PolicyResult::UNDETERMINED;
- }
-
- if (globalPreference == PreferenceTypes::PREFERENCE_DEFAULT) {
- return policyResult;
- }
-
- if (globalPreference == PreferenceTypes::PREFERENCE_ONE_SHOT_PROMPT
- || policyResult == PolicyEffect::PROMPT_ONESHOT) {
- return PolicyEffect::PROMPT_ONESHOT;
- }
-
- if (globalPreference == PreferenceTypes::PREFERENCE_SESSION_PROMPT
- || policyResult == PolicyEffect::PROMPT_SESSION) {
- return PolicyEffect::PROMPT_SESSION;
- }
-
- if (globalPreference == PreferenceTypes::PREFERENCE_BLANKET_PROMPT
- || policyResult == PolicyEffect::PROMPT_BLANKET) {
- return PolicyEffect::PROMPT_BLANKET;
- }
-
- return PolicyEffect::PERMIT;
-}
-
-OptionalExtendedPolicyResult PolicyEvaluator::getPolicyForRequestFromCache(
- const Request &request)
-{
- return getPolicyForRequest(request, true);
-}
-
-ExtendedPolicyResult PolicyEvaluator::getPolicyForRequest(const Request &request)
-{
- auto result = this->getPolicyForRequest(request, false);
- Assert(!result.IsNull()
- && "Policy always has to be evaluated to valid state");
- return *result;
-}
-
-OptionalExtendedPolicyResult PolicyEvaluator::getPolicyForRequest(
- const Request &request,
- bool fromCacheOnly)
-{
- //ADD_PROFILING_POINT("getPolicyForRequest", "start");
- m_attributeSet.clear();
-
- switch (request.getAppType()) {
- case Request::APP_TYPE_TIZEN:
- m_policy_to_use = PolicyType::Tizen;
- LogDebug("==== Using Tizen policy ====");
- break;
- case Request::APP_TYPE_WAC20:
- m_policy_to_use = PolicyType::WAC2_0;
- LogDebug("==== Using WAC policy ====");
- break;
- default:
- LogError("Unsupported(unknown) widget type. Access denied.");
- return OptionalExtendedPolicyResult(
- ExtendedPolicyResult(PolicyEffect::DENY));
- }
-
- try {
- // Check which attributes should be used
- // memory alocated, free in destructor
- //ADD_PROFILING_POINT("getAttributes", "start");
- AceDB::AceDAO::getAttributes(&m_attributeSet);
- //ADD_PROFILING_POINT("getAttributes", "stop");
-
- // If attributes can't be resolved then check the policy
- if (!fillAttributeWithPolicy()) {
- //ADD_PROFILING_POINT("getPolicyForRequest", "stop");
- return OptionalExtendedPolicyResult(
- ExtendedPolicyResult(PolicyEffect::DENY));
- }
-
- //ADD_PROFILING_POINT("getAttributesValues", "start");
- m_pip->getAttributesValues(&request, &m_attributeSet);
- //ADD_PROFILING_POINT("getAttributesValues", "stop");
- LogDebug("==== Attributes set by PIP ====");
- printAttributes(m_attributeSet);
- LogDebug("==== End of attributes set by PIP ====");
-
- OptionalExtendedPolicyResult policyResult = getPolicyForRequestInternal(
- fromCacheOnly);
-
- if (policyResult.IsNull()) {
- if (!fromCacheOnly) {
- LogError("Policy evaluated to NULL value");
- Assert(false && "Policy evaluated to NULL value");
- }
- return OptionalExtendedPolicyResult::Null;
- }
- LogDebug("==== getPolicyForRequestInternal result (PolicyResult): "
- << policyResult->policyResult << "=====");
-
- PreferenceTypes globalPreference =
- SettingsLogic::findGlobalUserSettings(request);
-
- auto ret = getMostRestrict(globalPreference, policyResult->policyResult);
- //ADD_PROFILING_POINT("getPolicyForRequest", "stop");
- return OptionalExtendedPolicyResult(
- ExtendedPolicyResult(ret, policyResult->ruleId));
-
- } catch (AceDB::AceDAO::Exception::DatabaseError &e) {
- LogError("Database error");
- DPL::Exception::DisplayKnownException(e);
- //ADD_PROFILING_POINT("getPolicyForRequest", "stop");
- return OptionalExtendedPolicyResult(
- ExtendedPolicyResult(PolicyEffect::DENY));
- }
-}
-
-bool PolicyEvaluator::extractAttributes(TreeNode* policyTree)
-{
- if (NULL == policyTree) {
- return false;
- }
-
- //We check if root target matches. In general the root's target should
- //be empty. Otherwise it would have to have all the subjects available
- //specified but just to be on the safe side (and for tests) this checking
- const Policy * policy =
- dynamic_cast<const Policy *>(policyTree->getElement());
- Assert(policy != NULL
- && "Policy element has been null while attribute extracting");
-
- extractTargetAttributes(policy);
- extractAttributesFromSubtree(policyTree); //Enter recursion
-
- return true;
-}
-
-void PolicyEvaluator::extractTargetAttributes(const Policy *policy)
-{
- std::list<const Subject *>::const_iterator it =
- policy->getSubjects()->begin();
- for (; it != policy->getSubjects()->end(); ++it) {
- const std::list<Attribute> & attrList = (*it)->getTargetAttributes();
- FOREACH(it2, attrList)
- {
- BaseAttributePtr attr(
- new Attribute((*it2).getName(), (*it2).getMatchFunction(),
- (*it2).getType()));
- m_attributeSet.insert(attr);
- }
- }
-}
-
-TreeNode * PolicyEvaluator::getCurrentPolicyTree()
-{
- TreeNode * currentPolicy = NULL;
- switch (m_policy_to_use) {
- case PolicyType::Tizen: {
- currentPolicy = m_tizen_policy;
- break;}
- case PolicyType::WAC2_0: {
- currentPolicy = m_wac_policy;
- break;}
- default: {
- LogError("Invalid policy type to use");}
- }
- return currentPolicy;
-}
-
-/**
- *
- * @param *root - the root of the original (full) subtree of politics
- * @param *newRoot - the pointer to the root of the copy (reduced) subtree of politics
- */
-void PolicyEvaluator::extractAttributesFromSubtree(const TreeNode *root)
-{
- const ChildrenSet & children = root->getChildrenSet();
-
- for (std::list<TreeNode *>::const_iterator it = children.begin();
- it != children.end(); ++it) {
- TreeNode * node = *it;
- if (node->getTypeID() != TreeNode::Policy
- && node->getTypeID() != TreeNode::PolicySet) {
- //It is not a policy so we may be sure that we have already
- //checked that SubjectId matches
- //Add new node to new tree and extract attributes
-
- extractAttributesFromRules(node);
- } else { //TreeNode is a Policy or PolicySet
- const Policy * policy =
- dynamic_cast<const Policy *>(node->getElement());
- //We will be needing also the attributes from target
- if (policy) {
- extractTargetAttributes(policy);
- } else {
- LogError(" extractAttributesFromSubtree policy=NULL");
- }
- //Enter recursion
- extractAttributesFromSubtree(node);
- }
- }
-}
-
-bool PolicyEvaluator::extractAttributesFromRules(const TreeNode *root)
-{
- Assert(root->getTypeID() == TreeNode::Rule
- && "Tree structure, extracting attributes from node that is not a rule");
- Rule * rule = dynamic_cast<Rule *>(root->getElement());Assert
- (rule != NULL);
- //Get attributes from rule
- rule->getAttributes(&m_attributeSet);
-
- //[CR] consider returned value, because its added only to eliminate errors
- return true;
-}
-
-ExtendedEffect PolicyEvaluator::evaluatePolicies(const TreeNode * root)
-{
- if (root == NULL) {
- LogInfo("Error: policy tree doesn't exist. "
- "Probably xml file is missing");
- return Deny;
- }
-
- if (m_attributeSet.empty()) {
- LogInfo("Warning: evaluatePolicies: attribute set was empty");
- }
- m_combiner->setAttributeSet(&m_attributeSet);
- return m_combiner->combinePolicies(root);
-}
-
-
-int PolicyEvaluator::updatePolicy(const char* newPolicy)
-{
- LogError("PolicyEvaluator::updatePolicy is DEPRECATED");
- ConfigurationManager* configMgr = ConfigurationManager::getInstance();
- if (NULL == configMgr) {
- LogError("ACE fatal error: failed to create configuration manager");
- return POLICY_PARSING_ERROR;
- }
- int result = POLICY_PARSING_SUCCESS;
- if (newPolicy == NULL) {
- LogError("Policy Update: incorrect policy name");
- return POLICY_FILE_ERROR;
- }
- LogDebug("Starting update policy: " << newPolicy);
-
- Parser parser;
- TreeNode *backup = m_uniform_policy;
-
- m_uniform_policy = parser.parse(newPolicy,
- configMgr->getFullPathToPolicyXMLSchema());
-
- if (NULL == m_uniform_policy) {
- m_uniform_policy = backup;
- LogError("Policy Update: corrupted policy file");
- result = POLICY_PARSING_ERROR;
- } else {
- m_currentPolicyFile = newPolicy;
- m_wac_policy = m_uniform_policy; //we must be able to use WAC widgets
- m_tizen_policy = m_uniform_policy;//we must be able to use Tizen widgets
- m_attributeSet.clear();
- backup->releaseResources();
- LogInfo("Policy Update: successful.");
- try {
- AceDAO::resetDatabase(); // TODO: this is strange, but this
- // method is deprecated so not changing
- // it (will disappear with entire method)
- } catch (AceDAO::Exception::DatabaseError &e) {
- }
- }
- return result;
-}
-
-TreeNode * PolicyEvaluator::getDefaultSafePolicyTree(void)
-{
- Policy * policy = new Policy;
- Rule * rule = new Rule;
- TreeNode * mainTree = NULL,
- * childTree = NULL;
-
- policy->setCombineAlgorithm(Policy::CombineAlgorithm::DenyOverride);
- rule->setEffect(Deny);
-
- mainTree = new TreeNode(m_uniform_policy, TreeNode::Policy, policy);
- childTree = new TreeNode(mainTree, TreeNode::Rule, rule);
- mainTree->addChild(childTree);
-
- LogError("Loading default safe policy tree");
- return mainTree;
-}
-
-void PolicyEvaluator::updatePolicy()
-{
- ConfigurationManager *configMgr = ConfigurationManager::getInstance();
- Assert(NULL != configMgr && "ACE fatal error: failed to "
- "create configuration manager");
- AceDAO::clearPolicyCache();
- if (NULL != m_uniform_policy) {
- m_uniform_policy->releaseResources();
- }
- Parser parserWac, parserTizen;
- m_wac_policy = parserWac.parse(
- configMgr->getFullPathToPolicyFile(PolicyType::WAC2_0),
- configMgr->getFullPathToPolicyXMLSchema());
- if (NULL == m_wac_policy) {
- LogError("ACE fatal error: cannot parse XML file (WAC policy)");
- m_wac_policy = getDefaultSafePolicyTree();
- }
- m_tizen_policy = parserTizen.parse(
- configMgr->getFullPathToPolicyFile(PolicyType::Tizen),
- configMgr->getFullPathToPolicyXMLSchema());
- if (NULL == m_tizen_policy) {
- LogError("ACE fatal error: cannot parse XML file (Tizen policy)");
- m_tizen_policy = getDefaultSafePolicyTree();
- }
- // Policy set is usefull for releasing all policies in case of
- // policy change
- Policy * policySet = new PolicySet();
- policySet->setCombineAlgorithm(Policy::CombineAlgorithm::DenyOverride);
- m_uniform_policy = new TreeNode(NULL, TreeNode::PolicySet, policySet);
- m_uniform_policy->addChild(m_wac_policy);
- m_uniform_policy->addChild(m_tizen_policy);
-
- // Creating attribute set for the first time after loading policy
- // to speed up queries
- m_attributeSet.clear();
- fillAttributeWithPolicy();
-}
-
-std::string PolicyEvaluator::getCurrentPolicy()
-{
- LogError("PolicyEvaluator::getCurrentPolicy is DEPRECATED");
- return m_currentPolicyFile;
-}
-
-const char * toString(Validity validity)
-{
- switch (validity) {
- case Validity::ONCE:
- return "Once";
- break;
- case Validity::SESSION:
- return "Session";
- case Validity::ALWAYS:
- return "Always";
- default:
- return "WRONG VALIDITY";
- }
-}
-
-const char * toString(Verdict verdict)
-{
- switch (verdict) {
- case Verdict::VERDICT_PERMIT:
- return "Permit";
- case Verdict::VERDICT_DENY:
- return "Deny";
- case Verdict::VERDICT_INAPPLICABLE:
- return "Inapplicable";
- case Verdict::VERDICT_UNKNOWN:
- return "Unknown";
- case Verdict::VERDICT_UNDETERMINED:
- return "Undetermined";
- case Verdict::VERDICT_ERROR:
- return "Error";
- case Verdict::VERDICT_ASYNC:
- return "Async";
- default:
- return "Wrong verdict value";
- }
-}
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-//
-//
-//
-//
-// @ Project : Access Control Engine
-// @ File Name : PolicyInformationPoint.cpp
-// @ Date : 2009-05-06
-// @ Author : Samsung
-//
-//
-#include <map>
-#include <string>
-#include <list>
-
-#include <ace/PolicyInformationPoint.h>
-#include <ace/ConfigurationManager.h>
-
-#include <dpl/log/log.h>
-#include <dpl/assert.h>
-#include <dpl/foreach.h>
-
-#include <ace/Attribute.h>
-#include <ace-dao-ro/BaseAttribute.h>
-#include <ace-dao-ro/AceDAOReadOnly.h>
-
-using namespace AceDB;
-
-PolicyInformationPoint::PolicyInformationPoint(IWebRuntime *wrt,
- IResourceInformation *resource,
- IOperationSystem *system) : wrtInterface(wrt),
- resourceInformation(resource),
- operationSystem(system)
-{
- AceDB::AceDAOReadOnly::attachToThreadRO();
-}
-
-PolicyInformationPoint::~PolicyInformationPoint()
-{
- AceDB::AceDAOReadOnly::detachFromThread();
-}
-
-/* gather attributes values from adequate interfaces */
-PipResponse PolicyInformationPoint::getAttributesValues(const Request* request,
- AttributeSet* attributes)
-{
- int subjectReturn = 0;
- int resourceReturn = 0;
- int operationReturn = 0;
- int functionReturn = 0;
- /* create query lists */
- createQueries(attributes);
-
- /* check if subject attributes query has any elements*/
- if (!subjectAttributesQuery.empty()) {
- /* get Subject Attributes */
- subjectReturn = wrtInterface->getAttributesValues(
- *request,
- &subjectAttributesQuery);
- }
-
- AttributeSet::const_iterator iter2;
- FOREACH(iter, subjectAttributesQuery)
- {
- if (iter->second == NULL) {
- Attribute attr(*(iter->first));
- attr.setType(Attribute::Type::Subject);
- iter2 = std::find_if(attributes->begin(),
- attributes->end(),
- BaseAttribute::UnaryPredicate(&attr));
- Assert(iter2 != attributes->end() && "This should not happen, "
- "the attribute MUST be in attribute set");
- (*iter2)->setUndetermind(true);
- }
- }
-
- /* check if resource attributes query has any elements*/
- if (!resourceAttributesQuery.empty()) {
- /* get Resource Attributes */
- resourceReturn = resourceInformation->getAttributesValues(
- *request,
- &resourceAttributesQuery);
- /* error analyzys*/
- resourceReturn <<= ERROR_SHIFT_RESOURCE;
- }
-
- FOREACH(iter, resourceAttributesQuery)
- {
- if (iter->second == NULL) {
- LogInfo("Found undetermined attribute");
- Attribute attr(*(iter->first));
- attr.setType(Attribute::Type::Resource);
- iter2 = std::find_if(attributes->begin(),
- attributes->end(),
- BaseAttribute::UnaryPredicate(&attr));
- Assert(iter2 != attributes->end() && "This should not happen, "
- "the attribute MUST be in attribute set");
- (*iter2)->setUndetermind(true);
- }
- }
-
- /* check if resource attributes query has any elements*/
- if (!environmentAttributesQuery.empty()) {
- /* get enviroment attributes */
- operationReturn = operationSystem->getAttributesValues(
- *request,
- &environmentAttributesQuery);
- /* error analyzys*/
- operationReturn <<= ERROR_SHIFT_OS;
- }
-
- FOREACH(iter, environmentAttributesQuery)
- {
- if (iter->second == NULL) {
- //it doesnt change uniqueness of a set element so we can const_cast
- Attribute attr(*(iter->first));
- attr.setType(Attribute::Type::Environment);
- iter2 = find_if(attributes->begin(),
- attributes->end(),
- BaseAttribute::UnaryPredicate(&attr));
- Assert(iter2 != attributes->end() && "This should not happen, "
- "the attribute MUST be in attribute set");
- (*iter2)->setUndetermind(true);
- }
- }
-
- /* check if functionParam attributes query has any elements*/
- if (!functionParamAttributesQuery.empty() && request->getFunctionParam()) {
- /* get params attributes */
- functionReturn = request->getFunctionParam()->getAttributesValues(
- *request,
- &functionParamAttributesQuery);
- /* error analyzys*/
- functionReturn <<= ERROR_SHIFT_FP;
- }
-
- FOREACH(iter, functionParamAttributesQuery)
- {
- if (iter->second == NULL) {
- //it doesnt change uniqueness of a set element so we can const_cast
- Attribute attr(*(iter->first));
- attr.setType(Attribute::Type::FunctionParam);
- iter2 = find_if(attributes->begin(),
- attributes->end(),
- BaseAttribute::UnaryPredicate(&attr));
- Assert(iter2 != attributes->end() && "This should not happen, "
- "the attribute MUST be in attribute set");
- (*iter2)->setUndetermind(true);
- }
- }
-
- // Here we must add to attributes proper marking of policy type
- // (Tizen or WAC widget)
- /**
- * This part of code seems odd here, but we don't want to keep it in
- * attribute fascade, as it is maintained by ACE clients and we are not
- * sure if this kind of distinction between different policies will be ok
- * as final solution.
- *
- * This is somehow private part of ACE, so it may be moved into
- * separate ACEAttributeFascade kind of a class in (already planned)
- * refactoring, when moving to new, C-only API for ACE.
- */
- if (widgetParamAttributesQuery.empty()) {
- LogError("No attrbutes of WidgetParam type present - "
- "should be widget type at least");
- } else {
- LogDebug("WidgetParam type atributes present, searching for widget type");
- FOREACH(iter, widgetParamAttributesQuery) {
- const std::string *name = iter->first;
- if (POLICY_WIDGET_TYPE_ATTRIBUTE_NAME == *name) {
- LogDebug("Widget type attribute found");
-
- // Extracting widget type
- std::list<std::string> attrValue;
- Try {
- AceDB::AppTypes appType =
- AceDB::AceDAOReadOnly::getWidgetType(
- request->getWidgetHandle());
- switch (appType) {
- case AceDB::AppTypes::Tizen : {
- attrValue.push_back(POLICY_NAME_TIZEN);
- LogDebug("==== Using Tizen policy in PIP ====");
- break;}
- case AceDB::AppTypes::WAC20 : {
- attrValue.push_back(POLICY_NAME_WAC2_0);
- LogDebug("==== Using WAC policy in PIP ====");
- break;}
- default: {
- LogError("Invalid widget type");
- }
- }
- } Catch (AceDB::AceDAOReadOnly::Exception::DatabaseError)
- {
- LogError("Couldn't find widget for handle "
- << request->getWidgetHandle());
- }
-
- // Setting real attribute value
- Attribute attr(*(iter->first));
- attr.setType(Attribute::Type::WidgetParam);
- iter2 = find_if(attributes->begin(),
- attributes->end(),
- BaseAttribute::UnaryPredicate(&attr));
- Assert(iter2 != attributes->end() && "This should not happen, "
- "the attribute MUST be in attribute set");
- (*iter2)->setUndetermind(false);
- (*iter2)->setValue(attrValue);
- }
- }
- }
-
- /** clear query lists*/
- resourceAttributesQuery.clear();
- environmentAttributesQuery.clear();
- subjectAttributesQuery.clear();
- functionParamAttributesQuery.clear();
- widgetParamAttributesQuery.clear();
-
- return subjectReturn | resourceReturn | operationReturn | functionReturn;
-}
-
-/** create query lists */
-void PolicyInformationPoint::createQueries(AttributeSet* attributes)
-{
- AttributeSet::const_iterator it;
-
- enum Attribute::Type type;
-
- /**iterate all attributes and split them into adequate query */
- FOREACH (it, *attributes) {
- type = (*it)->getType();
-
- switch (type) {
- case Attribute::Type::Subject:
- subjectAttributesQuery.push_back(ATTRIBUTE((*it)->getName(),
- (*it)->getValue()));
- break;
-
- case Attribute::Type::Environment:
- environmentAttributesQuery.push_back(ATTRIBUTE((*it)->getName(),
- (*it)->getValue()));
- break;
-
- case Attribute::Type::Resource:
- resourceAttributesQuery.push_back(ATTRIBUTE((*it)->getName(),
- (*it)->getValue()));
- break;
-
- case Attribute::Type::FunctionParam:
- functionParamAttributesQuery.push_back(ATTRIBUTE((*it)->getName(),
- (*it)->getValue()));
- break;
-
- case Attribute::Type::WidgetParam:
- widgetParamAttributesQuery.push_back(ATTRIBUTE((*it)->getName(),
- (*it)->getValue()));
- break;
- default:
- break;
- }
- }
-}
-
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-//
-//
-//
-// @ Project : Access Control Engine
-// @ File Name : Rule.h
-// @ Date : 2009-05-06
-// @ Author : Samsung
-//
-//
-
-#include <iostream>
-#include <dpl/log/log.h>
-
-#include <ace/Rule.h>
-
-void Rule::printData()
-{
- std::cout << "Rule: effect: " << printEffect(this->effect) <<
- " condition: " << this->condition;
-}
-
-std::string Rule::printEffect(const ExtendedEffect &effect) const
-{
- switch (effect.getEffect()) {
- case Deny:
- return "Deny";
- case PromptBlanket:
- return "PromptBlanket";
- case PromptOneShot:
- return "PromptOneShot";
- case PromptSession:
- return "PromptSession";
- case Permit:
- return "Permit";
- case Inapplicable:
- return "Inapplicable";
- case Error:
- return "Error";
- default:
- return "ERROR";
- }
-}
-
-ExtendedEffect Rule::evaluateRule(const AttributeSet * attrSet) const
-{
- Attribute::MatchResult result = condition.evaluateCondition(attrSet);
-
- if (result == Attribute::MatchResult::MRUndetermined) {
- // LogInfo("Rule is undetermined");
- return ExtendedEffect(Undetermined);
- } else if (result == Attribute::MatchResult::MRTrue) {
- // LogInfo("Rule effect "<<printEffect(effect));
- return effect;
- }
- // LogInfo("Rule is inapplicable");
- return Inapplicable;
-}
-
-
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/**
- *
- *
- * @file SettingsLogic.cpp
- * @author Tomasz Swierczek (t.swierczek@samsung.com)
- * @version 0.1
- * @brief SettingsLogic implementation
- */
-
-#include <ace/SettingsLogic.h>
-
-#include <dpl/log/log.h>
-#include <dpl/foreach.h>
-
-#include <ace/Preference.h>
-
-using namespace AceDB;
-
-Preference SettingsLogic::findGlobalUserSettings(
- const std::string &resource,
- WidgetHandle handler)
-{
- Preference p = AceDAO::getWidgetDevCapSetting(resource, handler);
- if (PreferenceTypes::PREFERENCE_DEFAULT == p) {
- return AceDAO::getDevCapSetting(resource);
- } else {
- return p;
- }
-}
-
-Preference SettingsLogic::findGlobalUserSettings(
- const Request &request)
-{
- Request::DeviceCapabilitySet devset = request.getDeviceCapabilitySet();
- Assert(!devset.empty() && "No device cap set in request");
- return findGlobalUserSettings(
- *(devset.begin()),
- request.getWidgetHandle());
-}
-
-Preference SettingsLogic::getDevCapSetting(const std::string &resource)
-{
- return AceDAO::getDevCapSetting(resource);
-}
-
-void SettingsLogic::getDevCapSettings(PreferenceMap *globalSettingsMap)
-{
- AceDAO::getDevCapSettings(globalSettingsMap); // NULL check inside
-}
-
-
-void SettingsLogic::setDevCapSetting(const std::string &resource,
- Preference preference)
-{
- if (resource.empty()) {
- LogInfo("WARNING: setting resource settings for empty resource name");
- }
-
- AceDAO::addResource(resource);
-
- if (preference == PreferenceTypes::PREFERENCE_DEFAULT) {
- return;
- }
-
- Assert((PreferenceTypes::PREFERENCE_PERMIT == preference ||
- PreferenceTypes::PREFERENCE_DENY == preference ||
- PreferenceTypes::PREFERENCE_BLANKET_PROMPT == preference ||
- PreferenceTypes::PREFERENCE_ONE_SHOT_PROMPT == preference ||
- PreferenceTypes::PREFERENCE_SESSION_PROMPT == preference));
-
- AceDAO::setDevCapSetting(resource,preference);
-}
-
-void SettingsLogic::setAllDevCapSettings(
- const std::list < std::pair < const std::string*,
- Preference > > &resourcesList)
-{
- std::list < std::pair < const std::string*,
- Preference > >::const_iterator iter;
- for (iter = resourcesList.begin(); iter != resourcesList.end(); ++iter) {
- SettingsLogic::setDevCapSetting(*(iter->first), iter->second);
- }
-}
-
-void SettingsLogic::removeDevCapSetting(const std::string &resource)
-{
- AceDAO::removeDevCapSetting(resource);
-}
-
-void SettingsLogic::updateDevCapSetting(const std::string &resource,
- Preference p)
-{
- if (PreferenceTypes::PREFERENCE_DEFAULT == p) {
- SettingsLogic::removeDevCapSetting(resource);
- } else {
- SettingsLogic::setDevCapSetting(resource, p);
- }
-}
-
-Preference SettingsLogic::getWidgetDevCapSetting(
- const std::string &resource,
- WidgetHandle handler)
-{
- return AceDAO::getWidgetDevCapSetting(resource, handler);
-}
-
-void SettingsLogic::getWidgetDevCapSettings(PermissionList *outputList)
-{
- AceDAO::getWidgetDevCapSettings(outputList); // NULL check inside
-}
-
-
-void SettingsLogic::setWidgetDevCapSetting(
- const std::string &resource,
- WidgetHandle handler,
- Preference preference)
-{
- if (resource.empty()) {
- LogError("Empty resource");
- return;
- }
-
- LogDebug("userSetting, resource: " << resource <<
- " app_id: " << handler);
-
- AceDAO::addResource(resource);
- SettingsLogic::removeWidgetDevCapSetting(resource, handler);
-
- if (PreferenceTypes::PREFERENCE_DEFAULT == preference) {
- return;
- }
-
- Assert((PreferenceTypes::PREFERENCE_PERMIT == preference ||
- PreferenceTypes::PREFERENCE_DENY == preference ||
- PreferenceTypes::PREFERENCE_BLANKET_PROMPT == preference ||
- PreferenceTypes::PREFERENCE_ONE_SHOT_PROMPT == preference ||
- PreferenceTypes::PREFERENCE_SESSION_PROMPT == preference));
-
- AceDAO::setWidgetDevCapSetting(resource, handler, preference);
-}
-
-
-void SettingsLogic::setWidgetDevCapSettings(const PermissionList &permissionsList)
-{
- FOREACH(i, permissionsList) {
- SettingsLogic::setWidgetDevCapSetting(i->devCap,
- i->appId,
- i->access);
- }
-}
-
-
-void SettingsLogic::removeWidgetDevCapSetting(const std::string &resource,
- WidgetHandle handler)
-{
- AceDAO::removeWidgetDevCapSetting(resource, handler);
-}
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-#include <dpl/log/log.h>
-#include <dpl/foreach.h>
-
-#include <ace/Subject.h>
-
-bool Subject::matchSubject(const AttributeSet *attrSet,
- bool &isUndetermined) const
-{
- bool result = true;
- Attribute::MatchResult match = Attribute::MatchResult::MRUndetermined;
-
- FOREACH(it, targetAttributes)
- {
- AttributeSet::const_iterator attr =
- std::find_if(attrSet->begin(),
- attrSet->end(),
- AceDB::BaseAttribute::UnaryPredicate(&(*it)));
- if (attr == attrSet->end()) {
- LogError("Cannot find attribute value for " << *(it->getName()));
- Assert(false &&
- "Attribute for subject hasn't been found."
- "It shoud not happen. This attribute should be undetermined,"
- "not missing");
- result = false; //According to BONDI 1.0 for signle subject all attributes must match
- isUndetermined = true;
- break;
- }
-
- match = it->matchAttributes(&(*(*attr)));
-
- if (match == Attribute::MatchResult::MRUndetermined) {
- result = false;
- isUndetermined = true;
- /// LogError("Subject doesn match and UNDETERMINED");
- break; //According to BONDI 1.0 for signle subject all attributes must match
- } else if (match == Attribute::MatchResult::MRFalse) {
- result = false;
- // LogError("Subject doesn match and DETERMINED");
- break; //According to BONDI 1.0 for signle subject all attributes must match
- }
- }
-
- return result;
-}
-
-const std::list<Attribute>& Subject::getTargetAttributes() const
-{
- return targetAttributes;
-}
-
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-#include <ace/TreeNode.h>
-#include <dpl/assert.h>
-#include <dpl/log/log.h>
-
-//Tree node destructor is a tricky part, only the original tree should remove the elements
-//release resources should be called when we want to destroy the whole tree
-TreeNode::~TreeNode()
-{
-}
-
-//TODO release resources is releaseTheSubtree and delete the element
-void TreeNode::releaseResources()
-{
- Assert(this != 0);
- delete element;
- std::list<TreeNode*>::iterator it = this->children.begin();
- while (it != children.end()) {
- (*it)->releaseResources();
- ++it;
- }
- delete this;
-}
-
-int TreeNode::level = 0;
-
-std::ostream & operator<<(std::ostream & out,
- const TreeNode * node)
-{
- std::string tmp;
-
- switch (node->getTypeID()) {
- case TreeNode::Policy:
- tmp = "Policy";
- break;
- case TreeNode::PolicySet:
- tmp = "PolicySet";
- break;
- case TreeNode::Rule:
- tmp = "Rule";
- break;
- default:
- break;
- }
-
- out << "" << tmp << "-> children count: " << node->children.size() <<
- ": " << std::endl;
- AbstractTreeElement * el = node->getElement();
- if (el != NULL) {
- el->printData();
- } else {
- std::cout << "Empty element!" << std::endl;
- }
-
- return out;
-}
-
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-#include <memory>
-#include <functional>
-#include <string.h>
-#include <stdarg.h>
-#include <dpl/log/log.h>
-
-#include <ace/parser.h>
-#include <string.h>
-
-namespace {
-
-class ParserWarningLogger
-{
- public:
- void operator()(const std::string& logMsg)
- {
- LogWarning(logMsg);
- }
-};
-
-class ParserErrorLogger
-{
- public:
- void operator()(const std::string& logMsg)
- {
- LogError(logMsg);
- }
-};
-
-template <class Logger>
-void xmlLogFunction(void* /*ctx*/, const char *msg, ...)
-{
- const int BUFFER_SIZE = 1024;
- char buffer[BUFFER_SIZE];
- buffer[BUFFER_SIZE - 1] = '\0';
- Logger l;
-
- va_list va;
- va_start(va, msg);
- vsnprintf(buffer, BUFFER_SIZE - 1, msg, va);
- va_end(va);
-
- std::string logmsg(buffer);
- l(logmsg);
-}
-
-}
-
-const char *Parser::TOKEN_PARAM = "param:";
-
-Parser::Parser() :
- ruleId(0),
- reader(NULL),
- root(NULL),
- currentRoot(NULL),
- currentSubject(NULL),
- currentCondition(NULL),
- currentAttribute(NULL),
- currentText(NULL),
- processingSignature(false),
- canonicalizeOnce(false)
-{
- processingSignature = true;
- canonicalizeOnce = true;
-}
-
-Parser::~Parser()
-{
- /* parse function destroys reader */
- // free(this->xmlFilename);
-}
-
-TreeNode* Parser::parse(const std::string& filename, const std::string& schema)
-{
- if(root != NULL) {
- root->releaseResources();
- root = NULL;
- }
-
- LogDebug("Parser: opening file " << filename);
-
- xmlDocPtr xmlDocument = xmlParseFile(filename.c_str());
- if (!xmlDocument) {
- LogError("Couldn't parse file " << filename);
- return root;
- }
-
- std::unique_ptr <xmlDoc, std::function<void(xmlDoc*)> >
- doc(xmlDocument, xmlFreeDoc);
-
- xmlSchemaParserCtxtPtr xmlSchemaParserContext =
- xmlSchemaNewParserCtxt(schema.c_str());
-
- if (!xmlSchemaParserContext) {
- LogError("Couldn't load xml schema: " << schema);
- return root;
- }
-
- std::unique_ptr <
- xmlSchemaParserCtxt,
- std::function<void(xmlSchemaParserCtxt*)> >
- schemaContext(
- xmlSchemaParserContext,
- xmlSchemaFreeParserCtxt);
-
- LogDebug("Setting callbacks");
-
- xmlSchemaSetParserErrors(
- schemaContext.get(),
- static_cast<xmlValidityErrorFunc>
- (&xmlLogFunction<ParserErrorLogger>),
- static_cast<xmlValidityWarningFunc>
- (&xmlLogFunction<ParserWarningLogger>),
- NULL);
-
- xmlSchemaPtr xmlSchema = xmlSchemaParse(schemaContext.get());
-
- if (!xmlSchema) {
- LogError("Couldn't parse xml schema: " << xmlSchema);
- return root;
- }
-
- xmlSchemaValidCtxtPtr xmlValidContext = xmlSchemaNewValidCtxt(xmlSchema);
-
- if (!xmlValidContext) {
- LogError("Couldn't create validation context!");
- return root;
- }
-
- std::unique_ptr <
- xmlSchemaValidCtxt,
- std::function<void(xmlSchemaValidCtxt*)> >
- schemaValidContext(
- xmlValidContext,
- xmlSchemaFreeValidCtxt);
-
- xmlSchemaSetValidErrors(
- schemaValidContext.get(),
- static_cast<xmlValidityErrorFunc>
- (&xmlLogFunction<ParserErrorLogger>),
- static_cast<xmlValidityWarningFunc>
- (&xmlLogFunction<ParserWarningLogger>),
- NULL);
-
- xmlSchemaSetValidOptions(
- schemaValidContext.get(),
- XML_SCHEMA_VAL_VC_I_CREATE);
-
- bool result =
- (xmlSchemaValidateDoc(
- schemaValidContext.get(),
- xmlDocument) == 0 ? true : false);
-
- if (!result) {
- LogError("Couldn't validate policy file: " << filename <<
- " against xml schema: " << schema);
-
- return root;
- }
-
- LogInfo("Policy file: " << filename << " validated!");
-
- xmlTextReaderPtr xmlReader = xmlReaderWalker(xmlDocument);
-
- //[CR] consider using ASSERT/DASSERT
- if (NULL == xmlReader) {
- LogError("Error, xml reader cannot be created. Probably xml file is missing (opening file " << filename << ")");
- return root;
- }
-
- std::unique_ptr <xmlTextReader, std::function<void(xmlTextReader*)> >
- reader(xmlReader, xmlFreeTextReader);
-
- int ret;
- ret = xmlTextReaderRead(reader.get());
- while (ret == 1) {
- std::unique_ptr<xmlChar, std::function<void(xmlChar*)> >
- name(xmlTextReaderName(reader.get()), xmlFree);
-
- if (!strcmp("policy-set", (const char *)name.get())) {
- processingSignature = false;
- } else if (!strcmp("SignedInfo",
- (const char *)name.get()) && canonicalizeOnce) {
- #if 0 //TODO I think we don't need canonicalization in ACE only in PM,
- //we have to verify it tough
- extractNodeToFile(reader, "output.xml");
- //TODO we should be able to handle more than one canonicalization algorithm
- canonicalize("output.xml", "canon.xml", Canonicalization::C14N);
- canonicalizeOnce = false;
- #endif
- }
- //Do not process signature of xml file
- if(!processingSignature) {
- processNode(reader.get());
- }
- ret = xmlTextReaderRead(reader.get());
- }
-
- if (ret != 0) {
- LogError("Error while parsing XML file");
- if (root) {
- root->releaseResources();
- root = NULL;
- }
- }
-
- return root;
-}
-
-void Parser::processNode(xmlTextReaderPtr reader)
-{
- //TODO this is interesting, xmlTextReaderNodeType returns int but I am pretty sure
- //those integers coresponds to xmlReaderTypes
- xmlReaderTypes type =
- static_cast<xmlReaderTypes>(xmlTextReaderNodeType(reader));
-
- switch (type) {
- //Start element
- case XML_READER_TYPE_ELEMENT:
- startNodeHandler(reader);
- break;
- //End element
- case XML_READER_TYPE_END_ELEMENT:
- endNodeHandler(reader);
- break;
- //Text element
- case XML_READER_TYPE_TEXT:
- textNodeHandler(reader);
- break;
- default:
- //Do not handle other xml tags
- break;
- }
-}
-
-void Parser::startNodeHandler(xmlTextReaderPtr reader)
-{
- xmlChar *name = xmlTextReaderName(reader);
-
- switch (*name) {
- case 'p': //policy and policy-set
- if (*(name + 6) == 0) {
- handlePolicy(reader, TreeNode::Policy);
- } else {
- handlePolicy(reader, TreeNode::PolicySet);
- }
- break;
- case 'r': //rule and resource-match
- if (*(name + 1) == 'u') {
- handleRule(reader);
- } else if (*(name + 9) == 'm') {
- handleMatch(reader, Attribute::Type::Resource);
- } else {
- handleAttr(reader);
- }
- break;
- case 's': //subject and subject-match
- if (*(name + 7) == 0) {
- handleSubject();
- } else if (*(name + 8) == 'm') { //subject match
- handleSubjectMatch(reader);
- } else { //subject attr
- handleAttr(reader);
- }
- break;
- case 'c': //condition
- handleCondition(reader);
- break;
- case 'e': //environment-match
- if (*(name + 12) == 'm') {
- handleMatch(reader, Attribute::Type::Environment);
- } else { //env-attr
- handleAttr(reader);
- }
- break;
- }
- xmlFree(name);
-}
-
-void Parser::endNodeHandler(xmlTextReaderPtr reader)
-{
- xmlChar *name = xmlTextReaderName(reader);
-
- switch (*name) {
- case 'p': //policy and policy-set
- //Restore old root
- currentRoot = currentRoot->getParent();
- break;
- case 'r': //Rule and resource match
- if (*(name + 1) == 'u') { //Rule
- currentRoot = currentRoot->getParent();
- } else { //Resource-match
- consumeCurrentText(); //consume text if any available
- consumeCurrentAttribute(); //consume attribute
- }
- break;
- case 's': //subject and subject-match
- if (*(name + 7) == 0) { //handle subject
- consumeCurrentSubject();
- } else if (*(name + 8) == 'm') { //handle subject match
- consumeCurrentText();
- consumeSubjectMatch();
- }
- //Subject-match end doesn't require handling
- break;
- case 'c': //condition
- consumeCurrentCondition();
- break;
- case 'e': //environment-match
- consumeCurrentText(); //consume text if any available
- consumeCurrentAttribute(); //consume attribute
- break;
- }
- xmlFree(name);
-}
-
-void Parser::textNodeHandler(xmlTextReaderPtr reader)
-{
- delete currentText;
- xmlChar * text = xmlTextReaderValue(reader);
- Assert(text != NULL && "Parser couldn't parse PCDATA");
-
- currentText = new std::string(reinterpret_cast<const char * >(text));
- trim(currentText);
- xmlFree(text);
-}
-
-void Parser::handlePolicy(xmlTextReaderPtr reader,
- TreeNode::TypeID type)
-{
- Policy::CombineAlgorithm algorithm;
-
- //Get first attribute
- xmlChar * combAlg = xmlTextReaderGetAttribute(reader, BAD_CAST("combine"));
-
- Assert(combAlg != NULL && "Parser error while getting attributes");
- algorithm = convertToCombineAlgorithm(combAlg);
-
- //Create TreeNode element
- Policy * policy = NULL;
- if (type == TreeNode::Policy) {
- policy = new Policy();
- } else {
- policy = new PolicySet();
- }
- policy->setCombineAlgorithm(algorithm);
- TreeNode * node = new TreeNode(currentRoot, type, policy);
- //Add new tree node to current's root children set
- if (currentRoot != NULL) {
- currentRoot->addChild(node);
- }
-
- //Switch the current root to the new node
- if (!xmlTextReaderIsEmptyElement(reader)) {
- //Current root switching is necessary only if tag is not empty
- currentRoot = node;
- }
- if (root == NULL) {
- root = currentRoot;
- }
-
- if (NULL == currentRoot) {
- node->releaseResources();
- }
-
- xmlFree(combAlg);
-}
-
-void Parser::handleRule(xmlTextReaderPtr reader)
-{
- ExtendedEffect effect(Inapplicable);
-
- //[CR] create macros for attribute names
- xmlChar * eff = xmlTextReaderGetAttribute(reader, BAD_CAST("effect")); //get the rule attribute
-
- Assert(eff != NULL && "Parser error while getting attributes");
- effect = convertToEffect(eff);
-
- Rule * rule = NULL;
- rule = new Rule();
- rule->setEffect(effect);
-
- TreeNode * node = new TreeNode(currentRoot, TreeNode::Rule, rule);
- //Add new tree node to current's root children set
- if (currentRoot != NULL) { //
- currentRoot->addChild(node);
- }
-
- if (!xmlTextReaderIsEmptyElement(reader)) {
- currentRoot = node;
- }
-
- if (NULL == currentRoot) {
- node->releaseResources();
- }
-
- xmlFree(eff);
-}
-
-void Parser::handleSubject()
-{
- currentSubject = new Subject();
- //TODO what about empty subject tag
-}
-
-void Parser::handleCondition(xmlTextReaderPtr reader)
-{
- Condition::CombineType combineType = Condition::AND;
-
- xmlChar * combine = xmlTextReaderGetAttribute(reader, BAD_CAST("combine")); //get the rule attribute
-
- Assert(combine != NULL && "Parser error while getting attributes");
-
- combineType = *combine == 'a' ? Condition::AND : Condition::OR;
-
- Condition * condition = new Condition();
- condition->setCombineType(combineType);
- condition->setParent(currentCondition);
-
- currentCondition = condition;
- //TODO what about empty condition tag?
-}
-
-//Subject match is handled differently than resource or environment match
-//Because it cannot have any children tags and can only include PCDATA
-void Parser::handleSubjectMatch(xmlTextReaderPtr reader)
-{
- //processing Subject
- int attributes = xmlTextReaderAttributeCount(reader);
-
- xmlChar * func = NULL;
- xmlChar * value = NULL;
- xmlChar * attrName = xmlTextReaderGetAttribute(reader, BAD_CAST("attr")); //get the first attribute
-
- if (attributes == 2) {
- //match attribute ommited, text value will be used
- func = xmlTextReaderGetAttribute(reader, BAD_CAST("func"));
- } else if (attributes == 3) {
- value = xmlTextReaderGetAttribute(reader, BAD_CAST("match"));
- func = xmlTextReaderGetAttribute(reader, BAD_CAST("func"));
- } else {
- Assert(false && "Wrong XML file format");
- }
-
- // creating temporiary object is not good idea
- // but we have no choice untill Attribute have constructor taking std::string*
- std::string temp(reinterpret_cast<const char *>(attrName));
- Attribute * attr = new Attribute(&temp, convertToMatchFunction(
- func), Attribute::Type::Subject);
- if (value != NULL) { //add value of the attribute if possible
- //[CR] consider create Attribute::addValue(char *) function
- std::string temp(reinterpret_cast<const char *>(value));
- attr->addValue(&temp);
- }
- currentAttribute = attr;
-
- if (xmlTextReaderIsEmptyElement(reader)) {
- Assert(value != NULL && "XML file format is wrong");
- //Attribute value is required to obtain the match value easier
- consumeSubjectMatch(value);
- }
-
- if (attributes == 2 || attributes == 3) {
- xmlFree(func);
- }
- xmlFree(value);
- xmlFree(attrName);
-}
-
-void Parser::handleMatch(xmlTextReaderPtr reader,
- Attribute::Type type)
-{
- int attributes = xmlTextReaderAttributeCount(reader);
-
- xmlChar * func = NULL;
- xmlChar * value = NULL;
- xmlChar * attrName = xmlTextReaderGetAttribute(reader, BAD_CAST("attr")); //get the first attribute
-
- if (attributes == 2) {
- //match attribute ommited, text value will be used
- func = xmlTextReaderGetAttribute(reader, BAD_CAST("func"));
- //the content may be resource-attr or PCDATA
- } else if (attributes == 3) {
- value = xmlTextReaderGetAttribute(reader, BAD_CAST("match"));
- func = xmlTextReaderGetAttribute(reader, BAD_CAST("func"));
- } else {
- Assert(false && "Wrong XML file format");
- }
-
- // FunctionParam type is sybtype of Resource.
- // FunctionParam is used to storage attriburess of call functions.
- if (0 ==
- xmlStrncmp(attrName, BAD_CAST(TOKEN_PARAM),
- xmlStrlen(BAD_CAST(TOKEN_PARAM))) && type ==
- Attribute::Type::Resource) {
- type = Attribute::Type::FunctionParam;
- }
-
- std::string temp(reinterpret_cast<const char*>(attrName));
- Attribute * attr = new Attribute(&temp, convertToMatchFunction(func), type);
- currentAttribute = attr;
-
- if (xmlTextReaderIsEmptyElement(reader)) {
- Assert(value != NULL && "XML is currupted");
- std::string tempVal(reinterpret_cast<const char*>(value));
- currentAttribute->addValue(&tempVal);
- consumeCurrentAttribute();
- }
-
- if (attributes == 2 || attributes == 3) {
- xmlFree(func);
- }
- xmlFree(value);
- xmlFree(attrName);
-}
-
-Policy::CombineAlgorithm Parser::convertToCombineAlgorithm(xmlChar* algorithm)
-{
- switch (*algorithm) {
- case 'f':
- if (*(algorithm + 6) == 'a') { //first applicable
- return Policy::FirstApplicable;
- }
- return Policy::FirstTargetMatching;
- case 'd':
- return Policy::DenyOverride;
- case 'p':
- return Policy::PermitOverride;
- default:
- Assert(false && "Wrong combine algorithm name");
- return Policy::DenyOverride;
- }
-}
-
-ExtendedEffect Parser::convertToEffect(xmlChar *effect)
-{
- switch (*effect) {
- case 'd': //deny
- return Deny;
- break;
- case 'p':
- //permit, prompt-blanket, prompt-session, prompt-oneshot
- if (*(effect + 1) == 'e') {
- return ExtendedEffect(Permit, ruleId++);
- }
- switch (*(effect + 7)) {
- case 'b':
- return ExtendedEffect(PromptBlanket, ruleId++);
- case 's':
- return ExtendedEffect(PromptSession, ruleId++);
- case 'o':
- return ExtendedEffect(PromptOneShot, ruleId++);
- default:
- Assert(false && "Effect is Error");
- return ExtendedEffect();
- }
- break;
- default:
- Assert(false && "Effect is Error");
- return ExtendedEffect();
- }
- //return ExtendedEffect(Inapplicable); //unreachable statement
-}
-
-Attribute::Match Parser::convertToMatchFunction(xmlChar * func)
-{
- if (func == NULL) {
- LogError("[ERROR] match function value is NULL");
- return Attribute::Match::Error;
- }
-
- if (*func == 'g') {
- return Attribute::Match::Glob;
- } else if (*func == 'e') {
- return Attribute::Match::Equal;
- } else if (*func == 'r') {
- return Attribute::Match::Regexp;
- } else {
- LogError("[ERROR] match function value is NULL");
- return Attribute::Match::Error;
- }
-}
-
-void Parser::handleAttr(xmlTextReaderPtr reader)
-{
- xmlChar * attrValue = xmlTextReaderGetAttribute(reader, BAD_CAST("attr")); //get the first attribute
- Assert(attrValue != NULL && "Error while obtaining attribute");
-
- std::string temp(reinterpret_cast<const char*>(attrValue));
- currentAttribute->addValue(&temp);
-
- xmlFree(attrValue);
-}
-
-void Parser::consumeCurrentText()
-{
- Assert(currentText != NULL);
- currentAttribute->addValue(currentText);
- delete currentText;
-
- currentText = NULL;
-}
-
-void Parser::consumeCurrentAttribute()
-{
- Assert(currentAttribute != NULL);
-
- currentCondition->addAttribute(*currentAttribute);
- delete currentAttribute;
-
- currentAttribute = NULL;
-}
-
-void Parser::consumeCurrentSubject()
-{
- Policy * policy = dynamic_cast<Policy *>(currentRoot->getElement());
- Assert(policy != NULL);
- policy->addSubject(currentSubject);
- //TODO maybe keep subjects not subject pointers in Policies and consume subjects here
- currentSubject = NULL;
-}
-
-void Parser::consumeCurrentCondition()
-{
- Condition * temp = NULL;
- if (currentCondition != NULL) {
- if (currentCondition->getParent() != NULL) { //Condition is a child of another condition
- currentCondition->getParent()->addCondition(*currentCondition);
- } else { //Condition parent is a Rule
- Rule * rule = dynamic_cast<Rule *>(currentRoot->getElement());
- Assert(rule != NULL);
- rule->setCondition(*currentCondition);
- }
- temp = currentCondition->getParent();
- delete currentCondition;
- }
- currentCondition = temp; //switch current condition ( it may be switched to NULL if condition's parent was rule
-}
-
-void Parser::consumeSubjectMatch(xmlChar * value)
-{
- Assert(
- currentAttribute != NULL &&
- "consuming subject match without attribute set");
-
- if (currentSubject != NULL) {
- currentSubject->addNewAttribute(*currentAttribute);
- //[CR] matching/modyfing functions transform uri.host to uri ( etc. ) so strncmp is not needed, string equality will do
- if (!strncmp(currentAttribute->getName()->c_str(), "uri",
- 3) ||
- !strncmp(currentAttribute->getName()->c_str(), "id", 2)) {
- if (value != NULL) {
- currentSubject->setSubjectId(reinterpret_cast<const char *>(
- value));
- } else if (currentAttribute->getValue()->size()) {
- currentSubject->setSubjectId(
- currentAttribute->getValue()->front());
- } else {
- Assert(false);
- }
- }
- } else if (currentCondition != NULL) {
- currentCondition->addAttribute(*currentAttribute);
- }
-
- delete currentAttribute;
- currentAttribute = NULL;
-}
-
-void Parser::trim(std::string * str)
-{
- std::string::size_type pos = str->find_last_not_of(whitespaces);
- if (pos != std::string::npos) {
- str->erase(pos + 1);
- pos = str->find_first_not_of(whitespaces);
- if (pos != std::string::npos) {
- str->erase(0, pos);
- }
- } else {
- str->erase(str->begin(), str->end());
- LogInfo("Warning, empty string as attribute value");
- }
-}
-
-// KW void Parser::canonicalize(const char * input, const char * output, CanonicalizationAlgorithm canonicalizationAlgorithm){
-// KW
-// KW xmlDocPtr doc = xmlParseFile(input);
-// KW //xmlDocDump(stdout, doc);
-// KW
-// KW if(doc == NULL)
-// KW {
-// KW LogError("Canonicalization error, cannot parser xml file");
-// KW }
-// KW
-// KW
-// KW int mode = -1;
-// KW if(canonicalizationAlgorithm == C14N)
-// KW {
-// KW mode = 0;
-// KW }
-// KW else if(canonicalizationAlgorithm == C14NEXCLUSIVE)
-// KW {
-// KW mode = 1;
-// KW }
-// KW
-// KW
-// KW xmlC14NDocSave(doc, NULL, mode, NULL, 0, output, 0);
-// KW
-// KW xmlFreeDoc(doc);
-// KW
-// KW }
-
-// KW int Parser::extractNodeToFile(xmlTextReaderPtr reader, const char * filename){
-// KW
-// KW xmlNodePtr node = xmlTextReaderExpand(reader);
-// KW xmlBufferPtr buff = xmlBufferCreate();
-// KW xmlNodeDump(buff, node->doc, node, 0, 0);
-// KW FILE * file = fopen(filename, "w");
-// KW if(file == NULL){
-// KW LogError("Error while trying to open file "<<filename);
-// KW return -1;
-// KW }
-// KW int ret = xmlBufferDump(file, buff);
-// KW fclose(file);
-// KW xmlBufferFree(buff);
-// KW return ret;
-// KW
-// KW }
-
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/**
- *
- *
- * @file AceDAOConversions.h
- * @author Grzegorz Krawczyk (g.krawczyk@samsung.com)
- * @version 0.1
- * @brief
- */
-
-#ifndef WRT_ACE_DAO_CONVERSIONS_H_
-#define WRT_ACE_DAO_CONVERSIONS_H_
-
-#include <dpl/string.h>
-#include <ace-dao-ro/BaseAttribute.h>
-
-namespace AceDB {
-namespace AceDaoConversions {
-
-DPL::String convertToHash(const BaseAttributeSet &attributes);
-
-}
-}
-
-#endif
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/**
- *
- *
- * @file AceDAOReadOnly.h
- * @author Krzysztof Jackiewicz (k.jackiewicz@samsung.com)
- * @author Grzegorz Krawczyk (g.krawczyk@samsung.com)
- * @version 0.1
- * @brief
- */
-
-#ifndef ACE_DAO_READ_ONLY_H_
-#define ACE_DAO_READ_ONLY_H_
-
-#include <map>
-
-#include <openssl/md5.h>
-#include <dpl/string.h>
-#include <dpl/exception.h>
-#include <ace-dao-ro/PreferenceTypes.h>
-#include <ace-dao-ro/BaseAttribute.h>
-#include <ace-dao-ro/BasePermission.h>
-#include <ace-dao-ro/AppTypes.h>
-#include <ace-dao-ro/IRequest.h>
-#include <ace/PolicyEffect.h>
-#include <ace/PolicyResult.h>
-#include <ace/PromptDecision.h>
-#include <ace-dao-ro/common_dao_types.h>
-
-namespace AceDB {
-
-typedef std::map<DPL::String, bool> RequestedDevCapsMap;
-typedef DPL::String FeatureName;
-typedef std::vector<FeatureName> FeatureNameVector;
-
-class AceDAOReadOnly
-{
- public:
- class Exception
- {
- public:
- DECLARE_EXCEPTION_TYPE(DPL::Exception, Base)
- DECLARE_EXCEPTION_TYPE(Base, DatabaseError)
- };
-
- AceDAOReadOnly() {}
-
- static void attachToThreadRO(void);
- static void attachToThreadRW(void);
- static void detachFromThread(void);
-
- // policy effect/decision
- static OptionalExtendedPolicyResult getPolicyResult(
- const BaseAttributeSet &attributes);
-
- static OptionalExtendedPolicyResult getPolicyResult(
- const DPL::String &attrHash);
-
- static OptionalCachedPromptDecision getPromptDecision(
- WidgetHandle widgetHandle,
- int ruleId);
-
- // resource settings
- static PreferenceTypes getDevCapSetting(const std::string &resource);
- static void getDevCapSettings(PreferenceTypesMap *preferences);
-
- // user settings
- static void getWidgetDevCapSettings(BasePermissionList *permissions);
- static PreferenceTypes getWidgetDevCapSetting(
- const std::string &resource,
- WidgetHandle handler);
-
- static void getAttributes(BaseAttributeSet *attributes);
-
- // Getter for device capabilities that are requested in widgets config.
- //
- // Additional boolean flag means whether widget will always get
- // (at launch) the SMACK permissions needed to use the device cap).
- //
- // 'permissions' is the map of device cap names and smack status for
- // given widget handle.
- static void getRequestedDevCaps(
- WidgetHandle widgetHandle,
- RequestedDevCapsMap *permissions);
-
- static void getAcceptedFeature(
- WidgetHandle widgetHandle,
- FeatureNameVector *featureVector);
-
- static WidgetHandleList getHandleList();
-
- static AppTypes getWidgetType(WidgetHandle handle);
- static std::string getVersion(WidgetHandle widgetHandle);
- static std::string getAuthorName(WidgetHandle widgetHandle);
- static std::string getGUID(WidgetHandle widgetHandle);
-
- static WidgetCertificateCNList getKeyCommonNameList(
- WidgetHandle widgetHandle,
- WidgetCertificateData::Owner owner,
- WidgetCertificateData::Type type);
- static FingerPrintList getKeyFingerprints(
- WidgetHandle widgetHandle,
- WidgetCertificateData::Owner owner,
- WidgetCertificateData::Type type);
-
- static std::string getShareHref(WidgetHandle widgetHandle);
- static bool isWidgetInstalled(WidgetHandle handle);
-
- protected:
- static int promptDecisionToInt(PromptDecision decision);
- static PromptDecision intToPromptDecision(int decision);
- static int appTypeToInt(AppTypes app_type);
- static AppTypes intToAppType(int app_type);
-};
-
-}
-
-#endif
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/**
- *
- *
- * @file AceDAOUtil.h
- * @author Grzegorz Krawczyk (g.krawczyk@samsung.com)
- * @version 0.1
- * @brief
- */
-
-#ifndef WRT_ACE_DAO_UTILITIES_H_
-#define WRT_ACE_DAO_UTILITIES_H_
-
-#include <dpl/db/thread_database_support.h>
-#include <ace-dao-ro/BaseAttribute.h>
-#include <ace-dao-ro/PreferenceTypes.h>
-#include <ace-dao-ro/VerdictTypes.h>
-#include <orm_generator_ace.h>
-
-namespace AceDB {
-
-namespace AceDaoUtilities {
-
-BaseAttribute::Type intToAttributeType(int val);
-int attributeTypeToInt(BaseAttribute::Type type);
-int preferenceToInt(PreferenceTypes p);
-PreferenceTypes intToPreference(int p);
-VerdictTypes intToVerdict(int v);
-int verdictToInt(VerdictTypes v);
-bool getSubjectByUri(const std::string &uri,
- DPL::DB::ORM::ace::AceSubject::Row &row);
-bool getResourceByUri(const std::string &uri,
- DPL::DB::ORM::ace::AceDevCap::Row &row);
-
-extern DPL::DB::ThreadDatabaseSupport m_databaseInterface;
-
-}
-
-}
-
-#endif
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file AceDatabase.h
- * @author Lukasz Marek (l.marek@samsung.com)
- * @version 1.0
- * @brief This file contains the declaration of ace database
- */
-
-#ifndef WRT_ENGINE_SRC_ACCESS_CONTROL_ACE_DATABASE_H
-#define WRT_ENGINE_SRC_ACCESS_CONTROL_ACE_DATABASE_H
-
-#include <dpl/thread.h>
-#include <dpl/mutex.h>
-
-extern DPL::Mutex g_aceDbQueriesMutex;
-
-#define ACE_DB_INTERNAL(tlsCommand, InternalType, interface) \
- static DPL::ThreadLocalVariable<InternalType> *tlsCommand ## Ptr = NULL; \
- { \
- DPL::Mutex::ScopedLock lock(&g_aceDbQueriesMutex); \
- if (!tlsCommand ## Ptr) { \
- static DPL::ThreadLocalVariable<InternalType> tmp; \
- tlsCommand ## Ptr = &tmp; \
- } \
- } \
- DPL::ThreadLocalVariable<InternalType> &tlsCommand = *tlsCommand ## Ptr; \
- if (tlsCommand.IsNull()) { tlsCommand = InternalType(interface); }
-
-#define ACE_DB_SELECT(name, type, interface) \
- ACE_DB_INTERNAL(name, type::Select, interface)
-
-#define ACE_DB_INSERT(name, type, interface) \
- ACE_DB_INTERNAL(name, type::Insert, interface)
-
-#define ACE_DB_UPDATE(name, type, interface) \
- ACE_DB_INTERNAL(name, type::Update, interface)
-
-#define ACE_DB_DELETE(name, type, interface) \
- ACE_DB_INTERNAL(name, type::Delete, interface)
-
-
-#endif // WRT_ENGINE_SRC_ACCESS_CONTROL_ACE_DATABASE_H
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/**
- *
- *
- * @file AppTypes.h
- * @author Tomasz Swierczek (t.swierczek@samsung.com)
- */
-
-#ifndef ACCESS_CONTROL_DAO_APPTYPES_H_
-#define ACCESS_CONTROL_DAO_APPTYPES_H_
-
-namespace AceDB{
-
-enum class AppTypes
-{
- Unknown,
- WAC20,
- Tizen
-};
-
-}
-
-#endif // ACCESS_CONTROL_DAO_APPTYPES_H_
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/**
- *
- *
- * @file IAttribute.h
- * @author Grzegorz Krawczyk (g.krawczyk@samsung.com)
- * @version 0.1
- * @brief
- */
-
-#ifndef ACCESS_CONTROL_DAO_BASEATTRIBUTE_H_
-#define ACCESS_CONTROL_DAO_BASEATTRIBUTE_H_
-
-#include <list>
-#include <set>
-#include <string>
-#include <dpl/shared_ptr.h>
-#include <dpl/assert.h>
-
-namespace AceDB {
-
-class BaseAttribute;
-typedef DPL::SharedPtr<BaseAttribute> BaseAttributePtr;
-
-class BaseAttribute
-{
-
- public:
- /**
- * Types of attributes
- */
- enum class Type { Subject, Environment, Resource, FunctionParam,
- WidgetParam, Undefined };
-
- struct UnaryPredicate
- {
- public:
- UnaryPredicate(const AceDB::BaseAttribute *comp = NULL) :
- m_priv(comp)
- {
- }
-
- bool operator()(const AceDB::BaseAttributePtr &comp)
- {
- Assert(m_priv != NULL);
- if (m_priv->getName()->compare(*comp->getName()) != 0) {
- return false;
- }
- return m_priv->getType() == comp->getType();
- }
-
- bool operator()(const AceDB::BaseAttributePtr &comp1,
- const AceDB::BaseAttributePtr &comp2)
- {
- if (comp1->getType() != comp2->getType()) {
- return comp1->getType() < comp2->getType();
- }
- return comp1->getName()->compare(*comp2->getName()) < 0;
- }
-
- private:
- const AceDB::BaseAttribute *m_priv;
- };
-
- public:
- BaseAttribute() :
- m_typeId(Type::Undefined),
- m_undetermindState(false)
- {}
-
- virtual void setName(const std::string& name)
- {
- m_name = name;
- }
- virtual void setName(const std::string* name)
- {
- m_name = *name;
- }
-
- virtual void setType(const Type& type)
- {
- m_typeId = type;
- }
- virtual Type getType() const
- {
- return m_typeId;
- }
-
- virtual const std::string* getName() const
- {
- return &m_name;
- }
-
- //TODO think
- virtual void setUndetermind(bool tmp)
- {
- m_undetermindState = tmp;
- }
- virtual bool isUndetermind() const
- {
- return m_undetermindState;
- }
- virtual std::list<std::string> * getValue() const
- {
- return const_cast<std::list<std::string>* >(&value);
- }
- virtual bool isValueEmpty() const
- {
- return value.empty();
- }
-
- virtual void setValue(const std::list<std::string>& arg)
- {
- value = arg;
- }
-
- virtual ~BaseAttribute()
- {
- }
-
- static const char * typeToString(Type type);
-
- virtual std::string toString() const;
-
- protected:
- std::string m_name;
- Type m_typeId;
- bool m_undetermindState;
- std::list<std::string> value; //string bag list
-};
-
-typedef std::set<BaseAttributePtr, BaseAttribute::UnaryPredicate> BaseAttributeSet;
-
-}
-
-#endif
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/**
- *
- *
- * @file IPermission.h
- * @author Grzegorz Krawczyk (g.krawczyk@samsung.com)
- * @version 0.1
- * @brief
- */
-
-#ifndef ACCESS_CONTROL_DAO_BASEPERMISSION_H_
-#define ACCESS_CONTROL_DAO_BASEPERMISSION_H_
-
-#include <ace-dao-ro/PreferenceTypes.h>
-#include <ace-dao-ro/common_dao_types.h>
-
-namespace AceDB{
-
-struct BasePermission
-{
- BasePermission(WidgetHandle handler,
- const std::string& devCap,
- PreferenceTypes accessAllowed) :
- appId(handler),
- devCap(devCap),
- access(accessAllowed)
- {
- }
-
- WidgetHandle appId;
- std::string devCap;
- PreferenceTypes access;
-};
-
-typedef std::list<BasePermission> BasePermissionList;
-
-}
-
-#endif
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/**
- *
- *
- * @file IRequest.h
- * @author Grzegorz Krawczyk (g.krawczyk@samsung.com)
- * @version 0.1
- * @brief
- */
-
-#ifndef ACCESS_CONTROL_DAO_IREQUEST_H_
-#define ACCESS_CONTROL_DAO_IREQUEST_H_
-
-namespace AceDB{
-
-class IRequest
-{
-public:
- virtual ~IRequest(){}
-};
-
-}
-
-#endif
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/**
- *
- *
- * @file PreferenceTypes.h
- * @author Grzegorz Krawczyk (g.krawczyk@samsung.com)
- * @version 0.1
- * @brief
- */
-
-#ifndef ACCESS_CONTROL_DAO_PREFERENCETYPES_H_
-#define ACCESS_CONTROL_DAO_PREFERENCETYPES_H_
-
-#include <map>
-#include <string>
-
-namespace AceDB{
-
-enum class PreferenceTypes
-{
- PREFERENCE_PERMIT,
- PREFERENCE_DENY,
- PREFERENCE_DEFAULT,
- PREFERENCE_BLANKET_PROMPT,
- PREFERENCE_SESSION_PROMPT,
- PREFERENCE_ONE_SHOT_PROMPT
-};
-
-
-typedef std::map<std::string, PreferenceTypes> PreferenceTypesMap;
-
-}
-
-#endif
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/* @file PromptModel.h
- * @author Justyna Mejzner (j.kwiatkowsk@samsung.com)
- * @author Jaroslaw Osmanski (j.osmanski@samsung.com)
- * @version 1.0
- *
- */
-
-#ifndef WRT_SRC_ACCESSCONTROL_ENGINE_PROMPT_MODEL_H_
-#define WRT_SRC_ACCESSCONTROL_ENGINE_PROMPT_MODEL_H_
-
-#include <memory>
-#include <string>
-#include <vector>
-
-#include <dpl/optional_typedefs.h>
-
-namespace Prompt {
-typedef std::vector<std::string> ButtonLabels;
-
-class PromptLabels
-{
-public:
- PromptLabels(int promptType,
- const Prompt::ButtonLabels& questionLabel,
- const std::string& mainLabel);
- DPL::OptionalString getCheckLabel() const;
- bool isAllowed(const size_t buttonNumber) const;
- int getPromptType() const;
- const ButtonLabels& getButtonLabels() const;
- const std::string& getMainLabel() const;
-
-private:
- int m_promptType;
- ButtonLabels m_buttonLabels;
- std::string m_mainLabel;
-};
-
-typedef std::unique_ptr<PromptLabels> PromptLabelsPtr;
-
-enum Validity
-{
- ONCE,
- SESSION,
- ALWAYS
-};
-
-class PromptAnswer
-{
-public:
- PromptAnswer(bool isAccessAllowed, Validity validity);
- PromptAnswer(int aPromptType, unsigned int buttonAns, bool checkAns);
- bool isAccessAllowed() const;
- Validity getValidity() const;
-
-private:
- bool m_isAccessAllowed;
- Validity m_validity;
-};
-
-class PromptModel
-{
- public:
- static PromptLabels* getOneShotModel(const std::string& resourceId);
- static PromptLabels* getSessionModel(const std::string& resourceId);
- static PromptLabels* getBlanketModel(const std::string& resourceId);
-
- enum PromptType
- {
- PROMPT_ONESHOT,
- PROMPT_SESSION,
- PROMPT_BLANKET
- };
-};
-
-} // Prompt
-
-#endif /* WRT_SRC_ACCESSCONTROL_ENGINE_PROMPT_MODEL_H_ */
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/**
- *
- *
- * @file TimedVerdict.h
- * @author Grzegorz Krawczyk (g.krawczyk@samsung.com)
- * @version 0.1
- * @brief
- */
-
-#ifndef ACCESS_CONTROL_DAO_TIMEDVERDICT_H_
-#define ACCESS_CONTROL_DAO_TIMEDVERDICT_H_
-
-#include <ace-dao-ro/VerdictTypes.h>
-
-namespace AceDB{
-
-struct TimedVerdict
-{
- VerdictTypes decision;
- /*Below values are optional,its filled only when verdict depend on session*/
- std::string session;
- int subjectVerdictId;
-};
-
-}
-
-#endif
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/**
- *
- *
- * @file ValidityTypes.h
- * @author Grzegorz Krawczyk (g.krawczyk@samsung.com)
- * @version 0.1
- * @brief
- */
-
-#ifndef ACCESS_CONTROL_DAO_VALIDITYTYPES_H_
-#define ACCESS_CONTROL_DAO_VALIDITYTYPES_H_
-
-namespace AceDB{
-
-enum class ValidityTypes
-{
- ONCE,
- SESSION,
- ALWAYS,
- UNWRITEABLE
-};
-
-}
-
-#endif
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/**
- *
- *
- * @file VerdictTypes.h
- * @author Grzegorz Krawczyk (g.krawczyk@samsung.com)
- * @version 0.1
- * @brief
- */
-
-#ifndef ACCESS_CONTROL_DAO_VERDICTTYPES_H_
-#define ACCESS_CONTROL_DAO_VERDICTTYPES_H_
-
-namespace AceDB{
-
-enum class VerdictTypes
-{
- VERDICT_PERMIT,
- VERDICT_DENY,
- //Verdict is innapplicable if policy evaluate to INAPPLICABLE,
- //in this case WRT should decide what to do
- VERDICT_INAPPLICABLE,
- VERDICT_UNDETERMINED,
- VERDICT_UNKNOWN, //Verdict is unknown if Verdicts manager cannot find it
- VERDICT_ASYNC,
- VERDICT_ERROR
-};
-
-}
-
-#endif
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/**
- *
- * @file common_dao_types.h
- * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
- * @version 1.1
- * @brief This file contains the declaration of common data types for ace database.
- */
-#ifndef ACE_SRC_CONFIGURATION_COMMON_DAO_TYPES_H_
-#define ACE_SRC_CONFIGURATION_COMMON_DAO_TYPES_H_
-
-#include <list>
-#include <dpl/optional_typedefs.h>
-#include <dpl/string.h>
-#include "AppTypes.h"
-
-typedef int WidgetHandle;
-typedef std::list<WidgetHandle> WidgetHandleList;
-
-namespace AceDB {
-
-enum {
- INVALID_PLUGIN_HANDLE = -1
-};
-typedef int DbPluginHandle;
-
-enum CertificateSource {
- SIGNATURE_DISTRIBUTOR = 0,
- SIGNATURE_AUTHOR = 1
-};
-
-struct WidgetRegisterInfo {
- AppTypes type;
- DPL::OptionalString widget_id;
- DPL::OptionalString authorName;
- DPL::OptionalString version;
- DPL::OptionalString shareHref;
-};
-
-typedef std::list <std::string> WidgetCertificateCNList;
-
-struct WidgetCertificateData {
- enum Owner { AUTHOR, DISTRIBUTOR, UNKNOWN };
- enum Type { ROOT, ENDENTITY };
-
- Owner owner;
- Type type;
-
- int chainId;
- std::string strMD5Fingerprint;
- std::string strSHA1Fingerprint;
- DPL::String strCommonName;
-
- bool operator== (const WidgetCertificateData& certData) const {
- return certData.chainId == chainId &&
- certData.owner == owner &&
- certData.strCommonName == strCommonName &&
- certData.strMD5Fingerprint == strMD5Fingerprint &&
- certData.strSHA1Fingerprint == strSHA1Fingerprint;
- }
-};
-typedef std::list<WidgetCertificateData> WidgetCertificateDataList;
-
-typedef std::list<std::string> FingerPrintList;
-
-typedef std::list<std::string> CertificateChainList;
-class IWacSecurity {
- public:
- virtual ~IWacSecurity() {}
- virtual const WidgetCertificateDataList& getCertificateList() const = 0;
- virtual bool isRecognized() const = 0;
- virtual bool isDistributorSigned() const = 0;
- virtual bool isWacSigned() const = 0;
- virtual void getCertificateChainList(CertificateChainList& list) const = 0;
-};
-
-} //namespace AceDB
-
-#endif /* ACE_SRC_CONFIGURATION_COMMON_DAO_TYPES_H_ */
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/**
- *
- *
- * @file AceDAO.h
- * @author Krzysztof Jackiewicz (k.jackiewicz@samsung.com)
- * @version 0.1
- * @brief
- */
-
-#ifndef ACEDAO_H_
-#define ACEDAO_H_
-
-#include <list>
-#include <map>
-#include <string>
-
-#include <dpl/optional_typedefs.h>
-#include <dpl/string.h>
-#include <ace-dao-ro/AceDAOReadOnly.h>
-#include <ace-dao-ro/ValidityTypes.h>
-#include <ace-dao-ro/AppTypes.h>
-
-namespace AceDB {
-/*
- *
- */
-class AceDAO : public AceDAOReadOnly
-{
- public:
-
- AceDAO() {}
-
- // Policy Decisions
- static void setPolicyResult(
- const BaseAttributeSet &attributes,
- const ExtendedPolicyResult &policyResult);
-
- static void removePolicyResult(
- const BaseAttributeSet &attributes);
-
- // PromptDecision
- static void setPromptDecision(
- WidgetHandle widgetHandle,
- int ruleId,
- const DPL::OptionalString &session,
- PromptDecision decision);
-
- static void clearPromptDecisions(void);
-
- // reseting database
- static void clearWidgetDevCapSettings(void);
- static void clearDevCapSettings(void);
- static void clearAllSettings(void);
- static void resetDatabase(void);
- // clears all databse information relevant to policy cache
- static void clearPolicyCache(void);
-
- // resource settings
- static void setDevCapSetting(const std::string &resource,
- PreferenceTypes preference);
- static void removeDevCapSetting(const std::string &resource);
-
- // user settings
- static void setWidgetDevCapSetting(
- const std::string &resource,
- WidgetHandle handler,
- PreferenceTypes);
- static void removeWidgetDevCapSetting(
- const std::string &resource,
- WidgetHandle handler);
-
- // resource and subject management
- static int addResource(const std::string &request);
-
- // utilities
- static void addAttributes(const BaseAttributeSet &attributes);
-
- // Setter for device capabilities that are requested in widgets config.
- //
- // Additional boolean flag means whether widget will always get
- // (at launch) the SMACK permissions needed to use the device cap).
- //
- // 'permissions' is the map of device cap names and smack status for
- // given widget handle.
- static void setRequestedDevCaps(
- WidgetHandle widgetHandle,
- const RequestedDevCapsMap &permissions);
-
- static void setAcceptedFeature(
- WidgetHandle widgetHandle,
- const FeatureNameVector &vector);
-
- static void removeAcceptedFeature(WidgetHandle widgetHandle);
-
- static void registerWidgetInfo(WidgetHandle handle,
- const WidgetRegisterInfo& info,
- const WidgetCertificateDataList& dataList);
- static void unregisterWidgetInfo(WidgetHandle handle);
-
-};
-}
-#endif /* ACEDAO_H_ */
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#ifndef WRT_SRC_ACCESS_CONTROL_LOGIC_ABSTRACT_POLICY_ENFORCEMENT_POINTS_H
-#define WRT_SRC_ACCESS_CONTROL_LOGIC_ABSTRACT_POLICY_ENFORCEMENT_POINTS_H
-
-#include <ace/WRT_INTERFACE.h>
-#include <ace/PolicyResult.h>
-#include <dpl/event/inter_context_delegate.h>
-
-class AbstractPolicyEnforcementPoint
-{
- public:
- typedef DPL::Event::ICDelegate<PolicyResult> ResponseReceiver;
- virtual ExtendedPolicyResult check(Request &request) = 0;
-};
-
-#endif /* WRT_SRC_ACCESS_CONTROL_LOGIC_ABSTRACT_POLICY_ENFORCEMENT_POINTS_H */
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-class AbstractPolicyInformationPoint
-{
- public:
- virtual ~AbstractPolicyInformationPoint() {}
-};
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-//
-//
-//
-// @ Project : Access Control Engine
-// @ File Name : AbstractTreeElement.h
-// @ Date : 2009-05-25
-// @ Author : Samsung
-//
-//
-#if !defined(_ABSTRACTTREEELEMENT_H)
-#define _ABSTRACTTREEELEMENT_H
-
-#include <list>
-#include "Effect.h"
-#include <iostream>
-
-class AbstractTreeElement
-{
- public:
-
- virtual ~AbstractTreeElement()
- {
- }
-
- virtual void printData() = 0;
- protected:
-};
-
-#endif //_ABSTRACTTREEELEMENT_H
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-#ifndef _ASYNCVERDICT_H
-#define _ASYNCVERDICT_H
-
-#include <ace/Verdict.h>
-#include <ace/WRT_INTERFACE.h>
-#include <ace/Request.h>
-
-class AsyncVerdictResultListener
-{
- public:
- virtual void onVerdict(const Verdict &verdict,
- const Request *request) = 0;
- virtual ~AsyncVerdictResultListener()
- {
- }
-};
-
-#endif
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-//
-//
-//
-// @ Project : Access Control Engine
-// @ File Name : Attribute.h
-// @ Date : 2009-05-06
-// @ Author : Samsung
-//
-//
-
-#if !defined(_ATTRIBUTE_H)
-#define _ATTRIBUTE_H
-
-#include <string>
-#include <iostream>
-#include <set>
-#include <list>
-
-#include <ace-dao-ro/BaseAttribute.h>
-
-class Attribute : public AceDB::BaseAttribute
-{
- public:
- /**
- * Types of match functions
- */
- enum class Match { Equal, Glob, Regexp, Error };
- /**
- * Types of attribute value modifiers
- */
- enum class Modifier { Non, Scheme, Authority, SchemeAuthority, Host, Path };
- /**
- * Possible match results
- */
- enum class MatchResult { MRUndetermined = -1, MRFalse = 0, MRTrue = 1};
-
- public:
-
- /**
- * New attribute constructor
- * @param name name of the new attribute
- * @param matchFunction match function used in the attribute
- * @param type attribute type
- */
- Attribute(const std::string *name,
- const Match matchFunction,
- const Type type);
-
-
- /**
- * Constructor used to create default attribute ( used for unit tests )
- * @param nm name of the default attribute
- */
- Attribute(const std::string& nm) :
- matchFunction(Match::Error),
- modifierFunction(Modifier::Non)
- {
- m_name = nm;
- m_typeId = Type::Subject;
- m_undetermindState = false;
- }
-
- /**
- * Destructor
- */
- virtual ~Attribute();
-
- std::list<std::string> * getValue() const
- {
- return AceDB::BaseAttribute::getValue();
- }
- Match getMatchFunction() const
- {
- return matchFunction;
- }
-
- /* --- Setters --- */
- void addValue (const std::string *value);
-
- MatchResult matchAttributes(const BaseAttribute *) const;
-
- /**
- * Operator used in for attribute set,used to distinguished only attribute names
- * It cannot take attribute type into consideration
- */
- bool operator< (const Attribute & obj) const
- {
- int result = this->m_name.compare(*obj.getName());
- if (result == 0) { //If names are equal check attribute types
- if (this->m_typeId < obj.getType()) {
- result = -1;
- } else if (this->m_typeId > obj.getType()) {
- result = 1;
- }
- }
- //If result is negative that means that 'this' was '<' than obj
- return result < 0;
- }
-
- /** Checks if object type is equal to argument */
- bool instanceOf(Type type_)
- {
- return type_ == m_typeId;
- }
-
- friend std::ostream & operator<<(std::ostream & out,
- const Attribute & attr);
-
- protected:
-
- bool searchAndCut(const char *);
-
- /*
- * URI definition from rfc2396
- *
- * <scheme>://<authority><path>?<query>
- * Each of the components may be absent, apart from the scheme.
- * Host is a part of authority as in definition below:
- *
- * authority = server | reg_name
- * server = [ [ userinfo "@" ] hostport ]
- * <userinfo>@<host>:<port>
- *
- * Extract from rfc2396
- * The authority component is preceded by a double slash "//" and is
- * terminated by the next slash "/", question-mark "?", or by the end of
- * the URI. Within the authority component, the characters ";", ":",
- * "@", "?", and "/" are reserved.
- *
- * Modifiers should return pointer to empty string if given part of string was empty.
- * Modifiers should return NULL if the string to be modified was not an URI.
- */
- std::string * uriScheme(const std::string *) const;
- std::string * uriAuthority(const std::string *) const;
- std::string * uriSchemeAuthority(const std::string *) const;
- std::string * uriHost(const std::string *) const;
- std::string * uriPath(const std::string *) const;
- std::string * applyModifierFunction(const std::string * val) const;
-
- bool parse(const std::string *input,
- std::string *part) const;
- bool find_error(const std::string *part) const;
-
- bool checkScheme(const std::string *scheme) const;
- bool checkAuthority(const std::string *scheme) const;
- std::string * getHost(const std::string *scheme) const;
- bool checkPath(const std::string *scheme) const;
-
- bool isSchemeAllowedCharacter(int c) const;
- bool isSegmentAllowedCharacter(int c) const;
- bool isUserInfoAllowedString(const std::string *str) const;
- bool isHostAllowedString(const std::string *str) const;
- bool isHostNameAllowedString(const std::string * str) const;
- bool isIPv4AllowedString(const std::string * str) const;
- bool isDomainLabelAllowedString(const char * data,
- int lenght) const;
- bool isTopLabelAllowedString(const char* data,
- int lenght) const;
-
- bool isUnreserved(int c) const;
- bool isAlphanum(int c) const;
- bool isEscaped(const char esc[3]) const;
- bool isHex(int c) const;
-
- MatchResult lists_comparator(
- const std::list<std::string> *first,
- const std::list<std::string> *second,
- MatchResult (*comparator)(const std::string *,
- const std::string *)) const;
-
- /**
- * Map used to check if character is a 'mark'
- */
- static const bool mark[256];
- /**
- * Map used to check if character is a 'digit'
- *
- */
- static const bool digit[256];
- /**
- * Map used to check if character is an 'alphanumeric' value
- *
- */
- static const bool alpha[256];
-
- protected:
- Match matchFunction;
- Modifier modifierFunction;
-};
-
-typedef AceDB::BaseAttributeSet AttributeSet;
-
-//TODO remove later or ifdef debug methods
-void printAttributes(const AttributeSet& attrs);
-void printAttributes(const std::list<Attribute> & attrs);
-
-#endif //_ATTRIBUTE_H
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-//
-//
-//
-// @ Project : Access Control Engine
-// @ File Name : Combiner.h
-// @ Date : 2009-05-06
-// @ Author : Samsung
-//
-//
-
-#if !defined(_COMBINER_H)
-#define _COMBINER_H
-
-#include <set>
-
-#include <ace/Attribute.h>
-#include <ace/TreeNode.h>
-
-class Combiner
-{
- protected:
-
- const AttributeSet * attrSet;
-
- public:
-
- virtual ExtendedEffect combineRules(const TreeNode * rule) = 0;
- virtual ExtendedEffect combinePolicies(const TreeNode * policy) = 0;
-
- const AttributeSet * getAttributeSet() const
- {
- return this->attrSet;
- }
- void setAttributeSet(const AttributeSet * attrSet)
- {
- this->attrSet = attrSet;
- }
- virtual ~Combiner()
- {
- } //attrSet is deleted elsewhere
-};
-
-#endif //_COMBINER_H
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-//
-//
-//
-// @ Project : Access Control Engine
-// @ File Name : CombinerImpl.h
-// @ Date : 2009-05-06
-// @ Author : Samsung
-//
-//
-
-#ifndef _COMBINER_IMPL_H
-#define _COMBINER_IMPL_H
-
-#include <list>
-#include <dpl/log/log.h>
-
-#include "Combiner.h"
-#include "Effect.h"
-#include "Policy.h"
-#include "Subject.h"
-
-class CombinerImpl : public Combiner
-{
- public:
-
- virtual ExtendedEffect combineRules(const TreeNode * rule);
- virtual ExtendedEffect combinePolicies(const TreeNode * policy);
-
- virtual ~CombinerImpl()
- {
- }
-
- protected:
-
- bool checkIfTargetMatches(const std::list<const Subject *> * subjectsSet,
- bool &isUndetermined);
-
- ExtendedEffect combine(Policy::CombineAlgorithm algorithm,
- ExtendedEffectList &effects);
-
- ExtendedEffect denyOverrides(const ExtendedEffectList &effects);
- ExtendedEffect permitOverrides(const ExtendedEffectList &effects);
- ExtendedEffect firstApplicable(const ExtendedEffectList &effects);
- ExtendedEffect firstMatchingTarget(const ExtendedEffectList &effects);
-
- std::list<int> * convertEffectsToInts(const std::list<Effect> * effects);
- Effect convertIntToEffect(int intEffect);
-
- void showEffectList(ExtendedEffectList & effects)
- {
- ExtendedEffectList::iterator it = effects.begin();
- for (; it != effects.end(); ++it) {
- LogDebug(toString(*it));
- }
- }
-
- private:
- bool isError(const ExtendedEffectList &effects);
-};
-
-#endif //_COMBINERIMPL_H
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-//
-// File: Condition.h
-// Author: notroot
-//
-// Created on June 3, 2009, 9:00 AM
-//
-#ifndef _CONDITION_H
-#define _CONDITION_H
-
-#include <list>
-#include <set>
-#include <iostream>
-#include <dpl/foreach.h>
-
-#include "Attribute.h"
-#include "Effect.h"
-#include "TreeNode.h"
-
-class Condition
-{
- public:
- enum CombineType
- {
- AND, OR
- };
-
- void addCondition(const Condition & condition)
- {
- this->conditions.push_back(condition);
- }
-
- void addAttribute(const Attribute & attribute)
- {
- this->attributes.push_back(attribute);
- }
-
- void setCombineType(CombineType type)
- {
- this->combineType = type;
- }
-
- Condition() : combineType(AND),
- parent(NULL)
- {
- }
-
- Condition(CombineType type) : combineType(type),
- parent(NULL)
- {
- }
-
- virtual ~Condition()
- {
- }
-
- Condition * getParent()
- {
- return this->parent;
- }
-
- void setParent(Condition * condition)
- {
- this->parent = condition;
- }
-
- Attribute::MatchResult evaluateCondition(
- const AttributeSet * attrSet) const;
-
- friend std::ostream & operator<<(std::ostream & out,
- Condition & condition)
- {
- FOREACH (it, condition.attributes)
- {
- out << *it;
- }
- return out;
- }
- //[CR] change function name
- void getAttributes(AttributeSet * attrSet);
-
- private:
- Attribute::MatchResult evaluateChildConditions(
- const AttributeSet * attrSet,
- bool &isFinalMatch,
- bool & undefinedMatchFound) const;
-
- Attribute::MatchResult evaluateAttributes(
- const AttributeSet * attrSet,
- bool& isFinalMatch,
- bool & undefinedMatchFound) const;
-
- // KW Attribute::MatchResult performANDalgorithm(const std::set<Attribute> * attributes) const;
-
- // KW Attribute::MatchResult performORalgorithm(const std::set<Attribute> * attributes) const;
-
- bool isEmpty() const
- {
- return attributes.empty() && conditions.empty();
- }
-
- bool isAndCondition() const
- {
- return combineType == AND;
- }
-
- bool isOrCondition() const
- {
- return combineType == OR;
- }
-
- std::list<Condition> conditions;
- CombineType combineType;
- std::list<Attribute> attributes;
- Condition *parent;
-};
-
-#endif /* _CONDITION_H */
-
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-#ifndef _CONFIGURATIONMANAGER_H_
-#define _CONFIGURATIONMANAGER_H_
-
-#include <list>
-#include <string.h>
-#include <string>
-#include "Constants.h"
-#include <iostream>
-#include <dpl/log/log.h>
-
-enum class PolicyType {
- WAC2_0,
- Tizen
-};
-
-#define POLICY_NAME_WAC2_0 "WAC2.0"
-#define POLICY_NAME_TIZEN "Tizen"
-#define POLICY_WIDGET_TYPE_ATTRIBUTE_NAME "WrtSecurity.WidgetPolicyType"
-
-#pragma message "ATTR_ACTIVE_POLICY BAD_CAST, PARSER_ERROR, PARSER_SUCCESS\
- macros are DEPRECATED"
-#define ATTR_ACTIVE_POLICY BAD_CAST("active") // !! DEPRECATED !!
-#define PARSER_ERROR 1 // !! DEPRECATED !!
-#define PARSER_SUCCESS 0 // !! DEPRECATED !!
-
-class ConfigurationManager
-{
- public:
- // !! DEPRECATED !!
- enum ConfigurationManagerResult
- {
- CM_OPERATION_SUCCESS = 0,
- CM_GENERAL_ERROR = -1,
- CM_FILE_EXISTS = -2,
- CM_REMOVE_ERROR = -3,
- CM_REMOVE_CURRENT = -4,
- CM_REMOVE_NOT_EXISTING = -5
- };
-
- // !! DEPRECATED !!
- std::string getCurrentPolicyFile(void) const;
- std::string getFullPathToCurrentPolicyFile(void) const;
- std::string getFullPathToCurrentPolicyXMLSchema(void) const;
- int addPolicyFile(const std::string & filePath);
- int removePolicyFile(const std::string& fileName);
- int changeCurrentPolicyFile(const std::string& filePath);
- std::string extractFilename(const std::string& path) const;
-
- /**
- * ACE policy file path getter
- * @return Full path to policy file
- */
- std::string getFullPathToPolicyFile(PolicyType policy) const;
-
- /**
- * ACE policy dtd file path getter
- * @return Full path to ACE current policy file
- */
- std::string getFullPathToPolicyXMLSchema(void) const;
-
- /**
- * ACE policy storage path getter
- * @return Full path to ACE policy file storage
- */
- std::string getStoragePath(void) const;
-
- /**
- * Method to obtain instance of configuration manager
- * @return retuns pointer to configuration manager or NULL in case of error
- */
- static ConfigurationManager * getInstance()
- {
- if (!instance) {
- instance = new ConfigurationManager();
- }
- return instance;
- }
-
- protected:
-
- // !! DEPRECATED !!
- int parse(const std::string&);
- bool copyFile(FILE*, FILE*, int lenght = 1024) const;
- bool checkIfFileExistst(const std::string&) const;
- const std::list<std::string> & getPolicyFiles() const;
- const std::string & getConfigFile() const;
-
- ConfigurationManager()
- {
- }
- virtual ~ConfigurationManager()
- {
- }
-
-private:
-
- static ConfigurationManager * instance;
-};
-
-#endif
-
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/**
- * @file Constants.h
- * @author Piotr Fatyga (p.fatyga@samsung.com)
- * @version 0.1
- * @brief
- */
-
-#ifndef _CONSTANTS_H
-#define _CONSTANTS_H
-
-#define ACE_MAIN_STORAGE "/usr/etc/ace"
-#define ACE_WAC_POLICY_FILE_NAME "/WAC2.0Policy.xml"
-#define ACE_TIZEN_POLICY_FILE_NAME "/TizenPolicy.xml"
-#define ACE_DTD_LOCATION ACE_MAIN_STORAGE "/bondixml.dtd"
-
-// !! DEPRECATED !!
-#pragma message "ACE_CONFIGURATION_PATH, ACE_CONFIGURATION_DTD \
- macros are DEPRECATED"
-#define ACE_CONFIGURATION_PATH ACE_MAIN_STORAGE "/config.xml"
-#define ACE_CONFIGURATION_DTD ACE_MAIN_STORAGE "/config.dtd"
-
-/////////////////FOR GUI//////////////////////
-
-#define MYSTERIOUS_BITMAP "/usr/apps/org.tizen.policy/d.png"
-#define MYSTERIOUS_BITMAP2 "/usr/apps/org.tizen.policy/file.png"
-
-///////////////////FOR TESTS//////////////////////////
-
-#define COMBINER_TEST "/usr/etc/ace/CMTest/com_general-test.xml"
-#define CONFIGURATION_MGR_TEST_PATH "/usr/etc/ace/CMTest/"
-#define CONFIGURATION_MGR_TEST_CONFIG ACE_MAIN_STORAGE "/CMTest/pms_config.xml"
-#define CONFIGURATION_MGR_TEST_POLICY_STORAGE ACE_MAIN_STORAGE "/CMTest/active"
-#define CONFIGURATION_MGR_TEST_POLICY_STORAGE_MOVED ACE_MAIN_STORAGE \
- "/CMTest/activeMoved"
-#define CONFIGURATION_MGR_TEST_POLICY CONFIGURATION_MGR_TEST_POLICY_STORAGE \
- "/pms_general-test.xml"
-#define POLICIES_TO_SIGN_DIR ACE_MAIN_STORAGE "/SignerTests/"
-
-#define OUTPUT_DIR ACE_MAIN_STORAGE "/SignerTests/signedPolicies/"
-#define PRIVATE_KEY_DIR ACE_MAIN_STORAGE "/SignerTests/PrvKey/"
-#define X509_DATA_BASE_DIR ACE_MAIN_STORAGE "/SignerTests/X509Data/"
-
-#endif /* _CONSTANTS_H */
-
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-//
-//
-//
-// @ Project : Access Control Engine
-// @ File Name : Effect.h
-// @ Date : 2009-05-06
-// @ Author : Samsung
-//
-//
-
-#ifndef _EFFECT_H_
-#define _EFFECT_H_
-
-#include <list>
-
-typedef int RuleId;
-
-enum Effect
-{
- Deny =0,
- Undetermined=1, // jk mb added this enum, so the ones below are inceremented!!!!!!!
- PromptOneShot =2,
- PromptSession =3,
- PromptBlanket =4,
- Permit =5,
- Inapplicable =6,
- NotMatchingTarget=7,
- Error=8,
-};
-
-struct ExtendedEffect {
-public:
- ExtendedEffect(Effect effect = Error, RuleId ruleId = -1)
- : m_effect(effect)
- , m_ruleId(ruleId)
- {}
-
- ExtendedEffect(const ExtendedEffect &second)
- : m_effect(second.m_effect)
- , m_ruleId(second.m_ruleId)
- {}
-
- ExtendedEffect& operator=(const ExtendedEffect &second) {
- m_effect = second.m_effect;
- m_ruleId = second.m_ruleId;
- return *this;
- }
-
- Effect getEffect() const { return m_effect; }
-
- RuleId getRuleId() const { return m_ruleId; }
-
-private:
- Effect m_effect;
- RuleId m_ruleId;
-};
-
-typedef std::list<ExtendedEffect> ExtendedEffectList;
-
-inline const char *toString(const ExtendedEffect &effect)
-{
- const char * temp = "";
-
- switch (effect.getEffect()) {
- case Deny:
- temp = "Deny";
- break;
- case Undetermined:
- temp = "Undetermined";
- break;
- case PromptOneShot:
- temp = "PromptOneShot";
- break;
- case PromptSession:
- temp = "PromptSession";
- break;
- case PromptBlanket:
- temp = "PromptBlanket";
- break;
- case Permit:
- temp = "Permit";
- break;
- case Inapplicable:
- temp = "Inapplicable";
- break;
- case NotMatchingTarget:
- temp = "NotMatchingTarget";
- break;
- case Error:
- temp = "Error";
- break;
- default:;
- }
- return temp;
-}
-
-#endif //_EFFECT_H_
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-//
-//
-//
-// @ Project : Access Control Engine
-// @ File Name : PermissionTriple.h
-// @ Date : 2009-05-06
-// @ Author : Samsung
-//
-//
-
-#if !defined(_PERMISSION_TRIPLE_H)
-#define _PERMISSION_TRIPLE_H
-
-#include <string>
-#include <list>
-#include <ace-dao-ro/PreferenceTypes.h>
-#include <ace-dao-ro/BasePermission.h>
-
-typedef AceDB::BasePermission PermissionTriple;
-typedef AceDB::BasePermissionList PermissionList;
-
-struct GeneralSetting
-{
- GeneralSetting(const std::string& resourceName,
- AceDB::PreferenceTypes accessAllowed) : generalSettingName(resourceName),
- access(accessAllowed)
- {
- }
- std::string generalSettingName;
- AceDB::PreferenceTypes access;
-};
-
-#endif //_PERMISSION_TRIPLE_H
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-//
-//
-//
-// @ Project : Access Control Engine
-// @ File Name : Policy.h
-// @ Date : 2009-05-06
-// @ Author : Samsung
-//
-//
-
-#if !defined(_POLICY_H)
-#define _POLICY_H
-
-#include <list>
-
-#include <ace/AbstractTreeElement.h>
-#include <ace/Effect.h>
-#include <ace/Attribute.h>
-#include <ace/Subject.h>
-#include <iostream>
-#include <dpl/noncopyable.h>
-
-class Policy : public AbstractTreeElement,
- DPL::Noncopyable
-{
- public:
- enum CombineAlgorithm { DenyOverride, PermitOverride, FirstApplicable,
- FirstTargetMatching };
-
- Policy()
- {
- combineAlgorithm = DenyOverride;
- subjects = new std::list<const Subject *>();
- }
-
- CombineAlgorithm getCombineAlgorithm() const
- {
- return this->combineAlgorithm;
- }
-
- void setCombineAlgorithm(CombineAlgorithm algorithm)
- {
- this->combineAlgorithm = algorithm;
- }
-
- const std::list<const Subject *> * getSubjects() const
- {
- return this->subjects;
- }
-
- void addSubject(const Subject * subject)
- {
- if (this->subjects == NULL) {
- return;
- }
- this->subjects->push_back(subject);
- }
-
- virtual ~Policy();
-
- void printData();
-
- std::string printCombineAlgorithm(CombineAlgorithm algorithm);
-
- private:
- std::list<const Subject *> *subjects;
- CombineAlgorithm combineAlgorithm;
-};
-
-const char * toString(Policy::CombineAlgorithm algorithm);
-
-#endif //_POLICY_H
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file PolicyEffect.h
- * @author B.Grzelewski (b.grzelewski@samsung.com)
- * @version 1.0
- * @brief This file contains the declaration of PolicyEffect type.
- */
-#ifndef _SRC_ACCESS_CONTROL_COMMON_POLICY_EFFECT_H_
-#define _SRC_ACCESS_CONTROL_COMMON_POLICY_EFFECT_H_
-
-enum class PolicyEffect {
- DENY = 0,
- PERMIT,
- PROMPT_ONESHOT,
- PROMPT_SESSION,
- PROMPT_BLANKET
-};
-
-inline static std::ostream & operator<<(std::ostream& stream,
- PolicyEffect effect)
-{
- switch (effect) {
- case PolicyEffect::DENY: stream << "DENY"; break;
- case PolicyEffect::PERMIT: stream << "PERMIT"; break;
- case PolicyEffect::PROMPT_ONESHOT: stream << "PROMPT_ONESHOT"; break;
- case PolicyEffect::PROMPT_SESSION: stream << "PROMPT_SESSION"; break;
- case PolicyEffect::PROMPT_BLANKET: stream << "PROMPT_BLANKET"; break;
- default: Assert(false && "Invalid PolicyEffect constant");
- }
- return stream;
-}
-
-#endif // _SRC_ACCESS_CONTROL_COMMON_POLICY_EFFECT_H_
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/**
- * This class simply redirects the access requests to access control engine.
- * The aim is to hide access control engine specific details from WRT modules.
- * It also implements WRT_INTERFACE.h interfaces, so that ACE could access
- * WRT specific and other information during the decision making.
- *
- * @file security_logic.h
- * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com)
- * @author Ming Jin(ming79.jin@samsung.com)
- * @brief Implementation file for security logic
- */
-#ifndef POLICY_ENFORCEMENT_POINT_H
-#define POLICY_ENFORCEMENT_POINT_H
-
-#include <memory>
-#include <string>
-#include <map>
-
-//#include <glib/gthread.h>
-//#include <glib/gerror.h>
-//#include <glib.h>
-
-//#include <dpl/optional.h>
-#include <dpl/event/inter_context_delegate.h>
-#include <dpl/event/property.h>
-
-#include <ace/AbstractPolicyEnforcementPoint.h>
-#include <ace/PolicyResult.h>
-
-// Forwards
-class IWebRuntime;
-class IResourceInformation;
-class IOperationSystem;
-class PolicyEvaluator;
-class PolicyInformationPoint;
-class Request;
-
-class PolicyEnforcementPoint : public AbstractPolicyEnforcementPoint
-{
- public:
- OptionalExtendedPolicyResult checkFromCache(Request &request);
- ExtendedPolicyResult check(Request &request);
- OptionalExtendedPolicyResult check(Request &request,
- bool fromCacheOnly);
-
- virtual ~PolicyEnforcementPoint();
-
- class PEPException
- {
- public:
- DECLARE_EXCEPTION_TYPE(DPL::Exception, Base)
- DECLARE_EXCEPTION_TYPE(Base, AlreadyInitialized)
- };
-
- /**
- * This function take ownership of objects pass in call.
- * Object will be deleted after call Deinitialize function.
- */
- void initialize(IWebRuntime *wrt,
- IResourceInformation *resource,
- IOperationSystem *operation);
- void terminate();
-
- void updatePolicy(const std::string &policy);
- void updatePolicy();
-
- PolicyEvaluator *getPdp() const { return this->m_pdp; }
- PolicyInformationPoint *getPip() const { return this->m_pip; }
-
- protected:
- PolicyEnforcementPoint();
- friend class SecurityLogic;
- private: // private data
- IWebRuntime *m_wrt;
- IResourceInformation *m_res;
- IOperationSystem *m_sys;
- PolicyEvaluator *m_pdp;
- PolicyInformationPoint *m_pip;
-};
-
-#endif // POLICY_ENFORCEMENT_POINT_H
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-//
-//
-//
-// @ Project : Access Control Engine
-// @ File Name : PolicyEvaluator.h
-// @ Date : 2009-05-06
-// @ Author : Samsung
-//
-//
-
-#ifndef _POLICY_EVALUATOR_H
-#define _POLICY_EVALUATOR_H
-
-#include <memory>
-#include <set>
-#include <string>
-
-#include <dpl/event/event_listener.h>
-#include <dpl/log/log.h>
-#include <dpl/noncopyable.h>
-
-#include <ace/AsyncVerdictResultListener.h>
-#include <ace/Attribute.h>
-#include <ace/ConfigurationManager.h>
-#include <ace/Constants.h>
-#include <ace/Effect.h>
-#include <ace/Policy.h>
-#include <ace/PolicyInformationPoint.h>
-#include <ace/PolicyResult.h>
-#include <ace/Request.h>
-#include <ace/Subject.h>
-#include <ace/Verdict.h>
-#include <ace/UserDecision.h>
-#include <ace/CombinerImpl.h>
-
-
-class PolicyEvaluator : DPL::Noncopyable
-{
- protected:
-
- /**
- * Internal method used to initiate policy evaluation. Called after attribute set has been fetched
- * by PIP.
- * @param root root of the policies tree to be evaluated
- */
- virtual ExtendedEffect evaluatePolicies(const TreeNode * root);
-
- // !! DEPRECATED !!
- enum updateErrors
- {
- POLICY_PARSING_SUCCESS = 0,
- POLICY_FILE_ERROR = 1,
- PARSER_CREATION_ERROR,
- POLICY_PARSING_ERROR
- };
- private:
- AttributeSet m_attributeSet;
-
- TreeNode *m_uniform_policy, *m_wac_policy, *m_tizen_policy;
- std::string m_currentPolicyFile;
- PolicyType m_policy_to_use;
-
- Combiner * m_combiner;
- AsyncVerdictResultListener * m_verdictListener;
- PolicyInformationPoint * m_pip;
-
- /**
- * @return current policy Tree acc. to m_policy_to_use
- */
- TreeNode * getCurrentPolicyTree();
-
- /**
- * Method used to extract attributes from subtree defined by PolicySet
- * @param root original TreeStructure root node
- * @param newRoot copy of TreeStructure containing only policies that matches current request
- *
- */
- void extractAttributesFromSubtree(const TreeNode *root);
-
- /**
- * Method used to extract attributes from Tree Structure
- * @return pointer to set of attributes needed to evaluate current request
- * @return if extraction has been successful
- * TODO return reducte tree structure
- * TODO change comments
- */
- bool extractAttributesFromRules(const TreeNode *);
-
- /**
- * Extracts attributes from target of a given policy that are required to be fetched by PIP
- */
- void extractTargetAttributes(const Policy *policy);
- bool extractAttributes(TreeNode*);
-
- OptionalExtendedPolicyResult getPolicyForRequestInternal(bool fromCacheOnly);
- PolicyResult effectToPolicyResult(Effect effect);
-
- /**
- * Return safe policy tree in case of error with loading policy from file
- */
- TreeNode * getDefaultSafePolicyTree(void);
-
- public:
- PolicyEvaluator(PolicyInformationPoint * pip);
-
- bool extractAttributesTest()
- {
- m_attributeSet.clear();
- if (!extractAttributes(m_uniform_policy)) {
- LogInfo("Warnign attribute set cannot be extracted. Returning Deny");
- return true;
- }
-
- return extractAttributes(m_uniform_policy);
- }
-
- AttributeSet * getAttributeSet()
- {
- return &m_attributeSet;
- }
-
- virtual bool initPDP();
- virtual ~PolicyEvaluator();
- virtual ExtendedPolicyResult getPolicyForRequest(const Request &request);
- virtual OptionalExtendedPolicyResult getPolicyForRequestFromCache(
- const Request &request);
- virtual OptionalExtendedPolicyResult getPolicyForRequest(const Request &request,
- bool fromCacheOnly);
- bool fillAttributeWithPolicy();
-
- virtual int updatePolicy(const char *);
- // This function updates policy from well known locations
- virtual void updatePolicy();
-
- std::string getCurrentPolicy();
-};
-
-#endif //_POLICYEVALUATOR_H
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/**
- * @file AbstractObjectFactory.h
- * @author Piotr Fatyga (p.fatyga@samsung.com)
- * @version 0.1
- * @brief
- */
-
-#ifndef _ABSTRACTOBJECTFACTORY_H
-#define _ABSTRACTOBJECTFACTORY_H
-
-#include <ace/PolicyEvaluator.h>
-
-class AbstractPolicyEvaluatorFactory
-{
- public:
- virtual PolicyEvaluator * createPolicyEvaluator(PolicyInformationPoint *pip)
- const = 0;
-};
-
-class PolicyEvaluatorFactory : public AbstractPolicyEvaluatorFactory
-{
- public:
- PolicyEvaluator * createPolicyEvaluator(PolicyInformationPoint *pip) const
- {
- return new PolicyEvaluator(pip);
- }
-};
-
-#endif /* _ABSTRACTOBJECTFACTORY_H */
-
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-//
-//
-//
-// @ Project : Access Control Engine
-// @ File Name : PolicyInformationPoint.h
-// @ Date : 2009-05-06
-// @ Author : Samsung
-//
-//
-
-#ifndef _POLICY_INFORMATION_POINT_H
-#define _POLICY_INFORMATION_POINT_H
-
-#include <set>
-
-#include <ace/Attribute.h>
-#include <ace/Request.h>
-#include <ace/WRT_INTERFACE.h>
-#include <ace-dao-ro/BaseAttribute.h>
-#include <dpl/noncopyable.h>
-
-typedef int PipResponse;
-
-class PolicyInformationPoint : public DPL::Noncopyable
-{
- private:
-
- /** queries for interfaces*/
- std::list<ATTRIBUTE> resourceAttributesQuery;
- std::list<ATTRIBUTE> environmentAttributesQuery;
- std::list<ATTRIBUTE> subjectAttributesQuery;
- std::list<ATTRIBUTE> functionParamAttributesQuery;
- std::list<ATTRIBUTE> widgetParamAttributesQuery;
-
- /** create queries */
- void createQueries(AttributeSet* attributes);
-
- IWebRuntime* wrtInterface;
- IResourceInformation* resourceInformation;
- IOperationSystem* operationSystem;
-
- public:
- static const int ERROR_SHIFT_RESOURCE = 3;
- static const int ERROR_SHIFT_OS = 6;
- static const int ERROR_SHIFT_FP = 9;
-
- /** Mask used to identify PIP error */
- enum ResponseTypeMask
- {
- SUCCESS = 0,
- /* WebRuntime Error */
- WRT_UNKNOWN_SUBJECT = 1 << 0,
- WRT_UNKNOWN_ATTRIBUTE = 1 << 1,
- WRT_INTERNAL_ERROR = 1 << 2,
- /* Resource Information Storage Error */
- RIS_UNKNOWN_RESOURCE = 1 << 3,
- RIS_UNKNOWN_ATTRIBUTE = 1 << 4,
- RIS_INTERNAL_ERROR = 1 << 5,
- /*Operating system */
- OS_UNKNOWN_ATTRIBUTE = 1 << 6,
- OS_INTERNAL_ERROR = 1 << 7
- };
-
- //TODO add checking values of attributes
- /** gather attributes values from adequate interfaces */
- virtual PipResponse getAttributesValues(const Request* request,
- AttributeSet* attributes);
- virtual ~PolicyInformationPoint();
- PolicyInformationPoint(IWebRuntime *wrt,
- IResourceInformation *resource,
- IOperationSystem *system);
- virtual void update(IWebRuntime *wrt,
- IResourceInformation *resource,
- IOperationSystem *system)
- {
- wrtInterface = wrt;
- resourceInformation = resource;
- operationSystem = system;
- }
- IWebRuntime * getWebRuntime()
- {
- return wrtInterface;
- }
-};
-
-#endif //_POLICY_INFORMATION_POINT_H
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#ifndef _SRC_ACCESS_CONTROL_COMMON_POLICY_RESULT_H_
-#define _SRC_ACCESS_CONTROL_COMMON_POLICY_RESULT_H_
-
-#include <dpl/assert.h>
-#include <dpl/optional.h>
-#include <dpl/optional_typedefs.h>
-
-#include <ace/PolicyEffect.h>
-
-typedef DPL::Optional<PolicyEffect> OptionalPolicyEffect;
-
-class PolicyDecision
-{
-public:
- enum Value { NOT_APPLICABLE = -1 };
-
- PolicyDecision(PolicyEffect effect)
- : m_isPolicyEffect(true)
- , m_effect(effect)
- {}
-
- PolicyDecision(const PolicyDecision &decision)
- : m_isPolicyEffect(decision.m_isPolicyEffect)
- , m_effect(decision.m_effect)
- {}
-
- PolicyDecision(Value)
- : m_isPolicyEffect(false)
- {}
-
- bool operator==(const PolicyDecision &decision) const {
- return (m_isPolicyEffect
- && decision.m_isPolicyEffect
- && m_effect == decision.m_effect)
- || (!m_isPolicyEffect && !decision.m_isPolicyEffect);
- }
-
- bool operator==(Value) const {
- return !m_isPolicyEffect;
- }
-
- bool operator!=(const PolicyDecision &decision) const {
- return !(*this == decision);
- }
-
- bool operator!=(Value value) const {
- return !(*this == value);
- }
-
- OptionalPolicyEffect getEffect() const
- {
- if (!m_isPolicyEffect) {
- return OptionalPolicyEffect();
- }
- return OptionalPolicyEffect(m_effect);
- }
-
- std::ostream & toStream(std::ostream& stream) {
- if (m_isPolicyEffect)
- stream << m_effect;
- else
- stream << "NOT-APPLICABLE";
- return stream;
- }
-
-private:
- bool m_isPolicyEffect;
- PolicyEffect m_effect;
-};
-
-inline static bool operator==(PolicyEffect e, const PolicyDecision &d) {
- return d.operator==(e);
-}
-
-inline static bool operator!=(PolicyEffect e, const PolicyDecision &d) {
- return !(e == d);
-}
-
-inline static std::ostream & operator<<(std::ostream& stream,
- PolicyDecision decision)
-{
- return decision.toStream(stream);
-}
-
-class PolicyResult {
-public:
- enum Value { UNDETERMINED = -2 };
-
- // This constructor is required by dpl controller and by dpl optional
- PolicyResult()
- : m_isDecision(false)
- , m_decision(PolicyDecision::Value::NOT_APPLICABLE) // don't care
- {}
-
- PolicyResult(PolicyEffect effect)
- : m_isDecision(true)
- , m_decision(effect)
- {}
-
- PolicyResult(const PolicyDecision &decision)
- : m_isDecision(true)
- , m_decision(decision)
- {}
-
- PolicyResult(const PolicyResult &result)
- : m_isDecision(result.m_isDecision)
- , m_decision(result.m_decision)
- {}
-
- PolicyResult(PolicyDecision::Value value)
- : m_isDecision(true)
- , m_decision(value)
- {}
-
- PolicyResult(Value)
- : m_isDecision(false)
- , m_decision(PolicyDecision::Value::NOT_APPLICABLE) // don't care
- {}
-
- bool operator==(const PolicyResult &result) const {
- return (m_isDecision
- && result.m_isDecision
- && m_decision == result.m_decision)
- || (!m_isDecision && !result.m_isDecision);
- }
-
- bool operator==(Value) const {
- return !m_isDecision;
- }
-
- bool operator!=(const PolicyResult &result) const {
- return !(*this == result);
- }
-
- bool operator!=(Value value) const {
- return !(*this == value);
- }
-
- OptionalPolicyEffect getEffect() const
- {
- if (!m_isDecision) {
- return OptionalPolicyEffect();
- }
- return m_decision.getEffect();
- }
-
- static int serialize(const PolicyResult &policyResult)
- {
- if (!policyResult.m_isDecision) {
- return BD_UNDETERMINED;
- } else if (policyResult.m_decision ==
- PolicyDecision::Value::NOT_APPLICABLE)
- {
- return BD_NOT_APPLICABLE;
- } else if (policyResult.m_decision == PolicyEffect::PROMPT_BLANKET) {
- return BD_PROMPT_BLANKET;
- } else if (policyResult.m_decision == PolicyEffect::PROMPT_SESSION) {
- return BD_PROMPT_SESSION;
- } else if (policyResult.m_decision == PolicyEffect::PROMPT_ONESHOT) {
- return BD_PROMPT_ONESHOT;
- } else if (policyResult.m_decision == PolicyEffect::PERMIT) {
- return BD_PERMIT;
- } else if (policyResult.m_decision == PolicyEffect::DENY) {
- return BD_DENY;
- }
- Assert(false && "Unknown value of policyResult.");
- }
-
- static PolicyResult deserialize(int dec){
- switch (dec) {
- case BD_DENY:
- return PolicyEffect::DENY;
- case BD_PERMIT:
- return PolicyEffect::PERMIT;
- case BD_PROMPT_ONESHOT:
- return PolicyEffect::PROMPT_ONESHOT;
- case BD_PROMPT_SESSION:
- return PolicyEffect::PROMPT_SESSION;
- case BD_PROMPT_BLANKET:
- return PolicyEffect::PROMPT_BLANKET;
- case BD_NOT_APPLICABLE:
- return PolicyDecision::Value::NOT_APPLICABLE;
- case BD_UNDETERMINED:
- return Value::UNDETERMINED;
- }
- Assert(false && "Broken database");
- }
-
- std::ostream & toStream(std::ostream& stream) {
- if (m_isDecision)
- stream << m_decision;
- else
- stream << "UNDETERMINED";
- return stream;
- }
-
-private:
- static const int BD_UNDETERMINED = 6;
- static const int BD_NOT_APPLICABLE = 5;
- static const int BD_PROMPT_BLANKET = 4;
- static const int BD_PROMPT_SESSION = 3;
- static const int BD_PROMPT_ONESHOT = 2;
- static const int BD_PERMIT = 1;
- static const int BD_DENY = 0;
-
- bool m_isDecision;
- PolicyDecision m_decision;
-};
-
-inline static bool operator==(const PolicyDecision &d, const PolicyResult &r) {
- return r == d;
-}
-
-inline static bool operator!=(const PolicyDecision &d, const PolicyResult &r) {
- return !(d == r);
-}
-
-inline static bool operator==(const PolicyEffect &e, const PolicyResult &r) {
- return e == r;
-}
-
-inline static bool operator!=(const PolicyEffect &e, const PolicyResult &r) {
- return !(e == r);
-}
-
-inline static std::ostream & operator<<(std::ostream& stream,
- PolicyResult result)
-{
- return result.toStream(stream);
-}
-
-struct ExtendedPolicyResult {
- ExtendedPolicyResult(const PolicyResult pr = PolicyEffect::DENY, int rule = -1)
- : policyResult(pr)
- , ruleId(rule)
- {}
- PolicyResult policyResult;
- int ruleId;
-};
-
-typedef DPL::Optional<ExtendedPolicyResult> OptionalExtendedPolicyResult;
-
-#endif // _SRC_ACCESS_CONTROL_COMMON_POLICY_RESULT_H_
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-//
-//
-//
-// @ Project : Access Control Engine
-// @ File Name : PolicySet.h
-// @ Date : 2009-05-06
-// @ Author : Samsung
-//
-//
-
-#if !defined(_POLICYSET_H)
-#define _POLICYSET_H
-
-#include "Policy.h"
-#include <iostream>
-
-class PolicySet : public Policy
-{
- public:
-
- //TODO Clean this class
- //PolicySet(CombineAlgorithm algorithm, std::list<Attribute> * targetAttr,const std::string & subjectId)
- // : Policy(algorithm,targetAttr,subjectId)
- // {}
- PolicySet()
- {
- }
- ~PolicySet()
- {
- }
-};
-
-#endif //_POLICYSET_H
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-//
-//
-//
-// @ Project : Access Control Engine
-// @ File Name : Preference.h
-// @ Date : 2009-05-2
-// @ Author : Samsung
-//
-//
-
-#ifndef _Preference_H_
-#define _Preference_H_
-
-#include <map>
-#include <string>
-
-#include <ace-dao-ro/PreferenceTypes.h>
-
-typedef AceDB::PreferenceTypes Preference;
-typedef AceDB::PreferenceTypesMap PreferenceMap;
-
-#endif //_Preference_H
-
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#ifndef _SRC_ACCESS_CONTROL_COMMON_PROMPT_DECISION_H_
-#define _SRC_ACCESS_CONTROL_COMMON_PROMPT_DECISION_H_
-
-#include <dpl/optional.h>
-#include <dpl/optional_typedefs.h>
-
-enum class PromptDecision {
- ALLOW_ALWAYS,
- DENY_ALWAYS,
- ALLOW_THIS_TIME,
- DENY_THIS_TIME,
- ALLOW_FOR_SESSION,
- DENY_FOR_SESSION
-};
-
-typedef DPL::Optional<PromptDecision> OptionalPromptDecision;
-
-struct CachedPromptDecision {
- PromptDecision decision;
- DPL::OptionalString session;
-};
-
-typedef DPL::Optional<CachedPromptDecision> OptionalCachedPromptDecision;
-
-#endif // _SRC_ACCESS_CONTROL_COMMON_PROMPT_DECISION_H_
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-//
-//
-//
-// @ Project : Access Control Engine
-// @ File Name : Request.h
-// @ Date : 2009-05-06
-// @ Author : Samsung
-//
-//
-
-#ifndef _REQUEST_H_
-#define _REQUEST_H_
-
-#include <set>
-#include <string>
-#include <vector>
-
-#include <ace-dao-ro/IRequest.h>
-#include <ace/WRT_INTERFACE.h>
-
-class Request : public AceDB::IRequest
-{
- public:
- typedef std::string DeviceCapability;
- typedef std::set<DeviceCapability> DeviceCapabilitySet;
-
- enum ApplicationType {
- APP_TYPE_TIZEN,
- APP_TYPE_WAC20,
- APP_TYPE_UNKNOWN
- };
-
- Request(WidgetHandle widgetHandle,
- WidgetExecutionPhase phase,
- IFunctionParam *functionParam = 0)
- : m_widgetHandle(widgetHandle)
- , m_phase(phase)
- , m_functionParam(functionParam)
- , m_appType(APP_TYPE_UNKNOWN)
- {}
-
- WidgetHandle getWidgetHandle() const
- {
- return m_widgetHandle;
- }
-
- WidgetExecutionPhase getExecutionPhase() const
- {
- return m_phase;
- }
-
- IFunctionParam *getFunctionParam() const
- {
- return m_functionParam;
- }
-
- void addDeviceCapability(const std::string& device)
- {
- m_devcapSet.insert(device);
- }
-
- DeviceCapabilitySet getDeviceCapabilitySet() const
- {
- return m_devcapSet;
- }
-
- void setAppType(ApplicationType appType)
- {
- m_appType = appType;
- }
-
- ApplicationType getAppType() const
- {
- return m_appType;
- }
-
- private:
- WidgetHandle m_widgetHandle;
- WidgetExecutionPhase m_phase;
- //! \brief list of function param (only for intercept)
- IFunctionParam *m_functionParam;
- //! \brief Set of defice capabilities
- DeviceCapabilitySet m_devcapSet;
- ApplicationType m_appType;
-};
-
-typedef std::vector <Request> Requests;
-
-#endif //_REQUEST_H_
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-//
-//
-//
-// @ Project : Access Control Engine
-// @ File Name : Rule.h
-// @ Date : 2009-05-06
-// @ Author : Samsung
-//
-//
-
-#if !defined(_RULE_H)
-#define _RULE_H
-
-#include "Attribute.h"
-#include "Effect.h"
-#include "Condition.h"
-#include <dpl/assert.h>
-
-class Rule : public AbstractTreeElement
-{
- public:
-
- ExtendedEffect evaluateRule(const AttributeSet * attrSet) const;
-
- Rule()
- : effect(Inapplicable)
- {
- //TODO we should set it to deny or smth, not inapplicable
- }
-
- void setEffect(ExtendedEffect effect)
- {
- //We should not allow to set "Inapplicable" effect.
- //Rules cannot have effect that is inapplicable, evaluation of the rules may however
- //render the effect inapplicable.
- Assert(effect.getEffect() != Inapplicable);
- this->effect = effect;
- }
- void setCondition(Condition condition)
- {
- this->condition = condition;
- }
- void getAttributes(AttributeSet * attrSet)
- {
- condition.getAttributes(attrSet);
- }
-
- //DEBUG methods
- std::string printEffect(const ExtendedEffect &effect) const;
- void printData();
-
- private:
-
- ExtendedEffect effect;
- Condition condition;
-};
-
-#endif //_RULE_H
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/**
- *
- *
- * @file SettingsLogic.h
- * @author Tomasz Swierczek (t.swierczek@samsung.com)
- * @version 0.1
- * @brief Header file for class getting/setting user/global ACE settings
- */
-
-#ifndef WRT_SRC_ACCESS_CONTROL_LOGIC_SETTINGS_LOGIC_H_
-#define WRT_SRC_ACCESS_CONTROL_LOGIC_SETTINGS_LOGIC_H_
-
-#include <set>
-#include <list>
-#include <map>
-#include <string>
-#include <ace-dao-ro/PreferenceTypes.h>
-#include <ace/Request.h>
-#include <ace/PermissionTriple.h>
-#include <ace-dao-rw/AceDAO.h>
-#include <ace-dao-ro/common_dao_types.h>
-
-class SettingsLogic
-{
- public:
- class Exception
- {
- public:
- DECLARE_EXCEPTION_TYPE(DPL::Exception, Base)
- DECLARE_EXCEPTION_TYPE(Base, DatabaseError)
- };
-
- // global settings
- static AceDB::PreferenceTypes findGlobalUserSettings(
- const std::string &resource,
- WidgetHandle handler);
-
- static AceDB::PreferenceTypes findGlobalUserSettings(
- const Request &request);
-
- // resource settings
- static AceDB::PreferenceTypes getDevCapSetting(
- const std::string &request);
- static void getDevCapSettings(AceDB::PreferenceTypesMap *preferences);
- static void setDevCapSetting(const std::string &resource,
- AceDB::PreferenceTypes preference);
- static void setAllDevCapSettings(
- const std::list<std::pair<const std::string *,
- AceDB::PreferenceTypes> > &resourcesList);
- static void removeDevCapSetting(const std::string &resource);
- static void updateDevCapSetting(const std::string &resource,
- AceDB::PreferenceTypes p);
-
- // user settings
- static AceDB::PreferenceTypes getWidgetDevCapSetting(
- const std::string &resource,
- WidgetHandle handler);
- static void getWidgetDevCapSettings(PermissionList *permissions);
- static void setWidgetDevCapSetting(const std::string &resource,
- WidgetHandle handler,
- AceDB::PreferenceTypes preference);
- static void setWidgetDevCapSettings(const PermissionList &tripleList);
- static void removeWidgetDevCapSetting(const std::string &resource,
- WidgetHandle handler);
-
- private:
- SettingsLogic()
- {
- }
-
-};
-
-#endif /* WRT_SRC_ACCESS_CONTROL_LOGIC_SETTINGS_LOGIC_H_ */
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-//
-// File: Subject.h
-// Author: notroot
-//
-// Created on June 2, 2009, 8:47 AM
-//
-
-#ifndef _SUBJECT_H
-#define _SUBJECT_H
-
-#include <set>
-#include <list>
-#include <iostream>
-#include <dpl/assert.h>
-#include <dpl/noncopyable.h>
-
-#include "Attribute.h"
-
-class Subject : DPL::Noncopyable
-{
- std::string subjectId;
- std::list<Attribute> targetAttributes;
-
- public:
- Subject()
- {}
-
- const std::list<Attribute>& getTargetAttributes() const;
-
- void setSubjectId(const std::string & subjectId)
- {
- this->subjectId = subjectId;
- }
-
- //TODO maybe we should remove that becuase this causes a memory leak right now!! [CR] maybe thats true, maybe whe can remove this fun
- // KW void setTargetAttributes(std::list<Attribute> * targetAttributes){ this->targetAttributes = targetAttributes; }
-
- const std::string & getSubjectId() const
- {
- return this->subjectId;
- }
-
- void addNewAttribute(Attribute & attr)
- {
- this->targetAttributes.push_back(attr);
- }
-
- //TODO in 1.0 change to true/false/undetermined
- bool matchSubject(const AttributeSet *attrSet,
- bool &isUndetermined) const;
-
- ~Subject()
- {}
-};
-
-#endif /* _SUBJECT_H */
-
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-#ifndef _TEST_TIMER_H
-#define _TEST_TIMER_H
-
-#include <time.h>
-
-class TestTimer
-{
- time_t startt, endt;
-
- public:
- void start()
- {
- time(&startt);
- }
- void stop()
- {
- time(&endt);
- }
- double getTime()
- {
- return difftime(endt, startt);
- }
-};
-
-#endif //_TEST_TIMER_H
-
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-//
-//
-//
-// @ Project : Access Control Engine
-// @ File Name : TreeNode.h
-// @ Date : 2009-05-06
-// @ Author : Samsung
-//
-//
-
-#ifndef _TREE_NODE_H
-#define _TREE_NODE_H
-
-#include <iostream>
-#include <list>
-
-#include <ace/AbstractTreeElement.h>
-
-class TreeNode;
-
-typedef std::list<TreeNode *> ChildrenSet;
-typedef std::list<TreeNode *>::iterator ChildrenIterator;
-typedef std::list<TreeNode *>::const_iterator ChildrenConstIterator;
-
-class TreeNode
-{
- public:
- //TODO nazwac pozadnie TYPY - moze jakas konwencja ... ??!!
- enum TypeID { Policy =0, PolicySet=1, Rule=2};
-
- const ChildrenSet & getChildrenSet() const
- {
- return children;
- }
-
- TreeNode * getParent() const
- {
- return this->parent;
- }
-
- void setParent(TreeNode *parent)
- {
- this->parent = parent;
- }
-
- TypeID getTypeID() const
- {
- return this->typeID;
- }
-
- void addChild(TreeNode *child)
- {
- child->setParent(this);
- children.push_back(child);
- }
-
- /**
- * Clone the node
- */
- // KW TreeNode * clone() { return new TreeNode(NULL,this->getTypeID(),this->getElement()); }
-
- TreeNode(TreeNode * parent,
- TypeID type,
- AbstractTreeElement * element) :
- parent(parent),
- typeID(type),
- element(element)
- {
- }
-
- AbstractTreeElement * getElement() const
- {
- return element;
- }
-
- private:
- virtual ~TreeNode();
-
- public:
- /*
- * It is common that we create a copy of tree structure created out of xml file. However we don't want to
- * copy abstract elements ( Policies and Rules ) because we need them only for reading. We want to modify the
- * tree structure though. Therefore we copy TreeNode. When the copy of the original tree is being destroyed method
- * releaseTheSubtree should be called on "root". It automatically traverse the tree and call TreeNode destructors for
- * each TreeNode in the tree. It doesn't remove the abstract elements in the tree ( there is always at most one abstract
- * element instance, when tree is copied it is a shallow copy.
- * When we want to completely get rid of the the tree and abstract elements we have to call releaseResources on tree root.
- * We may want to do this for instance when we want to serialize the tree to disc. releaseResource method traverses the tree
- * and releses the resources, as well as the TreeNode so NO releaseTheSubtree is required any more
- */
- void releaseResources();
-
- /**
- * Used to delete the copies of tree structure. The original tree structure should be removed with releaseResources method.
- * ReleaseTheSubtree method doesn't delete the abstract elements, only TreeNodes. It traverses the whole tree, so it should be
- * called on behalf of root of the tree
- */
- // KW void releaseTheSubtree();
-
- friend std::ostream & operator<<(std::ostream & out,
- const TreeNode * node);
- // KW void printSubtree();
-
- private:
- // KW TreeNode(const TreeNode& pattern){ (void)pattern; }
-
- std::list<TreeNode *> children;
- TreeNode * parent;
- //TODO standarize ID case
- TypeID typeID;
- AbstractTreeElement * element;
- static int level;
-};
-
-#endif //_TREE_NODE_H
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-//
-//
-//
-// @ Project : Access Control Engine
-// @ File Name : UserDecision.h
-// @ Date : 2009-05-22
-// @ Author : Samsung
-//
-//
-
-#ifndef _USERDECISION_H
-#define _USERDECISION_H
-
-#include <ace/Verdict.h>
-#include <ace-dao-ro/ValidityTypes.h>
-
-typedef AceDB::ValidityTypes Validity;
-
-const char * toString(Validity validity);
-
-#endif //_USERDECISION_H
-
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-//
-//
-//
-// @ Project : Access Control Engine
-// @ File Name : Verdict.h
-// @ Date : 2009-05-2
-// @ Author : Samsung
-//
-//
-
-#ifndef _VERDICT_H
-#define _VERDICT_H
-
-#include <string>
-#include <ace-dao-ro/VerdictTypes.h>
-#include <ace-dao-ro/TimedVerdict.h>
-
-typedef AceDB::VerdictTypes Verdict;
-//typedef AceDB::TimedVerdict TimedVerdict;
-
-const char * toString(Verdict verditct);
-
-#endif //_VERDICT_H
-
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-#ifndef _WRT_INERFACE_4_ACE_EXAMPLE_H_
-#define _WRT_INERFACE_4_ACE_EXAMPLE_H_
-
-#include <list>
-#include <map>
-#include <string>
-
-typedef int WidgetHandle;
-
-class Request;
-
-enum WidgetExecutionPhase
-{
- WidgetExecutionPhase_Unknown = 0,
- WidgetExecutionPhase_WidgetInstall = 1 << 0,
- WidgetExecutionPhase_WidgetInstantiate = 1 << 1,
- WidgetExecutionPhase_WebkitBind = 1 << 2,
- WidgetExecutionPhase_Invoke = 1 << 3
-};
-
-struct RequestContext
-{
- const WidgetHandle Handle;
- WidgetExecutionPhase Phase;
-
- RequestContext(WidgetHandle handle,
- WidgetExecutionPhase phase) :
- Handle(handle),
- Phase(phase)
- {
- }
-};
-
-// Pair of pointer to attribute name and pointer to list of value for
-// this attribute name
-typedef std::pair< const std::string* const, std::list<std::string>* >
-ATTRIBUTE;
-
-/*
- * Each function should return 0 as success and positive value as error
- *
- * Possible return value:
- * 0 - succes
- * 1 - subjectId/resourceId name unknown
- * 2 - unknown attribute name
- * 4 - interface error
- **/
-
-/************** Web Runtime ********************/
-
-class IWebRuntime
-{
- public:
-
- /**
- * gather and set attributes values for specified subjectId
- * and attribute name
- * @param subjectId is a name of subject (widget or internet site URI )
- * @param attributes is a list of pairs(
- * first: pointer to attribute name
- * second: list of values for attribute (std::string) -
- * its a list of string (BONDI requirement), but usually there will
- * be only one string
- * */
- virtual int getAttributesValues(const Request &request,
- std::list<ATTRIBUTE> *attributes) = 0;
-
- /*return current sessionId */
- virtual std::string getSessionId(const Request &request) = 0;
-
- virtual ~IWebRuntime()
- {
- }
-};
-
-/************** Resource Information ********************/
-class IResourceInformation
-{
- public:
- /**
- * gather and set attributes values for specified resourceId
- * and attribute name
- * @param resourceId is a name of subject (widget or internet site URI )
- * @param attributes is a list of pairs(
- * first: pointer to attribute name
- * second: list of values for attribute (std::string) -
- * its a list of string (BONDI requirement), but usually there will
- * be only one string
- * */
- virtual int getAttributesValues(const Request &request,
- std::list<ATTRIBUTE> *attributes) = 0;
-
- virtual ~IResourceInformation()
- {
- }
-};
-
-/************** Operation System ********************/
-class IOperationSystem
-{
- public:
-
- /**
- * gather and set attributes values for specified attribute name
- * @param attributes is a list of pairs(
- * first: pointer to attribute name
- * second: list of values for attribute (std::string) -
- * its a list of string (BONDI requirement), but usually
- * there will be only one string
- * */
- virtual int getAttributesValues(const Request &request,
- std::list<ATTRIBUTE> *attributes) = 0;
-
- virtual ~IOperationSystem()
- {
- }
-};
-
-class IFunctionParam
-{
- public:
- virtual int getAttributesValues(const Request &request,
- std::list<ATTRIBUTE> *attributes) = 0;
- virtual ~IFunctionParam()
- {
- }
-};
-
-#endif //_WRT_INERFACE_4_ACE_EXAMPLE_H_
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-//
-// @ Project : Access Control Engine
-// @ File Name : UserDecision.h
-// @ Date : 2009-05-22
-// @ Author : Samsung
-//
-//
-
-#ifndef _WIDGET_USAGE_H
-#define _WIDGET_USAGE_H
-
-#include <dpl/event/event_support.h>
-
-#include "Request.h"
-#include "AsyncVerdictResultListener.h"
-
-enum UsageValidity
-{
- USAGE_UNKNOWN,
- USAGE_ONCE,
- USAGE_SESSION,
- USAGE_ALWAYS
-};
-
-enum UsageVerdict
-{
- USAGE_VERDICT_PERMIT,
- USAGE_VERDICT_DENY,
- USAGE_VERDICT_INAPPLICABLE,
- USAGE_VERDICT_UNDETERMINED,
- USAGE_VERDICT_UNKNOWN,
- USAGE_VERDICT_ERROR
-};
-//Forward declaration
-class PolicyEvaluator;
-
-class PolicyEvaluatorData
-{
- private:
- Request m_request;
- UsageValidity m_validity;
- UsageVerdict m_verdict;
- AsyncVerdictResultListener *m_listener;
- public:
-
- PolicyEvaluatorData(const Request& request,
- AsyncVerdictResultListener *listener) :
- m_request(request),
- m_validity(USAGE_UNKNOWN),
- m_verdict(USAGE_VERDICT_ERROR),
- m_listener(listener)
- {
- }
-
- // KW UsageValidity getValidity() const {
- // KW return m_validity;
- // KW }
- // KW
- // KW UsageVerdict getVerdict() const {
- // KW return m_verdict;
- // KW }
- // KW
- // KW void setValidity(UsageValidity validity) {
- // KW this->m_validity = validity;
- // KW }
- // KW
- // KW void setVerdict(UsageVerdict verdict) {
- // KW this->m_verdict = verdict;
- // KW }
-
- const Request& getRequest() const
- {
- return m_request;
- }
-
- AsyncVerdictResultListener* getListener() const
- {
- return m_listener;
- }
-};
-
-#endif //_USERDECISION_H
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * This file contain consts for Signing Template and Policy Manager
- * This values will be used to specified and identified algorithms in xml policy documents.
- * Its consistent with BONDI 1.0 released requirements
- *
- * NOTE: This values should be verified when ACF will be updated to the latest version of BONDI requirements
- * This values comes from widget digital signature 1.0 - required version of this doc is very important
- *
- **/
-
-#ifndef ACF_CONSTS_TYPES_H
-#define ACF_CONSTS_TYPES_H
-
-//Digest Algorithms
-extern const char* DIGEST_ALG_SHA256;
-
-//Canonicalization Algorithms
-extern const char* CANONICAL_ALG_C14N;
-
-//Signature Algorithms
-extern const char* SIGNATURE_ALG_RSA_with_SHA256;
-extern const char* SIGNATURE_ALG_DSA_with_SHA1;
-extern const char* SIGNATURE_ALG_ECDSA_with_SHA256;
-
-#endif
-
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-//
-//
-//
-// @ Project : Access Control Engine
-// @ File Name : parser.h
-// @ Date : 2009-05-06
-// @ Author : Samsung
-//
-//
-
-#ifndef _PARSER_H_
-#define _PARSER_H_
-
-//#include "/usr/include/libxml2/libxml/parser.h"
-#include <string>
-#include <libxml/xmlreader.h>
-#include <libxml/c14n.h>
-#include <libxml/xpath.h>
-#include <libxml/xpathInternals.h>
-
-#include "Policy.h"
-#include "PolicySet.h"
-#include "Request.h"
-#include "Rule.h"
-#include "Attribute.h"
-#include "TreeNode.h"
-#include "Subject.h"
-#include "Condition.h"
-#include "Effect.h"
-
-#define whitespaces " \n\t\r"
-
-enum CanonicalizationAlgorithm
-{
- C14N,
- C14NEXCLUSIVE
-};
-
-class Parser
-{
- private:
- RuleId ruleId;
- xmlTextReaderPtr reader;
-
- TreeNode * root;
- TreeNode * currentRoot;
- Subject * currentSubject;
- Condition * currentCondition;
- Attribute * currentAttribute;
- std::string * currentText;
-
- bool processingSignature;
- bool canonicalizeOnce;
-
- void processNode(xmlTextReaderPtr reader);
-
- //Node Handlers
- void endNodeHandler(xmlTextReaderPtr reader);
- void textNodeHandler(xmlTextReaderPtr reader);
- void startNodeHandler(xmlTextReaderPtr reader);
-
- //Node names handlers
- void handleAttr(xmlTextReaderPtr reader);
- void handleRule(xmlTextReaderPtr reader);
- void handleSubject();
- void handleCondition(xmlTextReaderPtr reader);
- void handleSubjectMatch(xmlTextReaderPtr reader);
- void handleMatch(xmlTextReaderPtr reader,
- Attribute::Type);
- void handlePolicy(xmlTextReaderPtr reader,
- TreeNode::TypeID type);
-
- //helpers
- Policy::CombineAlgorithm convertToCombineAlgorithm(xmlChar*);
- ExtendedEffect convertToEffect(xmlChar *effect);
- Attribute::Match convertToMatchFunction(xmlChar * func);
- void consumeCurrentText();
- void consumeCurrentAttribute();
- void consumeSubjectMatch(xmlChar * value = NULL);
- void consumeCurrentSubject();
- void consumeCurrentCondition();
- void trim(std::string *);
- // KW void canonicalize(const char *, const char *, CanonicalizationAlgorithm canonicalizationAlgorithm);
- // KW int extractNodeToFile(xmlTextReaderPtr reader, const char * filename);
-
- static const char *TOKEN_PARAM;
- public:
- Parser();
- ~Parser();
- TreeNode * parse(const std::string& filename, const std::string& schema);
-};
-
-#endif //_PARSER_H
+++ /dev/null
-SQL(
- PRAGMA foreign_keys = ON;
- BEGIN TRANSACTION;
-)
-
-CREATE_TABLE(AcePolicyResult)
- COLUMN_NOT_NULL(decision, INTEGER, check(decision between 0 and 6))
- COLUMN_NOT_NULL(hash, TEXT,)
- COLUMN_NOT_NULL(rule_id, INTEGER)
- TABLE_CONSTRAINTS(
- PRIMARY KEY(hash)
- )
-CREATE_TABLE_END()
-
-CREATE_TABLE(AcePromptDecision)
- COLUMN_NOT_NULL(app_id, INTEGER,)
- COLUMN_NOT_NULL(decision, INTEGER, check(decision between 0 and 5))
- COLUMN(session, TEXT,)
- COLUMN_NOT_NULL(rule_id, INTEGER,)
- TABLE_CONSTRAINTS(
- PRIMARY KEY(app_id,rule_id)
- )
-CREATE_TABLE_END()
-
-CREATE_TABLE(AceAttribute)
- COLUMN_NOT_NULL(attr_id, INTEGER, primary key autoincrement)
- COLUMN_NOT_NULL(name, TEXT,)
- COLUMN_NOT_NULL(type, INTEGER, check(type between 0 and 4))
-
- TABLE_CONSTRAINTS(unique(name,type))
-CREATE_TABLE_END()
-
-CREATE_TABLE(AceSubject)
- COLUMN_NOT_NULL(subject_id, INTEGER, primary key autoincrement)
- COLUMN_NOT_NULL(id_uri, TEXT, unique)
-CREATE_TABLE_END()
-
-CREATE_TABLE(AceDevCap)
- COLUMN_NOT_NULL(resource_id, INTEGER, primary key autoincrement)
- COLUMN_NOT_NULL(id_uri, TEXT, unique)
- COLUMN_NOT_NULL(general_setting,INTEGER, check(general_setting between -1 and 4))
-CREATE_TABLE_END()
-
-CREATE_TABLE(AceWidgetDevCapSetting)
- COLUMN_NOT_NULL(app_id, INTEGER, not null)
- COLUMN_NOT_NULL(resource_id, INTEGER, references AceDevCap(resource_id))
- COLUMN_NOT_NULL(access_value, INTEGER, check(access_value between -1 and 4))
-
- TABLE_CONSTRAINTS(unique(app_id,resource_id))
-CREATE_TABLE_END()
-
-CREATE_TABLE(AceRequestedDevCaps)
- COLUMN_NOT_NULL(app_id, INTEGER, not null)
- COLUMN_NOT_NULL(grant_smack, INTEGER, not null)
- COLUMN_NOT_NULL(dev_cap, TEXT,)
-
- TABLE_CONSTRAINTS(unique(app_id,dev_cap))
-CREATE_TABLE_END()
-
-CREATE_TABLE(AceAcceptedFeature)
- COLUMN_NOT_NULL(app_id, INTEGER, not null)
- COLUMN_NOT_NULL(feature, TEXT, not null)
-
- TABLE_CONSTRAINTS(unique(app_id,feature))
-CREATE_TABLE_END()
-
-CREATE_TABLE(WidgetInfo)
- COLUMN_NOT_NULL(app_id, INTEGER, PRIMARY KEY)
- COLUMN(widget_type, INT, DEFAULT 1)
- COLUMN(widget_id, VARCHAR(256), DEFAULT '')
- COLUMN(widget_version, VARCHAR(256), DEFAULT '')
- COLUMN(author_name, VARCHAR(256), DEFAULT '')
- COLUMN(share_href, VARCHAR(256), DEFAULT '')
-CREATE_TABLE_END()
-
-CREATE_TABLE(WidgetCertificateFingerprint)
- COLUMN_NOT_NULL(app_id, INT,)
- COLUMN_NOT_NULL(owner, INT,)
- COLUMN_NOT_NULL(chainid, INT,)
- COLUMN_NOT_NULL(type, INT,)
- COLUMN(md5_fingerprint, VARCHAR(64),)
- COLUMN(sha1_fingerprint, VARCHAR(64),)
- COLUMN(common_name, VARCHAR(64),)
- TABLE_CONSTRAINTS(
- PRIMARY KEY (app_id, chainid, owner, type)
- FOREIGN KEY (app_id) REFERENCES WidgetInfo (app_id) ON DELETE CASCADE
- )
-CREATE_TABLE_END()
-
-SQL(
- COMMIT;
-)
+++ /dev/null
-DATABASE_START(ace)
-
-#include "ace_db"
-#include "version_db"
-
-DATABASE_END()
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file wrt_db_sql_generator.h
- * @author Bartosz Janiak (b.janiak@samsung.com)
- * @version 1.0
- * @brief Macro definitions for generating the SQL input file from database definition.
- */
-
-//Do not include this file directly! It is used only for SQL code generation.
-
-#include <dpl/db/orm_macros.h>
-
-#include "ace_db_definitions"
+++ /dev/null
-#!/bin/sh
-# Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-CHECKSUM=`cat ${2} ${3} 2>/dev/null | md5sum 2>/dev/null | cut -d\ -f1 2>/dev/null`
-echo "#define DB_CHECKSUM DB_VERSION_${CHECKSUM}" > ${1}
-echo "#define DB_CHECKSUM_STR \"DB_VERSION_${CHECKSUM}\"" >> ${1}
-
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#ifndef ORM_GENERATOR_ACE_H
-#define ORM_GENERATOR_ACE_H
-
-#define ORM_GENERATOR_DATABASE_NAME ace_db_definitions
-#include <dpl/db/orm_generator.h>
-#undef ORM_GENERATOR_DATABASE_NAME
-
-#endif
+++ /dev/null
-SQL(
- BEGIN TRANSACTION;
- CREATE TABLE DB_CHECKSUM (version INT);
- COMMIT;
-)
+++ /dev/null
-ADD_SUBDIRECTORY(src)
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/**
- * @file ace_client.h
- * @author Tomasz Swierczek (t.swierczek@samsung.com)
- * @version 1.0
- * @brief This file contains definitions of AceThinClient API
- */
-#ifndef WRT_ACE_CLIENT_H
-#define WRT_ACE_CLIENT_H
-
-#include <dpl/noncopyable.h>
-#include <dpl/singleton.h>
-#include <dpl/exception.h>
-#include <ace-client/ace_client_types.h>
-
-class WebRuntimeImpl;
-class ResourceInformationImpl;
-class OperationSystemImpl;
-
-namespace AceClient {
-
-class AceThinClientImpl;
-
-class AceThinClient : private DPL::Noncopyable {
- public:
- class Exception
- {
- public:
- DECLARE_EXCEPTION_TYPE(DPL::Exception, Base)
- DECLARE_EXCEPTION_TYPE(Base, AceThinClientException)
- };
-
- bool checkFunctionCall(const AceRequest& ace_request) const;
- AcePreference getWidgetResourcePreference(
- const AceResource& resource,
- const AceWidgetHandle& handle) const;
- AceResourcesPreferences* getGlobalResourcesPreferences() const;
- bool isInitialized() const;
-
- private:
- AceThinClient();
- virtual ~AceThinClient();
-
- AceThinClientImpl* m_impl;
- friend class DPL::Singleton<AceThinClient>;
- WebRuntimeImpl* m_wrt;
- ResourceInformationImpl* m_res;
- OperationSystemImpl* m_sys;
-};
-
-typedef DPL::Singleton<AceThinClient> AceThinClientSingleton;
-
-} // namespace AceClient
-
-#endif // WRT_ACE_CLIENT_H
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/**
- * @file ace_client_helper.h
- * @author Tomasz Swierczek (t.swierczek@samsung.com)
- * @version 1.0
- * @brief This file contains definitions of AceClient helper types and
- * functions.
- */
-#ifndef WRT_ACE_CLIENT_HELPER_H
-#define WRT_ACE_CLIENT_HELPER_H
-
-#include <string>
-#include <vector>
-#include <dpl/foreach.h>
-
-#include <ace-dao-ro/IRequest.h>
-#include <ace-dao-ro/PreferenceTypes.h>
-
-#include "ace_client_types.h"
-
-namespace AceClient {
-
-AcePreference toAcePreference(AceDB::PreferenceTypes preference)
-{
- switch (preference) {
- case AceDB::PreferenceTypes::PREFERENCE_PERMIT: {
- return PREFERENCE_PERMIT; }
- case AceDB::PreferenceTypes::PREFERENCE_DENY: {
- return PREFERENCE_DENY; }
- case AceDB::PreferenceTypes::PREFERENCE_DEFAULT: {
- return PREFERENCE_DEFAULT; }
- case AceDB::PreferenceTypes::PREFERENCE_BLANKET_PROMPT: {
- return PREFERENCE_BLANKET_PROMPT; }
- case AceDB::PreferenceTypes::PREFERENCE_SESSION_PROMPT: {
- return PREFERENCE_SESSION_PROMPT; }
- case AceDB::PreferenceTypes::PREFERENCE_ONE_SHOT_PROMPT: {
- return PREFERENCE_ONE_SHOT_PROMPT; }
- }
- return PREFERENCE_DEFAULT;
-}
-
-typedef std::vector<std::string> AceParamKeys;
-typedef std::vector<std::string> AceParamValues;
-
-class AceFunctionParam
-{
- public:
- virtual ~AceFunctionParam()
- {
- }
-
- void addAttribute(const std::string& key,
- const std::string& value)
- {
- m_paramMap.insert(std::make_pair(key, value));
- }
-
- AceParamKeys getKeys() const
- {
- AceParamKeys out;
- FOREACH (it, m_paramMap) {
- out.push_back(it->first);
- }
- return out;
- }
-
- AceParamValues getValues() const
- {
- AceParamValues out;
- FOREACH (it, m_paramMap) {
- out.push_back(it->second);
- }
- return out;
- }
-
- static std::string aceFunctionParamToken;
-
- private:
- typedef std::multimap<std::string, std::string> ParamMap;
- ParamMap m_paramMap;
-};
-
-typedef std::vector <AceFunctionParam> AceFunctionParams;
-
-class AceBasicRequest : public AceDB::IRequest {
- public:
- AceBasicRequest(const AceSubject& subject,
- const AceResource& resource) :
- m_subject(subject),
- m_resource(resource)
- {
- }
-
- AceBasicRequest(const AceSubject& subject,
- const AceResource& resource,
- const AceFunctionParam& param) :
- m_subject(subject),
- m_resource(resource),
- m_param(param)
- {
- }
- virtual const std::string& getSubjectId() const
- {
- return m_subject;
- }
- virtual const std::string& getResourceId() const
- {
- return m_resource;
- }
- virtual const AceFunctionParam& getFunctionParam() const
- {
- return m_param;
- }
-
- private:
- AceSubject m_subject;
- AceResource m_resource;
- AceFunctionParam m_param;
-};
-
-typedef std::vector <AceBasicRequest> AceBasicRequests;
-
-} // namespace AceClient
-
-#endif // WRT_ACE_CLIENT_HELPER_H
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/**
- * @file ace_client_types.h
- * @author Tomasz Swierczek (t.swierczek@samsung.com)
- * @version 1.0
- * @brief This file contains definitions of AceClient types
- */
-#ifndef WRT_ACE_CLIENT_TYPES_H
-#define WRT_ACE_CLIENT_TYPES_H
-
-#include <string>
-#include <utility>
-#include <map>
-
-namespace AceClient {
-
-typedef int AceWidgetHandle;
-typedef void* AceJobWidgetInstallId;
-
-typedef std::string AceResource;
-typedef std::string AceSubject;
-typedef std::string AceSessionId;
-
-enum AcePreference
-{
- PREFERENCE_PERMIT,
- PREFERENCE_DENY,
- PREFERENCE_DEFAULT,
- PREFERENCE_BLANKET_PROMPT,
- PREFERENCE_SESSION_PROMPT,
- PREFERENCE_ONE_SHOT_PROMPT
-};
-
-typedef std::map<std::string, AcePreference> AceResourcesPreferences;
-typedef std::pair<std::string, AcePreference> AceResurcePreference;
-
-struct AceParam
-{
- const char *name;
- const char *value;
-
- AceParam():
- name(NULL), value(NULL)
- {}
-
- AceParam(const char *name, const char *value):
- name(name), value(value)
- {}
-};
-
-struct AceParamList
-{
- size_t count;
- AceParam* param;
- AceParamList():
- count(0),
- param(NULL)
- {}
-};
-
-struct AceDeviceCap
-{
- size_t devcapsCount;
- const char** devCapNames;
- size_t paramsCount;
- AceParamList* params;
- AceDeviceCap():
- devcapsCount(0),
- devCapNames(NULL),
- paramsCount(0),
- params(NULL)
- {}
-};
-
-struct AceApiFeatures
-{
- size_t count;
- const char** apiFeature;
- AceApiFeatures():
- count(0),
- apiFeature(NULL)
- {}
-};
-
-struct AceRequest
-{
- AceSessionId sessionId;
- AceWidgetHandle widgetHandle;
- AceApiFeatures apiFeatures;
- const char* functionName;
- AceDeviceCap deviceCapabilities;
- AceRequest():
- widgetHandle(0),
- apiFeatures(),
- functionName(NULL),
- deviceCapabilities()
- {}
-};
-
-} // namespace AceClient
-
-#endif // WRT_ACE_CLIENT_TYPES_H
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file ace_api_client.h
- * @author Tomasz Swierczek (t.swierczek@samsung.com)
- * @version 1.0
- * @brief This is C api for Access Control Engine (ACE), client mode
- * (RO part).
- */
-
-#ifndef ACE_API_CLIENT_H
-#define ACE_API_CLIENT_H
-
-#include <ace_api_common.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/*
- * API defined in this header should be used only from one thread. If used
- * otherwise, unexpected behaviour may occur, including segmentation faults and
- * escalation of global warming. Be warned.
- */
-
-// --------------- Initialization and deinitialization -------------------------
-
-/*
- * Function type that must be implemented externally and passed to ACE
- * on initialization. This function must show to the user a popup with
- * information on access request to single device capability. Will be used by
- * implementation of ace_check_access API, when policy requires to display
- * popup.
- *
- * Function must be synchronous and must behave accordingly:
- *
- * Function may return value other than ACE_OK, but it will be treated as
- * denial of access.
- *
- * If returned value is ACE_OK, then 'validation_result' must hold information
- * on whether the access was granted or not.
- *
- * Executed function must display a popup with readable information presented to
- * user, covering 'resource_name' that is to be accessed for 'handle' widget
- * which is requesting the access.
- *
- * In its implementation, after the user answered to displayed question,
- * UI handler must call popup answer validation API (ace_validate_answer)
- * from separate, ace-popup-validation library, with passed 'param_list',
- * 'session_id', 'handle' and given answer as arguments. Validation result
- * returned by ace_validate_answer needs to be returned in 'validation_result'
- * parameter of UI handler.
- *
- * 'popup_type' describes what kind of options should be given to user - i.e.
- * ONESHOT prompt only gives possibility to answer Permit/Deny and returned
- * validity for this prompt must be ONCE. PER_SESSION prompt allows to return
- * validity ONCE or PER_SESSION. BLANKET prompt allows to return any validity,
- * as defined in ace_validity_t.
- *
- * This call must be made from properly SMACK labelled, safe process - otherwise
- * the validation will not occur in security daemon and caller will not be
- * granted access to requested device capability.
- */
-typedef ace_return_t (*ace_popup_handler_func_t)(
- ace_popup_t popup_type,
- const ace_resource_t resource_name,
- const ace_session_id_t session_id,
- const ace_param_list_t* param_list,
- ace_widget_handle_t handle,
- ace_bool_t* validation_result);
-
-/*
- * Initializes ACE for check access API (client mode). Must be called only once.
- * Keep in mind that initializing ACE in client mode disallows usage of API
- * defined in ace_api.h and ace_api_settings.h (RW part).
- *
- * 'handler' must not be NULL, see definition of ace_popup_handler_func_t for
- * more information.
- *
- * Returns error or ACE_OK.
- */
-ace_return_t ace_client_initialize(ace_popup_handler_func_t handler);
-
-/*
- * Deinitializes ACE client for check access API. Can be called only once.
- */
-ace_return_t ace_client_shutdown(void);
-
-// --------------- Check Access API --------------------------------------------
-
-/*
- * Does ACE check with set of device capabilities and function parameters.
- * Checks cache first, if it is non-existent, does full ACE check.
- *
- * Returns error or ACE_OK and information if access was allowed or not
- * (value ACE_TRUE or ACE_FALSE is in 'access' argument, only if returned value
- * is ACE_OK - otherwise, 'access' value is undefined)
- */
-ace_return_t ace_check_access(const ace_request_t* request, ace_bool_t* access);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif // ACE_API_CLIENT_H
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file ace_popup_handler.h
- * @author Tomasz Swierczek (t.swierczek@samsung.com)
- * @version 1.0
- * @brief Private header for access to UI handling function.
- * (RO part).
- */
-
-#ifndef ACE_POPUP_HANDLER_H
-#define ACE_POPUP_HANDLER_H
-
-#include <ace_api_client.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-extern ace_popup_handler_func_t popup_func;
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif // ACE_POPUP_HANDLER_H
+++ /dev/null
-include(FindPkgConfig)
-
-PKG_CHECK_MODULES(ACE_CLIENT_DEPS
- dpl-efl
- dpl-event-efl
- dpl-dbus-efl
- REQUIRED
- )
-
-SET(ACE_CLIENT_DIR
- ${PROJECT_SOURCE_DIR}/ace_client
- )
-
-SET(ACE_CLIENT_SRC_DIR
- ${ACE_CLIENT_DIR}/src
- )
-
-SET(ACE_CLIENT_INCLUDE_DIR
- ${ACE_CLIENT_DIR}/include
- )
-
-SET(ACE_CLIENT_SOURCES
- ${COMMUNICATION_CLIENT_SOURCES}
- ${ACE_CLIENT_SRC_DIR}/ace_client.cpp
- ${ACE_CLIENT_SRC_DIR}/ace_api_client.cpp
- ${PROJECT_SOURCE_DIR}/src/services/ace/logic/attribute_facade.cpp
- ${PROJECT_SOURCE_DIR}/src/services/ace/logic/simple_roaming_agent.cpp
- )
-
-SET(ACE_CLIENT_INCLUDES
- ${COMMUNICATION_CLIENT_INCLUDES}
- ${ACE_CLIENT_DEPS_INCLUDE_DIRS}
- ${ACE_CLIENT_INCLUDE_DIR}
- ${PROJECT_SOURCE_DIR}/ace_common/include
- ${PROJECT_SOURCE_DIR}/src/services/ace
- ${PROJECT_SOURCE_DIR}/src/services/ace/
- ${PROJECT_SOURCE_DIR}/src/services/ace/logic
- ${PROJECT_SOURCE_DIR}/src/services/popup
- ${PROJECT_SOURCE_DIR}/popup_process
- ${PROJECT_SOURCE_DIR}/ace/include
- )
-
-ADD_DEFINITIONS(${ACE_CLIENT_DEPS_CFLAGS})
-ADD_DEFINITIONS(${ACE_CLIENT_CFLAGS_OTHER})
-
-INCLUDE_DIRECTORIES(${ACE_CLIENT_INCLUDES})
-
-ADD_LIBRARY(${TARGET_ACE_CLIENT_LIB} SHARED ${ACE_CLIENT_SOURCES})
-
-SET_TARGET_PROPERTIES(${TARGET_ACE_CLIENT_LIB} PROPERTIES
- SOVERSION ${API_VERSION}
- VERSION ${VERSION})
-
-SET_TARGET_PROPERTIES(${TARGET_ACE_CLIENT_LIB} PROPERTIES
- COMPILE_FLAGS -fPIC)
-
-TARGET_LINK_LIBRARIES(${TARGET_ACE_CLIENT_LIB}
- ${ACE_CLIENT_DEPS_LIBRARIES}
- ${TARGET_ACE_DAO_RO_LIB}
- ${TARGET_ACE_LIB}
- )
-
-INSTALL(TARGETS ${TARGET_ACE_CLIENT_LIB}
- DESTINATION lib)
-
-INSTALL(FILES
-# ${ACE_CLIENT_INCLUDE_DIR}/ace-client/ace_client.h
-# ${ACE_CLIENT_INCLUDE_DIR}/ace-client/ace_client_types.h
- ${ACE_CLIENT_INCLUDE_DIR}/ace_api_client.h
- DESTINATION include/ace-client
- )
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/**
- * @file ace_api_client.cpp
- * @author Tomasz Swierczek (t.swierczek@samsung.com)
- * @version 1.0
- * @brief This file contains implementation of ACE client API
- */
-
-#include <dpl/log/log.h>
-#include <ace_popup_handler.h>
-#include "ace_api_client.h"
-#include "ace-client/ace_client.h"
-
-#include <string>
-#include <vector>
-#include <dpl/dbus/dbus_client.h>
-#include "popup_response_server_api.h"
-#include "security_daemon_dbus_config.h"
-//#include "PromptModel.h"
-
-ace_return_t ace_client_initialize(ace_popup_handler_func_t handler)
-{
- if (!AceClient::AceThinClientSingleton::Instance().isInitialized()) {
- return ACE_INTERNAL_ERROR;
- }
- popup_func = handler;
- // Changed order of checks to make API run with old popup implementation
- // instead of always needing the popup handler to be implemented.
- if (NULL == handler) {
- LogError("NULL argument(s) passed");
- return ACE_INVALID_ARGUMENTS;
- }
- return ACE_OK;
-}
-
-ace_return_t ace_client_shutdown(void)
-{
- popup_func = NULL;
- return ACE_OK;
-}
-
-ace_return_t ace_check_access(const ace_request_t* request, ace_bool_t* access)
-{
- if (NULL == request || NULL == access) {
- LogError("NULL argument(s) passed");
- return ACE_INVALID_ARGUMENTS;
- }
-
- AceClient::AceRequest aceRequest;
- aceRequest.sessionId = request->session_id;
- aceRequest.widgetHandle = request->widget_handle;
-
- aceRequest.apiFeatures.count = request->feature_list.count;
- aceRequest.apiFeatures.apiFeature =
- const_cast<const char**>(request->feature_list.items);
- aceRequest.functionName = NULL; // TODO will be removed
- aceRequest.deviceCapabilities.devcapsCount = request->dev_cap_list.count;
- aceRequest.deviceCapabilities.paramsCount = request->dev_cap_list.count;
-
- char** devCapNames = new char*[request->dev_cap_list.count];
- AceClient::AceParamList* paramList =
- new AceClient::AceParamList[request->dev_cap_list.count];
-
- unsigned int i;
- for (i = 0; i < request->dev_cap_list.count; ++i) {
- devCapNames[i] = request->dev_cap_list.items[i].name;
- paramList[i].count = request->dev_cap_list.items[i].param_list.count;
-
- paramList[i].param = new AceClient::AceParam[
- request->dev_cap_list.items[i].param_list.count];
-
- unsigned int j;
- for (j = 0; j < request->dev_cap_list.items[i].param_list.count; ++j) {
- paramList[i].param[j].name =
- request->dev_cap_list.items[i].param_list.items[j].name;
- paramList[i].param[j].value =
- request->dev_cap_list.items[i].param_list.items[j].value;
-
- }
- }
-
- aceRequest.deviceCapabilities.devCapNames =
- const_cast<const char**>(devCapNames);
- aceRequest.deviceCapabilities.params = paramList;
-
- bool ret = false;
-
- Try {
- ret = AceClient::AceThinClientSingleton::
- Instance().checkFunctionCall(aceRequest);
- *access = ret ? ACE_TRUE : ACE_FALSE;
- } Catch (AceClient::AceThinClient::Exception::AceThinClientException) {
- LogError("Ace client exception");
- delete [] devCapNames;
- for (i = 0; i < request->dev_cap_list.count; ++i) {
- delete [] paramList[i].param;
- }
- delete [] paramList;
- return ACE_INTERNAL_ERROR;
- }
-
- delete [] devCapNames;
- for (i = 0; i < request->dev_cap_list.count; ++i) {
- delete [] paramList[i].param;
- }
- delete [] paramList;
- return ACE_OK;
-}
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/**
- * @file ace_client.cpp
- * @author Tomasz Swierczek (t.swierczek@samsung.com)
- * @version 1.0
- * @brief This file contains implementation of AceThinClient class
- */
-
-#include <memory>
-#include <set>
-#include <map>
-
-#include <dpl/optional.h>
-#include <dpl/string.h>
-#include <dpl/optional_typedefs.h>
-#include <dpl/log/log.h>
-#include <dpl/singleton_safe_impl.h>
-#include <ace-dao-ro/PromptModel.h>
-
-#include <ace_popup_handler.h>
-
-#include "ace_server_api.h"
-#include "popup_response_server_api.h"
-#include "ace-client/ace_client.h"
-#include "ace-client/ace_client_helper.h"
-#include <attribute_facade.h>
-#include <ace/Request.h>
-
-// ACE tests need to use mock implementations
-#ifdef ACE_CLIENT_TESTS
-
-#include "AceDAOReadOnly_mock.h"
-#include "communication_client_mock.h"
-#include "PolicyInformationPoint_mock.h"
-
-#else
-
-#include <ace-dao-ro/AceDAOReadOnly.h>
-#include "SecurityCommunicationClient.h"
-#include <ace/PolicyInformationPoint.h>
-
-#endif // ACE_CLIENT_TESTS
-
-IMPLEMENT_SAFE_SINGLETON(AceClient::AceThinClient)
-
-ace_popup_handler_func_t popup_func = NULL;
-
-namespace AceClient {
-
-namespace {
-// These devcaps actually are not requested in config file, so should be treaded
-// as if were requested (access tags/WARP will block request if desired)
-const std::string DEVCAP_EXTERNAL_NETWORK_ACCESS = "externalNetworkAccess";
-const std::string DEVCAP_XML_HTTP_REQUEST = "XMLHttpRequest";
-} // anonymous
-
-
-std::string AceFunctionParam::aceFunctionParamToken = "param:function";
-
-// popup cache result
-
-enum class AceCachedPromptResult {
- PERMIT,
- DENY,
- ASK_POPUP
-};
-
-// AceThinClient implementation singleton
-class AceThinClientImpl {
- public:
- bool checkFunctionCall(const AceRequest& ace_request);
- AcePreference getWidgetResourcePreference(
- const AceResource& resource,
- const AceWidgetHandle& handle) const;
- AceResourcesPreferences* getGlobalResourcesPreferences() const;
- bool isInitialized() const;
-
- AceThinClientImpl();
- ~AceThinClientImpl();
-
- protected:
- bool containsNetworkDevCap(const AceRequest &ace_request);
- bool checkFeatureList(const AceRequest& ace_request);
- private:
- WebRuntimeImpl* m_wrt;
- ResourceInformationImpl* m_res;
- OperationSystemImpl* m_sys;
- WrtSecurity::Communication::Client *m_communicationClient, *m_popupValidationClient;
-
- AceSubject getSubjectForHandle(AceWidgetHandle handle) const;
- AceCachedPromptResult getCachedPromptResult(
- WidgetHandle widgetHandle,
- int ruleId,
- const AceSessionId& sessionId) const;
- bool askUser(PolicyEffect popupType,
- const AceRequest& ace_request,
- const AceBasicRequest& request);
- // Prompt validation
- bool validatePopupResponse(
- const AceRequest& ace_request,
- const AceBasicRequest& request,
- bool answer = true,
- Prompt::Validity validity = Prompt::Validity::ALWAYS);
- mutable PolicyInformationPoint m_pip;
- DPL::Optional<std::set<DPL::String>> m_grantedDevCaps;
- std::set<std::string> m_acceptedFeatures;
-};
-
-AceThinClientImpl::AceThinClientImpl()
- : m_communicationClient(NULL),
- m_popupValidationClient(NULL),
- m_wrt(new WebRuntimeImpl()),
- m_res(new ResourceInformationImpl()),
- m_sys(new OperationSystemImpl()),
- m_pip(m_wrt, m_res, m_sys)
-{
- AceDB::AceDAOReadOnly::attachToThreadRO();
- Try {
- m_communicationClient = new WrtSecurity::Communication::Client(WrtSecurity::AceServerApi::INTERFACE_NAME());
- m_popupValidationClient = new WrtSecurity::Communication::Client(WrtSecurity::PopupServerApi::INTERFACE_NAME());
- } Catch (WrtSecurity::Communication::Client::Exception::SecurityCommunicationClientException) {
- if(m_communicationClient) delete m_communicationClient;
- if(m_popupValidationClient) delete m_popupValidationClient;
- delete m_wrt;
- delete m_res;
- delete m_sys;
- ReThrowMsg(AceThinClient::Exception::AceThinClientException,
- "Failed to call security daemon");
- }
-}
-
-AceThinClientImpl::~AceThinClientImpl()
-{
- Assert(NULL != m_communicationClient);
- Assert(NULL != m_popupValidationClient);
- delete m_communicationClient;
- delete m_popupValidationClient;
- delete m_wrt;
- delete m_res;
- delete m_sys;
- m_communicationClient = NULL;
- m_popupValidationClient = NULL;
- AceDB::AceDAOReadOnly::detachFromThread();
-
-}
-
-bool AceThinClientImpl::isInitialized() const
-{
- return NULL != m_communicationClient && NULL != m_popupValidationClient;
-}
-
-bool AceThinClientImpl::containsNetworkDevCap(const AceRequest &ace_request)
-{
- AceDeviceCap deviceCap = ace_request.deviceCapabilities;
- for (size_t j=0; j<deviceCap.devcapsCount; ++j) {
- if (!deviceCap.devCapNames[j]) {
- continue;
- }
- if (DEVCAP_XML_HTTP_REQUEST == deviceCap.devCapNames[j]
- || DEVCAP_EXTERNAL_NETWORK_ACCESS == deviceCap.devCapNames[j])
- {
- return true;
- }
- }
- return false;
-}
-
-bool AceThinClientImpl::checkFeatureList(const AceRequest& ace_request)
-{
- for (size_t i=0; i<ace_request.apiFeatures.count; ++i) {
- Assert(ace_request.apiFeatures.apiFeature[i]);
- std::string featureName(ace_request.apiFeatures.apiFeature[i]);
- LogInfo("Api feature: " << featureName);
- if (0 != m_acceptedFeatures.count(featureName)) {
- return true;
- }
- LogInfo("Api-feature was not requested in widget config: " <<
- featureName);
- }
- return false;
-}
-
-bool AceThinClientImpl::checkFunctionCall(const AceRequest& ace_request)
-{
- LogInfo("Enter");
-
- // fill the m_grantedDevCaps, if not yet initialized
- // TODO: This is not so pretty. AceThinClient is not explicitly
- // tied to a widget handle, yet we assume it is always used
- // with the same handle. This will be amended in a future
- // refactoring (already planned).
- if (m_grantedDevCaps.IsNull()) {
- m_grantedDevCaps = std::set<DPL::String>();
- m_acceptedFeatures.clear();
-
- AceDB::FeatureNameVector fvector;
- AceDB::AceDAOReadOnly::getAcceptedFeature(ace_request.widgetHandle, &fvector);
- for(size_t i=0; i<fvector.size(); ++i) {
- m_acceptedFeatures.insert(DPL::ToUTF8String(fvector[i]));
- }
- }
-
- AceSubject subject = getSubjectForHandle(ace_request.widgetHandle);
-
- // Create function params
- const AceDeviceCap& devcaps = ace_request.deviceCapabilities;
-
- LogInfo("Checking against config requested api-features.");
-
- // Network device caps are not connected with api-features.
- // We must pass empty api-feature when network dev cap is set.
- if (!containsNetworkDevCap(ace_request) && !checkFeatureList(ace_request)) {
- return false;
- }
-
- AceFunctionParams functionParams(devcaps.devcapsCount);
- for (size_t i = 0; i < devcaps.devcapsCount; ++i) {
- AceFunctionParam functionParam;
- functionParam.addAttribute(AceFunctionParam::aceFunctionParamToken,
- NULL == ace_request.functionName ?
- "" : ace_request.functionName);
- if (devcaps.paramsCount) {
- Assert(devcaps.params);
- for (size_t j = 0; j < devcaps.params[i].count; ++j) {
- Assert(devcaps.params[i].param &&
- devcaps.params[i].param[j].name &&
- devcaps.params[i].param[j].value);
- functionParam.addAttribute(
- std::string(devcaps.params[i].param[j].name),
- std::string(devcaps.params[i].param[j].value));
- }
- }
- functionParams.push_back(functionParam);
- }
-
- // Convert AceRequest to array of AceBasicRequests
- AceBasicRequests requests;
-
- for (size_t i = 0; i < devcaps.devcapsCount; ++i) {
- // Adding dev cap name here as resource id
- Assert(devcaps.devCapNames[i]);
- LogInfo("Device cap: " << devcaps.devCapNames[i]);
- AceBasicRequest request(subject,
- devcaps.devCapNames[i],
- functionParams[i]);
- requests.push_back(request);
- }
-
- // true means access granted, false - denied
- bool result = true;
-
- FOREACH(it, requests){
- // Getting attributes from ACE DAO
- AceBasicRequest& request = *it;
- AceDB::BaseAttributeSet attributeSet;
- AceDB::AceDAOReadOnly::getAttributes(&attributeSet);
-
- // If true, we need to make popup IPC and ask user for decision
- bool askPopup = false;
- // If true, we need to make IPC to security daemon for policy
- // decision on granting access
- bool askServer = false;
- // If askPopup == true, this is the kind of popup to be opened
- PolicyEffect popupType = PolicyEffect::PROMPT_ONESHOT;
-
- if (attributeSet.empty()) {
- // Treat this case as missed cache - ask security daemon
- LogInfo("Empty attribute set");
- askServer = true;
- } else {
- // Filling attributes with proper values
- FunctionParamImpl params;
- AceParamKeys keys = request.getFunctionParam().getKeys();
- AceParamValues values = request.getFunctionParam().getValues();
- for (size_t i = 0; i < keys.size(); ++i) {
- params.addAttribute(keys[i], values[i]);
- }
- Request req(ace_request.widgetHandle,
- WidgetExecutionPhase_Invoke,
- ¶ms);
- req.addDeviceCapability(request.getResourceId());
-
- m_pip.getAttributesValues(&req, &attributeSet);
-
- // Getting cached policy result
- OptionalExtendedPolicyResult exPolicyResult =
- AceDB::AceDAOReadOnly::getPolicyResult(attributeSet);
-
- if (exPolicyResult.IsNull()) {
- // Missed cache - ask security daemon
- LogInfo("Missed policy result cache");
- askServer = true;
- } else {
- // Cached value found - now interpret it
- LogInfo("Result in cache");
- OptionalPolicyEffect effect = exPolicyResult->policyResult.getEffect();
- if (effect.IsNull()) {
- // PolicyDecision is UNDETERMINED or NOT_APPLICABLE
- result = false;
- break;
- } else if (*effect == PolicyEffect::DENY) {
- // Access denied
- result = false;
- break;
- } else if (*effect == PolicyEffect::PERMIT) {
- // Access granted
- if (m_grantedDevCaps->find(
- DPL::FromASCIIString(request.getResourceId()))
- != m_grantedDevCaps->end())
- {
- continue;
- } else
- askServer = true;
- } else {
- // Check for cached popup response
- LogInfo("Checking cached popup response");
- AceCachedPromptResult promptCached =
- getCachedPromptResult(ace_request.widgetHandle,
- exPolicyResult->ruleId,
- ace_request.sessionId);
- if (promptCached == AceCachedPromptResult::PERMIT) {
- // Granted by previous popup
- LogDebug("Cache found OK");
- if (m_grantedDevCaps->find(
- DPL::FromASCIIString(request.getResourceId()))
- != m_grantedDevCaps->end())
- {
- LogDebug("SMACK given previously");
- continue;
- } else {
- if (*effect != PolicyEffect::PROMPT_BLANKET) {
- // This should not happen.
- LogDebug("This should not happen.");
- result = false;
- break;
- }
- if (!validatePopupResponse(ace_request,
- request)) {
- LogDebug("Daemon has not validated response.");
- result = false;
- break;
- } else {
- // Access granted, move on to next request
- LogDebug("SMACK granted, all OK");
- m_grantedDevCaps->insert(
- DPL::FromASCIIString(
- request.getResourceId()));
- continue;
- }
- }
- }
- if (promptCached == AceCachedPromptResult::DENY) {
- // Access denied by earlier popup
- result = false;
- break;
- }
- if (promptCached == AceCachedPromptResult::ASK_POPUP) {
- askPopup = true;
- popupType = *effect;
- }
- }
- }
- }
-
- if (askServer) {
- // IPC to security daemon
- // here we must check if we have a SMACK permission for
- // the device cap requested
- LogInfo("Asking security daemon");
- int serializedPolicyResult = 0;
- Try {
- m_communicationClient->call(WrtSecurity::AceServerApi::CHECK_ACCESS_METHOD(),
- ace_request.widgetHandle,
- request.getSubjectId(),
- request.getResourceId(),
- request.getFunctionParam().getKeys(),
- request.getFunctionParam().getValues(),
- ace_request.sessionId,
- &serializedPolicyResult);
- } Catch (WrtSecurity::Communication::Client::Exception::SecurityCommunicationClientException) {
- ReThrowMsg(AceThinClient::Exception::AceThinClientException,
- "Failed to call security daemon");
- }
- PolicyResult policyResult = PolicyResult::
- deserialize(serializedPolicyResult);
- OptionalPolicyEffect effect = policyResult.getEffect();
- if (effect.IsNull()) {
- // PolicyDecision is UNDETERMINED or NOT_APPLICABLE
- result = false;
- break;
- }
- if (*effect == PolicyEffect::DENY) {
- // Access denied
- result = false;
- break;
- }
- if (*effect == PolicyEffect::PERMIT) {
- // Access granted, move on to next request
- m_grantedDevCaps->insert(
- DPL::FromASCIIString(request.getResourceId()));
-
- continue;
- }
- // Policy says: ask user - setup popup kind
- popupType = *effect;
- askPopup = true;
- }
-
- if (askPopup) {
- result = askUser(popupType, ace_request, request);
- }
- }
- LogInfo("Result: " << (result ? "GRANTED" : "DENIED"));
- return result;
-}
-
-bool AceThinClientImpl::askUser(PolicyEffect popupType,
- const AceRequest& ace_request,
- const AceBasicRequest& request)
-{
- LogInfo("Asking popup");
- Assert(NULL != popup_func);
-
- const AceFunctionParam& fParam = request.getFunctionParam();
- AceParamKeys keys = fParam.getKeys();
- AceParamValues values = fParam.getValues();
-
- ace_popup_t ace_popup_type;
- ace_resource_t resource = const_cast<ace_session_id_t>(
- request.getResourceId().c_str());
- ace_session_id_t session = const_cast<ace_session_id_t>(
- ace_request.sessionId.c_str());;
- ace_param_list_t parameters;
- ace_widget_handle_t handle = ace_request.widgetHandle;
-
- parameters.count = keys.size();
- parameters.items = new ace_param_t[parameters.count];
- unsigned int i;
- for (i = 0; i < parameters.count; ++i) {
- parameters.items[i].name =
- const_cast<ace_string_t>(keys[i].c_str());
- parameters.items[i].value =
- const_cast<ace_string_t>(values[i].c_str());
- }
-
- switch (popupType) {
- case PolicyEffect::PROMPT_ONESHOT: {
- ace_popup_type = ACE_ONESHOT;
- break; }
- case PolicyEffect::PROMPT_SESSION: {
- ace_popup_type = ACE_SESSION;
- break; }
- case PolicyEffect::PROMPT_BLANKET: {
- ace_popup_type = ACE_BLANKET;
- break; }
- default: {
- LogError("Unknown popup type passed!");
- LogError("Maybe effect isn't a popup?");
- LogError("Effect number is: " << static_cast<int>(popupType));
- Assert(0); }
- }
-
- ace_bool_t answer = ACE_FALSE;
- ace_return_t ret = popup_func(ace_popup_type,
- resource,
- session,
- ¶meters,
- handle,
- &answer);
-
- delete [] parameters.items;
-
- if (ACE_OK != ret) {
- LogError("Error in popup handler");
- return false;
- }
-
- if (ACE_TRUE == answer) {
- m_grantedDevCaps->insert(
- DPL::FromASCIIString(request.getResourceId()));
- return true;
- }
-
- return false;
-}
-
-bool AceThinClientImpl::validatePopupResponse(
- const AceRequest& ace_request,
- const AceBasicRequest& request,
- bool answer,
- Prompt::Validity validity
- )
-{
- bool response = false;
- Try{
- m_popupValidationClient->call(
- WrtSecurity::PopupServerApi::VALIDATION_METHOD(),
- answer,
- static_cast<int>(validity),
- ace_request.widgetHandle,
- request.getSubjectId(),
- request.getResourceId(),
- request.getFunctionParam().getKeys(),
- request.getFunctionParam().getValues(),
- ace_request.sessionId,
- &response);
- } Catch (WrtSecurity::Communication::Client::Exception::SecurityCommunicationClientException) {
- ReThrowMsg(AceThinClient::Exception::AceThinClientException,
- "Failed to call security daemon");
- }
- return response;
-}
-
-AcePreference AceThinClientImpl::getWidgetResourcePreference (
- const AceResource& resource,
- const AceWidgetHandle& handle) const
-{
- return toAcePreference(
- AceDB::AceDAOReadOnly::getWidgetDevCapSetting(resource, handle));
-}
-
-AceResourcesPreferences* AceThinClientImpl::getGlobalResourcesPreferences()
-const
-{
- AceDB::PreferenceTypesMap globalSettingsMap;
- AceResourcesPreferences* acePreferences = new AceResourcesPreferences();
- AceDB::AceDAOReadOnly::getDevCapSettings(&globalSettingsMap);
- FOREACH(it, globalSettingsMap) {
- acePreferences->insert(
- AceResurcePreference((*it).first,
- toAcePreference((*it).second)));
- }
- return acePreferences;
-}
-
-AceSubject AceThinClientImpl::getSubjectForHandle(AceWidgetHandle handle) const
-{
- try
- {
- return AceDB::AceDAOReadOnly::getGUID(handle);
- }
- catch (AceDB::AceDAOReadOnly::Exception::DatabaseError& /*ex*/)
- {
- LogError("Couldn't find GIUD for handle " << handle);
- return "";
- }
-}
-
-AceCachedPromptResult AceThinClientImpl::getCachedPromptResult(
- WidgetHandle widgetHandle,
- int ruleId,
- const AceSessionId& sessionId) const
-{
- OptionalCachedPromptDecision promptDecision =
- AceDB::AceDAOReadOnly::getPromptDecision(
- widgetHandle,
- ruleId);
- if (promptDecision.IsNull()) {
- LogDebug("No cache");
- return AceCachedPromptResult::ASK_POPUP;
- } else {
- // These should not be stored in DB!
- Assert(PromptDecision::ALLOW_THIS_TIME
- != (*promptDecision).decision);
- Assert(PromptDecision::DENY_THIS_TIME
- != (*promptDecision).decision);
- if ((*promptDecision).decision ==
- PromptDecision::ALLOW_ALWAYS) {
- // Access granted via earlier popup
- LogDebug("ALLOW_ALWAYS");
- return AceCachedPromptResult::PERMIT;
- }
- if ((*promptDecision).decision ==
- PromptDecision::DENY_ALWAYS) {
- LogDebug("DENY_ALWAYS");
- // Access denied via earlier popup
- return AceCachedPromptResult::DENY;
- }
- // Only thing left is per session prompts
- if ((*promptDecision).session.IsNull()) {
- LogDebug("NO SESSION");
- return AceCachedPromptResult::ASK_POPUP;
- }
- AceSessionId cachedSessionId = DPL::ToUTF8String(*((*promptDecision).session));
- if ((*promptDecision).decision ==
- PromptDecision::ALLOW_FOR_SESSION) {
- if (cachedSessionId == sessionId) {
- // Access granted for this session.
- LogDebug("SESSION OK, PERMIT");
- return AceCachedPromptResult::PERMIT;
- } else {
- LogDebug("SESSION NOT OK, ASKING");
- return AceCachedPromptResult::ASK_POPUP;
- }
- }
- if ((*promptDecision).decision ==
- PromptDecision::DENY_FOR_SESSION) {
- if (cachedSessionId == sessionId) {
- // Access denied for this session.
- LogDebug("SESSION OK, DENY");
- return AceCachedPromptResult::DENY;
- } else {
- LogDebug("SESSION NOT OK, ASKING");
- return AceCachedPromptResult::ASK_POPUP;
- }
- }
- }
- LogDebug("NO RESULT, ASKING");
- return AceCachedPromptResult::ASK_POPUP;
-}
-
-// AceThinClient
-
-bool AceThinClient::checkFunctionCall(
- const AceRequest& ace_request) const
-{
- return m_impl->checkFunctionCall(ace_request);
-}
-
-AcePreference AceThinClient::getWidgetResourcePreference(
- const AceResource& resource,
- const AceWidgetHandle& handle) const
-{
- return m_impl->getWidgetResourcePreference(
- resource, handle);
-}
-
-AceResourcesPreferences* AceThinClient::getGlobalResourcesPreferences()
-const
-{
- return m_impl->getGlobalResourcesPreferences();
-}
-
-AceThinClient::AceThinClient()
-{
- m_impl = new AceThinClientImpl();
-}
-
-AceThinClient::~AceThinClient()
-{
- Assert(NULL != m_impl);
- delete m_impl;
-}
-
-bool AceThinClient::isInitialized() const
-{
- return NULL != m_impl && m_impl->isInitialized();
-}
-
-
-} // namespace AceClient
+++ /dev/null
-cmake_minimum_required(VERSION 2.6)
-project(ace-thin-client-example)
-
-include(FindPkgConfig)
-
-pkg_check_modules(DEPS
- dpl-efl
- REQUIRED)
-
-pkg_search_module(wrt-ace-client REQUIRED wrt-ace-client)
-
-set(TARGET_NAME "ace-thin-client-example")
-
-set(SRCS
- ace-thin-client-example.cpp)
-
-include_directories(${DEPS_INCLUDE_DIRS})
-include_directories(${wrt-ace-client_INCLUDE_DIRS})
-
-add_definitions("-DDPL_LOGS_ENABLED")
-
-add_executable(${TARGET_NAME} ${SRCS})
-
-target_link_libraries(${TARGET_NAME}
- ${DEPS_LDFLAGS}
- ${wrt-ace-client_LDFLAGS})
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file ace-thin-client-example.cpp
- * @author Tomasz Swierczek (t.swierczek@samsung.com)
- * @version 1.0
- * @brief Example usage of ACE thin client.
- */
-
-#include <ace_client.h>
-
-int main(int argc, char **argv)
-{
- AceClient::AceThinClient& client =
- AceClient::AceThinClientSingleton::Instance();
- client.initialize(); // this fires echo method - see logs
- client.deinitialize();
- return 0;
-}
-
+++ /dev/null
-INSTALL(FILES
- ${PROJECT_SOURCE_DIR}/ace_common/include/ace_api_common.h
- DESTINATION include/ace-common
- )
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file ace_api_common.h
- * @author Tomasz Swierczek (t.swierczek@samsung.com)
- * @version 1.0
- * @brief This is header for basic ACE data types and error codes
- */
-
-#ifndef ACE_API_COMMON_H
-#define ACE_API_COMMON_H
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-// --------------- Boolean type and errors -------------------------------------
-
-/*
- * Order and values of enum constants are part of API
- */
-typedef enum
-{
- ACE_FALSE,
- ACE_TRUE
-} ace_bool_t;
-
-typedef enum
-{
- ACE_OK, // Operation succeeded
- ACE_INVALID_ARGUMENTS, // Invalid input parameters
- ACE_INTERNAL_ERROR, // ACE internal error
- ACE_ACE_UNKNOWN_ERROR // Unexpected operation
-} ace_return_t;
-
-// --------------- Basic types -------------------------------------------------
-
-typedef size_t ace_size_t;
-typedef char* ace_string_t; // NULL-terminated string
-typedef int ace_widget_handle_t;
-typedef char* ace_resource_t;
-typedef char* ace_subject_t;
-typedef char* ace_session_id_t;
-typedef void* ace_private_data_t;
-
-// --------------- Access requests ---------------------------------------------
-
-typedef struct
-{
- ace_size_t count;
- ace_string_t* items;
-} ace_feature_list_t;
-
-typedef struct
-{
- ace_string_t name;
- ace_string_t value;
-} ace_param_t;
-
-typedef struct
-{
- ace_size_t count;
- ace_param_t* items;
-} ace_param_list_t;
-
-typedef struct
-{
- ace_string_t name;
- ace_param_list_t param_list;
-} ace_dev_cap_t;
-
-typedef struct
-{
- ace_size_t count;
- ace_dev_cap_t* items;
-} ace_dev_cap_list_t;
-
-typedef struct
-{
- ace_session_id_t session_id; // DEPRECATED will be removed
- ace_widget_handle_t widget_handle; // DEPRECATED will be removed
- ace_feature_list_t feature_list;
- ace_dev_cap_list_t dev_cap_list;
-} ace_request_t;
-
-// --------------- Popup data types --------------------------------------------
-
-/*
- * Popup types that can be requested to be displayed by ACE
- */
-typedef enum
-{
- ACE_ONESHOT,
- ACE_SESSION,
- ACE_BLANKET
-} ace_popup_t;
-
-/*
- * Validity of answer that can be returned by ACE popup
- */
-typedef enum
-{
- ACE_ONCE,
- ACE_PER_SESSION,
- ACE_ALWAYS
-} ace_validity_t;
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif // ACE_API_COMMON_H
+++ /dev/null
-ADD_SUBDIRECTORY(src)
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file ace_api_setup.h
- * @author Tomasz Swierczek (t.swierczek@samsung.com)
- * @version 1.0
- * @brief This is C api for Access Control Engine (ACE), installer mode
- * (RW part).
- *
- */
-
-#ifndef ACE_API_H
-#define ACE_API_H
-
-#include <ace_api_common.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/*
- * API defined in this header should be used only from one thread. If used
- * otherwise, unexpected behaviour may occur, including segmentation faults and
- * escalation of global warming. Be warned.
- */
-
-// --------------- Initialization and policy update ----------------------------
-
-/*
- * Initializes ACE - connects (RW) to the database. Must be called only once.
- * Returns ACE_OK or error
- */
-ace_return_t ace_install_initialize(void);
-
-/*
- * Deinitializes ACE - deinitialize internal structures, detach DB, etc.
- * Must be called only once.
- * Returns ACE_OK or error
- */
-ace_return_t ace_install_shutdown(void);
-
-/*
- * Updates policy - parses XML files from known locations (reason for no arguments),
- * also clears policy and prompt caches.
- * Returns ACE_OK or error
- */
-ace_return_t ace_update_policy(void);
-
-// --------------- Requested device capabilities API for installer -------------
-
-typedef struct
-{
- ace_string_t device_capability;
- ace_bool_t smack_granted;
-} ace_requested_dev_cap_t;
-
-typedef struct
-{
- ace_size_t count;
- ace_requested_dev_cap_t* items;
-} ace_requested_dev_cap_list_t;
-
-/*
- * Deletes data allocated by ace_get_requested_dev_caps - a helper function
- */
-ace_return_t ace_free_requested_dev_caps(ace_requested_dev_cap_list_t* caps);
-
-/*
- * Returns ACE_OK or error; 'caps' will hold device capabilities information.
- * To free allcated resources in 'caps', use ace_free_requested_dev_caps
- */
-ace_return_t ace_get_requested_dev_caps(ace_widget_handle_t handle,
- ace_requested_dev_cap_list_t* caps);
-
-/*
- * Returns error or ACE_OK
- */
-ace_return_t ace_set_requested_dev_caps(ace_widget_handle_t handle,
- const ace_requested_dev_cap_list_t* caps);
-
-// ---------------- Accepted Api featuresk API for installer ----------------
-
-
-ace_return_t ace_set_accepted_feature(ace_widget_handle_t handle,
- const ace_feature_list_t* flist);
-
-ace_return_t ace_rem_accepted_feature(ace_widget_handle_t handle);
-
-// --------------- Widget data setup for installation --------------------------
-
-typedef enum
-{
- WAC20 = 0,
- Tizen
-} ace_widget_type_t;
-
-struct widget_info {
- ace_widget_type_t type;
- ace_string_t id;
- ace_string_t version;
- ace_string_t author;
- ace_string_t shareHerf;
-};
-
-typedef enum
-{
- AUTHOR,
- DISTRIBUTOR,
- UNKNOWN
-} ace_cert_owner_t;
-
-typedef enum
-{
- ROOT,
- ENDENTITY
-} ace_cert_type_t;
-
-typedef struct certificate_data {
- ace_cert_owner_t owner;
- ace_cert_type_t type;
- int chain_id;
- ace_string_t md5_fp;
- ace_string_t sha1_fp;
- ace_string_t common_name;
-} ace_certificate_data;
-
-/*
- * Register widget info into database.
- * @param cert_data NULL terminated list of widget certificates
- */
-
-ace_return_t ace_register_widget(ace_widget_handle_t handle,
- struct widget_info* info,
- ace_certificate_data* cert_data[]);
-
-ace_return_t ace_unregister_widget(ace_widget_handle_t handle);
-
-ace_return_t ace_is_widget_installed(ace_widget_handle_t handle, bool *installed);
-
-/*
- * Gets widget type in 'type'. Use in installer to determine which policy will be used
- * by ACE for this widget.
- * Returns error or ACE_OK
- */
-ace_return_t ace_get_widget_type(ace_widget_handle_t handle,
- ace_widget_type_t* type);
-
-// --------------- Installation time policy check ------------------------------
-
-typedef enum
-{
- ACE_PERMIT,
- ACE_DENY,
- ACE_PROMPT,
- ACE_UNDEFINED
-} ace_policy_result_t;
-
-/*
- * Gets current policy evaluation for given device capability and given widget.
- * Returns error or ACE_OK
- */
-ace_return_t ace_get_policy_result(const ace_resource_t,
- ace_widget_handle_t handle,
- ace_policy_result_t* result);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif // ACE_API_H
+++ /dev/null
-include(FindPkgConfig)
-
-PKG_CHECK_MODULES(ACE_INSTALL_DEPS
- dpl-efl
- dpl-dbus-efl
- REQUIRED
- )
-
-SET(ACE_INSTALL_DIR
- ${PROJECT_SOURCE_DIR}/ace_install
- )
-
-SET(ACE_INSTALL_SRC_DIR
- ${ACE_INSTALL_DIR}/src
- )
-
-SET(ACE_INSTALL_INCLUDE_DIR
- ${ACE_INSTALL_DIR}/include
- )
-
-SET(ACE_INSTALL_SOURCES
- ${COMMUNICATION_CLIENT_SOURCES}
- ${ACE_INSTALL_SRC_DIR}/ace_api_install.cpp
- )
-
-SET(ACE_INSTALL_INCLUDES
- ${COMMUNICATION_CLIENT_INCLUDES}
- ${ACE_INSTALL_DEPS_INCLUDE_DIRS}
- ${ACE_INSTALL_INCLUDE_DIR}
- ${PROJECT_SOURCE_DIR}/ace_common/include
- ${PROJECT_SOURCE_DIR}/ace/include
- ${PROJECT_SOURCE_DIR}/src/services/ace
- ${PROJECT_SOURCE_DIR}/src/services/ace/dbus/api
- ${PROJECT_SOURCE_DIR}/src/daemon/dbus
- )
-
-ADD_DEFINITIONS(${ACE_INSTALL_DEPS_CFLAGS})
-ADD_DEFINITIONS(${ACE_INSTALL_CFLAGS_OTHER})
-
-INCLUDE_DIRECTORIES(${ACE_INSTALL_INCLUDES})
-
-ADD_LIBRARY(${TARGET_ACE_INSTALL_LIB} SHARED ${ACE_INSTALL_SOURCES})
-
-SET_TARGET_PROPERTIES(${TARGET_ACE_INSTALL_LIB} PROPERTIES
- SOVERSION ${API_VERSION}
- VERSION ${VERSION})
-
-SET_TARGET_PROPERTIES(${TARGET_ACE_INSTALL_LIB} PROPERTIES
- COMPILE_FLAGS -fPIC)
-
-TARGET_LINK_LIBRARIES(${TARGET_ACE_INSTALL_LIB}
- ${ACE_INSTALL_DEPS_LIBRARIES}
- ${TARGET_ACE_DAO_RW_LIB}
- )
-
-INSTALL(TARGETS ${TARGET_ACE_INSTALL_LIB}
- DESTINATION lib)
-
-INSTALL(FILES
- ${ACE_INSTALL_INCLUDE_DIR}/ace_api_install.h
- DESTINATION include/ace-install
- )
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/**
- * @file ace_api_install.cpp
- * @author Tomasz Swierczek (t.swierczek@samsung.com)
- * @version 1.0
- * @brief This file contains implementation ACE installator API
- */
-
-#include <string>
-#include <utility>
-#include <string.h>
-#include <dpl/log/log.h>
-#include <dpl/foreach.h>
-#include <dpl/string.h>
-#include "SecurityCommunicationClient.h"
-#include <ace-dao-rw/AceDAO.h>
-#include "ace_server_api.h"
-
-#include "ace_api_install.h"
-
-static WrtSecurity::Communication::Client *communicationClient = NULL;
-
-// helper functions
-
-static AceDB::AppTypes to_db_app_type(ace_widget_type_t widget_type)
-{
- switch (widget_type) {
- case WAC20:
- return AceDB::AppTypes::WAC20;
- case Tizen:
- return AceDB::AppTypes::Tizen;
- default:
- return AceDB::AppTypes::Unknown;
- }
-}
-
-static ace_widget_type_t to_ace_widget_type(AceDB::AppTypes app_type)
-{
- switch (app_type) {
- case AceDB::AppTypes::WAC20:
- return WAC20;
- case AceDB::AppTypes::Tizen:
- return Tizen;
- default:
- LogError("Invalid app type for widget");
- return WAC20;
- }
-}
-
-ace_return_t ace_install_initialize(void)
-{
- if (NULL != communicationClient) {
- LogError("ace_api_install already initialized");
- return ACE_INTERNAL_ERROR;
- }
- AceDB::AceDAO::attachToThreadRW();
- Try {
- communicationClient = new WrtSecurity::Communication::Client(
- WrtSecurity::AceServerApi::INTERFACE_NAME());
- } Catch (WrtSecurity::Communication::Client::Exception::SecurityCommunicationClientException) {
- LogError("Can't connect to daemon");
- return ACE_INTERNAL_ERROR;
- }
- return ACE_OK;
-}
-
-ace_return_t ace_install_shutdown(void)
-{
- if (NULL == communicationClient) {
- LogError("ace_api_install not initialized");
- return ACE_INTERNAL_ERROR;
- }
- delete communicationClient;
- communicationClient = NULL;
- AceDB::AceDAO::detachFromThread();
- return ACE_OK;
-}
-
-ace_return_t ace_update_policy(void)
-{
- Try {
- communicationClient->call(WrtSecurity::AceServerApi::UPDATE_POLICY_METHOD());
- } Catch (WrtSecurity::Communication::Client::Exception::SecurityCommunicationClientException) {
- LogError("Problem with connection to daemon");
- return ACE_INTERNAL_ERROR;
- }
- return ACE_OK;
-}
-
-ace_return_t ace_free_requested_dev_caps(ace_requested_dev_cap_list_t* caps)
-{
- if (NULL == caps || NULL == caps->items) {
- LogError("Invalid arguments");
- return ACE_INVALID_ARGUMENTS;
- }
- unsigned int i;
- for (i = 0; i < caps->count; ++i) {
- delete [] caps->items[i].device_capability;
- }
- delete [] caps->items;
- return ACE_OK;
-}
-
-ace_return_t ace_get_requested_dev_caps(ace_widget_handle_t handle,
- ace_requested_dev_cap_list_t* caps)
-{
- if (NULL == caps) {
- LogError("Invalid arguments");
- return ACE_INVALID_ARGUMENTS;
- }
- AceDB::RequestedDevCapsMap permissions;
- Try {
- AceDB::AceDAO::getRequestedDevCaps(
- handle, &permissions);
- } Catch(AceDB::AceDAOReadOnly::Exception::DatabaseError) {
- return ACE_INTERNAL_ERROR;
- }
- caps->items = new ace_requested_dev_cap_t[permissions.size()];
- caps->count = permissions.size();
- unsigned int i = 0;
- FOREACH (it, permissions) {
- std::string devCapRequested = DPL::ToUTF8String(it->first);
- caps->items[i].device_capability =
- new char[strlen(devCapRequested.c_str())+1];
- strcpy(caps->items[i].device_capability, devCapRequested.c_str());
- caps->items[i].smack_granted = it->second ? ACE_TRUE : ACE_FALSE;
- ++i;
- }
- return ACE_OK;
-}
-
-ace_return_t ace_set_requested_dev_caps(
- ace_widget_handle_t handle,
- const ace_requested_dev_cap_list_t* caps)
-{
- if (NULL == caps) {
- LogError("Invalid arguments");
- return ACE_INVALID_ARGUMENTS;
- }
- AceDB::RequestedDevCapsMap db_permissions;
- unsigned int i;
- for (i = 0; i < caps->count; ++i) {
- std::string devCap = std::string(caps->items[i].device_capability);
- db_permissions.insert(std::make_pair(DPL::FromUTF8String(devCap),
- caps->items[i].smack_granted == ACE_TRUE));
- }
- Try {
- AceDB::AceDAO::setRequestedDevCaps(
- handle, db_permissions);
- } Catch(AceDB::AceDAOReadOnly::Exception::DatabaseError) {
- return ACE_INTERNAL_ERROR;
- }
- return ACE_OK;
-}
-
-ace_return_t ace_set_accepted_feature(
- ace_widget_handle_t handle,
- const ace_feature_list_t *feature)
-{
- if (NULL == feature) {
- LogError("Invalid argument");
- return ACE_INVALID_ARGUMENTS;
- }
- AceDB::FeatureNameVector fvector;
- ace_size_t i;
- for (i = 0; i < feature->count; ++i) {
- fvector.push_back(
- DPL::FromUTF8String(feature->items[i]));
- }
- Try {
- AceDB::AceDAO::setAcceptedFeature(handle, fvector);
- } Catch(AceDB::AceDAOReadOnly::Exception::DatabaseError) {
- return ACE_INTERNAL_ERROR;
- }
- return ACE_OK;
-}
-
-ace_return_t ace_rem_accepted_feature(
- ace_widget_handle_t handle)
-{
- Try {
- AceDB::AceDAO::removeAcceptedFeature(handle);
- } Catch(AceDB::AceDAOReadOnly::Exception::DatabaseError) {
- return ACE_INTERNAL_ERROR;
- }
- return ACE_OK;
-}
-
-ace_return_t ace_register_widget(ace_widget_handle_t handle,
- struct widget_info *info,
- ace_certificate_data* cert_data[])
-{
- LogDebug("enter");
-
- if (NULL == info || AceDB::AceDAOReadOnly::isWidgetInstalled(handle))
- return ACE_INVALID_ARGUMENTS;
-
- AceDB::WidgetRegisterInfo wri;
- wri.type = to_db_app_type(info->type);
-
- if (info->id)
- wri.widget_id = DPL::FromUTF8String(info->id);
- if (info->version)
- wri.version = DPL::FromUTF8String(info->version);
- if (info->author)
- wri.authorName = DPL::FromUTF8String(info->author);
- if (info->shareHerf)
- wri.shareHref = DPL::FromUTF8String(info->shareHerf);
-
- AceDB::WidgetCertificateDataList dataList;
- if (NULL != cert_data) {
- AceDB::WidgetCertificateData wcd;
- ace_certificate_data* cd;
- int i = 0;
- while (cert_data[i] != NULL)
- {
- cd = cert_data[i++]; //increment
- switch(cd->type) {
- case ROOT:
- wcd.type = AceDB::WidgetCertificateData::Type::ROOT;
- break;
- case ENDENTITY:
- wcd.type = AceDB::WidgetCertificateData::Type::ENDENTITY;
- break;
- }
- switch(cd->owner) {
- case AUTHOR:
- wcd.owner = AceDB::WidgetCertificateData::Owner::AUTHOR;
- break;
- case DISTRIBUTOR:
- wcd.owner = AceDB::WidgetCertificateData::Owner::DISTRIBUTOR;
- break;
- case UNKNOWN: default:
- wcd.owner = AceDB::WidgetCertificateData::Owner::UNKNOWN;
- break;
- }
- wcd.chainId = cd->chain_id;
- if (cd->md5_fp)
- wcd.strMD5Fingerprint = cd->md5_fp;
- if (cd->sha1_fp)
- wcd.strSHA1Fingerprint = cd->sha1_fp;
- if (cd->common_name)
- wcd.strCommonName = DPL::FromUTF8String(cd->common_name);
- dataList.push_back(wcd);
- }
- LogDebug("All data set. Inserting into database.");
- }
-
- Try {
- AceDB::AceDAO::registerWidgetInfo((WidgetHandle)(handle), wri, dataList);
- LogDebug("AceDB entry done");
- } Catch(AceDB::AceDAOReadOnly::Exception::DatabaseError) {
- return ACE_INTERNAL_ERROR;
- }
- return ACE_OK;
-}
-
-ace_return_t ace_unregister_widget(ace_widget_handle_t handle)
-{
- Try {
- AceDB::AceDAO::unregisterWidgetInfo((WidgetHandle)(handle));
- } Catch(AceDB::AceDAOReadOnly::Exception::DatabaseError) {
- return ACE_INTERNAL_ERROR;
- }
- return ACE_OK;
-}
-
-ace_return_t ace_is_widget_installed(ace_widget_handle_t handle, bool *installed)
-{
- Try {
- *installed = AceDB::AceDAO::isWidgetInstalled((WidgetHandle)(handle));
- } Catch(AceDB::AceDAOReadOnly::Exception::DatabaseError) {
- return ACE_INTERNAL_ERROR;
- }
- return ACE_OK;
-}
-
-ace_return_t ace_get_widget_type(ace_widget_handle_t handle,
- ace_widget_type_t* type)
-{
- if (NULL == type) {
- LogError("Invalid arguments");
- return ACE_INVALID_ARGUMENTS;
- }
- Try {
- AceDB::AppTypes db_type = AceDB::AceDAO::getWidgetType(handle);
- *type = to_ace_widget_type(db_type);
- } Catch(AceDB::AceDAOReadOnly::Exception::DatabaseError) {
- return ACE_INTERNAL_ERROR;
- }
- return ACE_OK;
-}
-
-ace_return_t ace_get_policy_result(const ace_resource_t resource,
- ace_widget_handle_t handle,
- ace_policy_result_t* result)
-{
- if (NULL == result) {
- LogError("Invalid arguments");
- return ACE_INVALID_ARGUMENTS;
- }
- int serializedPolicyResult = 0;
- Try {
- std::string resource_str(resource);
- communicationClient->call(WrtSecurity::AceServerApi::CHECK_ACCESS_INSTALL_METHOD(),
- handle,
- resource_str,
- &serializedPolicyResult);
- } Catch (WrtSecurity::Communication::Client::Exception::SecurityCommunicationClientException) {
- LogError("Can't connect to daemon");
- return ACE_INTERNAL_ERROR;
- }
- PolicyResult policyResult = PolicyResult::
- deserialize(serializedPolicyResult);
- OptionalPolicyEffect effect = policyResult.getEffect();
- if (effect.IsNull()) {
- *result = ACE_UNDEFINED;
- } else if (*effect == PolicyEffect::DENY) {
- *result = ACE_DENY;
- } else if (*effect == PolicyEffect::PERMIT) {
- *result = ACE_PERMIT;
- } else if (*effect == PolicyEffect::PROMPT_ONESHOT ||
- *effect == PolicyEffect::PROMPT_BLANKET ||
- *effect == PolicyEffect::PROMPT_SESSION){
- *result = ACE_PROMPT;
- } else {
- *result = ACE_UNDEFINED;
- }
-
- return ACE_OK;
-}
+++ /dev/null
-ADD_SUBDIRECTORY(src)
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file ace_popup_validation_api.h
- * @author Tomasz Swierczek (t.swierczek@samsung.com)
- * @version 1.0
- * @brief This is C api for Access Control Engine (ACE), popup
- * validation library.
- *
- */
-
-#ifndef ACE_API_H
-#define ACE_API_H
-
-#include <ace_api_common.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-// --------------- Initialization and deinitialization -------------------------
-
-/*
- * Initializes the library.
- *
- * Returns error or ACE_OK.
- */
-ace_return_t ace_popup_validation_initialize(void);
-
-/*
- * Deinitializes the library.
- *
- * Returns error or ACE_OK.
- */
-ace_return_t ace_popup_validation_shutdown(void);
-
-// --------------- Popup answer validation API ---------------------------------
-
-/*
- * Validation of popup answer. This API must be called by implementation of
- * UI handler. The call must be made from safe process, specially labelled by
- * SMACK. If returned value is ACE_OK, 'validation_result' holds validation
- * result that needs to be passed by UI handler as validation result. Otherwise
- * value of 'validation_result' is undefined.
- *
- * See header ace_api_client.h for more details on where this function needs to
- * be called and what arguments need to be passed here.
- *
- * Returns error or ACE_OK.
- */
-ace_return_t ace_validate_answer(ace_bool_t answer,
- ace_validity_t validity,
- const ace_resource_t resource_name,
- const ace_session_id_t session_id,
- const ace_param_list_t* param_list,
- ace_widget_handle_t handle,
- ace_bool_t* validation_result);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif // ACE_API_H
+++ /dev/null
-include(FindPkgConfig)
-
-PKG_CHECK_MODULES(ACE_POPUP_VALIDATION_DEPS
- dpl-efl
- dpl-dbus-efl
- REQUIRED
- )
-
-SET(ACE_POPUP_VALIDATION_DIR
- ${PROJECT_SOURCE_DIR}/ace_popup_validation
- )
-
-SET(ACE_POPUP_VALIDATION_SRC_DIR
- ${ACE_POPUP_VALIDATION_DIR}/src
- )
-
-SET(ACE_POPUP_VALIDATION_INCLUDE_DIR
- ${ACE_POPUP_VALIDATION_DIR}/include
- )
-
-SET(ACE_POPUP_VALIDATION_SOURCES
- ${COMMUNICATION_CLIENT_SOURCES}
- ${ACE_POPUP_VALIDATION_SRC_DIR}/ace_api_popup_validation.cpp
- )
-
-SET(ACE_POPUP_VALIDATION_INCLUDES
- ${COMMUNICATION_CLIENT_INCLUDES}
- ${ACE_POPUP_VALIDATION_DEPS_INCLUDE_DIRS}
- ${ACE_POPUP_VALIDATION_INCLUDE_DIR}
- ${PROJECT_SOURCE_DIR}/ace_common/include
- ${PROJECT_SOURCE_DIR}/ace/include
- ${PROJECT_SOURCE_DIR}/src/services/ace/dbus/api
- ${PROJECT_SOURCE_DIR}/src/services/ace
- ${PROJECT_SOURCE_DIR}/src/services/popup/
- ${PROJECT_SOURCE_DIR}/src/daemon/dbus
- )
-
-ADD_DEFINITIONS(${ACE_POPUP_VALIDATION_DEPS_CFLAGS})
-ADD_DEFINITIONS(${ACE_POPUP_VALIDATION_CFLAGS_OTHER})
-
-INCLUDE_DIRECTORIES(${ACE_POPUP_VALIDATION_INCLUDES})
-
-ADD_LIBRARY(${TARGET_ACE_POPUP_VALIDATION_LIB} SHARED ${ACE_POPUP_VALIDATION_SOURCES})
-
-SET_TARGET_PROPERTIES(${TARGET_ACE_POPUP_VALIDATION_LIB} PROPERTIES
- SOVERSION ${API_VERSION}
- VERSION ${VERSION})
-
-SET_TARGET_PROPERTIES(${TARGET_ACE_POPUP_VALIDATION_LIB} PROPERTIES
- COMPILE_FLAGS -fPIC)
-
-TARGET_LINK_LIBRARIES(${TARGET_ACE_POPUP_VALIDATION_LIB}
- ${ACE_POPUP_VALIDATION_DEPS_LIBRARIES} ${ACE_POPUP_VALIDATION_DEPS_LDFLAGS}
- )
-
-INSTALL(TARGETS ${TARGET_ACE_POPUP_VALIDATION_LIB}
- DESTINATION lib)
-
-INSTALL(FILES
- ${ACE_POPUP_VALIDATION_INCLUDE_DIR}/ace_api_popup_validation.h
- DESTINATION include/ace-popup-validation
- )
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/**
- * @file ace_api_popup_validation.cpp
- * @author Tomasz Swierczek (t.swierczek@samsung.com)
- * @version 1.0
- * @brief This file contains implementation of ACE popup validation API.
- */
-
-#include <string>
-#include <vector>
-#include <dpl/log/log.h>
-#include "SecurityCommunicationClient.h"
-#include "popup_response_server_api.h"
-#include "security_daemon_dbus_config.h"
-#include "ace_api_popup_validation.h"
-
-namespace {
-static WrtSecurity::Communication::Client *communicationClient = NULL;
-static const int VALIDITY_ONCE_VALUE = 0;
-static const int VALIDITY_SESSION_VALUE = 1;
-static const int VALIDITY_ALWAYS_VALUE = 1;
-} // anonymous
-
-ace_return_t ace_popup_validation_initialize(void)
-{
- if (NULL != communicationClient) {
- LogError("ace_api_popup_validation already initialized");
- return ACE_INTERNAL_ERROR;
- }
- Try {
- communicationClient = new WrtSecurity::Communication::Client(
- WrtSecurity::PopupServerApi::INTERFACE_NAME());
- } Catch (WrtSecurity::Communication::Client::Exception::SecurityCommunicationClientException) {
- LogError("Can't connect to daemon");
- return ACE_INTERNAL_ERROR;
- }
-
- return ACE_OK;
-}
-
-ace_return_t ace_popup_validation_shutdown(void)
-{
- if (NULL == communicationClient) {
- LogError("ace_api_popup_validation not initialized");
- return ACE_INTERNAL_ERROR;
- }
- delete communicationClient;
- communicationClient = NULL;
-
- return ACE_OK;
-}
-
-ace_return_t ace_validate_answer(ace_bool_t answer,
- ace_validity_t validity,
- const ace_resource_t resource_name,
- const ace_session_id_t session_id,
- const ace_param_list_t* param_list,
- ace_widget_handle_t handle,
- ace_bool_t* validation_result)
-{
- if (NULL == resource_name ||
- NULL == session_id ||
- NULL == param_list ||
- NULL == validation_result)
- {
- LogError("NULL argument(s) passed");
- return ACE_INVALID_ARGUMENTS;
- }
-
- bool dbusAnswer = answer == ACE_TRUE;
- int dbusValidity = 0;
-
- switch (validity) {
- case ACE_ONCE: {
- dbusValidity = VALIDITY_ONCE_VALUE;
- //static_cast<int>(Prompt::Validity::ONCE);
- break; }
- case ACE_SESSION: {
- dbusValidity = VALIDITY_SESSION_VALUE;
- //static_cast<int>(Prompt::Validity::SESSION);
- break; }
- case ACE_ALWAYS: {
- dbusValidity = VALIDITY_ALWAYS_VALUE;
- //static_cast<int>(Prompt::Validity::ALWAYS);
- break; }
- default: {
- LogError("Invalid validity passed");
- return ACE_INVALID_ARGUMENTS; }
- }
-
- std::string subjectId;
- std::string resourceId(resource_name);
- std::string sessionId(session_id);
- std::vector<std::string> keys, values;
- unsigned int i;
- for (i = 0; i < param_list->count; ++i) {
- keys.push_back(std::string(param_list->items[i].name));
- values.push_back(std::string(param_list->items[i].value));
- }
-
- bool response = false;
- Try{
- communicationClient->call(WrtSecurity::PopupServerApi::VALIDATION_METHOD(),
- dbusAnswer,
- dbusValidity,
- handle,
- subjectId,
- resourceId,
- keys,
- values,
- sessionId,
- &response);
- } Catch (WrtSecurity::Communication::Client::Exception::SecurityCommunicationClientException) {
- LogError("Can't call daemon");
- return ACE_INTERNAL_ERROR;
- }
-
- *validation_result = response ? ACE_TRUE : ACE_FALSE;
-
- return ACE_OK;
-}
+++ /dev/null
-ADD_SUBDIRECTORY(src)
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file ace_api_settings.h
- * @author Tomasz Swierczek (t.swierczek@samsung.com)
- * @version 1.0
- * @brief This is header for ACE settings API (RW part).
- */
-
-#ifndef ACE_API_SETTINGS_H
-#define ACE_API_SETTINGS_H
-
-#include <ace_api_common.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/*
- * API defined in this header should be used only from one thread. If used
- * otherwise, unexpected behaviour may occur, including segmentation faults and
- * escalation of global warming. Be warned.
- */
-
-// --------------- Initialization ----------------------------------------------
-
-/*
- * Initializes ACE - connects (RW) to the database. Must be called only once.
- * Returns ACE_OK or error
- */
-ace_return_t ace_settings_initialize(void);
-
-/*
- * Deinitializes ACE - deinitialize internal structures, detach DB, etc.
- * Must be called only once.
- * Returns ACE_OK or error
- */
-ace_return_t ace_settings_shutdown(void);
-
-// --------------- Resource settings API ---------------------------------------
-
-/*
- * Order and values of enum constants are part of API
- */
-typedef enum
-{
- ACE_PREFERENCE_PERMIT,
- ACE_PREFERENCE_DENY,
- ACE_PREFERENCE_DEFAULT, // means: not set
- ACE_PREFERENCE_BLANKET_PROMPT,
- ACE_PREFERENCE_SESSION_PROMPT,
- ACE_PREFERENCE_ONE_SHOT_PROMPT
-} ace_preference_t;
-
-/*
- * Returns error or ACE_OK
- * If return value is ACE_OK, 'prerefence' value is the queried one, otherwise
- * 'preference' value is undefined
- */
-ace_return_t ace_get_widget_resource_preference(ace_widget_handle_t handle,
- const ace_resource_t resource,
- ace_preference_t* preference);
-
-/*
- * Returns error or ACE_OK
- * If return value is ACE_OK, 'prerefence' value is the queried one, otherwise
- * 'preference' value is undefined
- */
-ace_return_t ace_get_global_resource_preference(const ace_resource_t resource,
- ace_preference_t* preference);
-
-/*
- * To reset setting, pass ACE_PREFERENCE_DEFAULT
- * Returns error or ACE_OK
- */
-ace_return_t ace_set_widget_resource_preference(ace_widget_handle_t handle,
- const ace_resource_t resource,
- ace_preference_t preference);
-
-/*
- * To reset setting, pass ACE_PREFERENCE_DEFAULT
- * Returns error or ACE_OK
- */
-ace_return_t ace_set_global_resource_preference(const ace_resource_t resource,
- ace_preference_t preference);
-
-/*
- * Resets per widget resource settings to ACE_PREFERENCE_DEFAULT
- */
-ace_return_t ace_reset_widget_resource_settings(void);
-
-/*
- * Resets global resource settings to ACE_PREFERENCE_DEFAULT
- */
-ace_return_t ace_reset_global_resource_settings(void);
-
-/*
- * After execution, is_privacy_api is ACE_TRUE if resource_name is the name
- * of Privacy API
- */
-ace_return_t ace_is_private_api(const ace_resource_t resource_name,
- ace_bool_t* is_private_api);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif // ACE_API_SETTINGS_H
+++ /dev/null
-include(FindPkgConfig)
-
-PKG_CHECK_MODULES(ACE_SETTINGS_DEPS
- dpl-efl
- REQUIRED
- )
-
-SET(ACE_SETTINGS_DIR
- ${PROJECT_SOURCE_DIR}/ace_settings
- )
-
-SET(ACE_SETTINGS_SRC_DIR
- ${ACE_SETTINGS_DIR}/src
- )
-
-SET(ACE_SETTINGS_INCLUDE_DIR
- ${ACE_SETTINGS_DIR}/include
- )
-
-SET(ACE_SETTINGS_SOURCES
- ${ACE_SETTINGS_SRC_DIR}/ace_api_settings.cpp
- )
-
-SET(ACE_SETTINGS_INCLUDES
- ${ACE_SETTINGS_DEPS_INCLUDE_DIRS}
- ${ACE_SETTINGS_INCLUDE_DIR}
- ${PROJECT_SOURCE_DIR}/ace_common/include
- ${PROJECT_SOURCE_DIR}/ace/include
- )
-
-ADD_DEFINITIONS(${ACE_SETTINGS_DEPS_CFLAGS})
-ADD_DEFINITIONS(${ACE_SETTINGS_CFLAGS_OTHER})
-
-INCLUDE_DIRECTORIES(${ACE_SETTINGS_INCLUDES})
-
-ADD_LIBRARY(${TARGET_ACE_SETTINGS_LIB} SHARED ${ACE_SETTINGS_SOURCES})
-
-SET_TARGET_PROPERTIES(${TARGET_ACE_SETTINGS_LIB} PROPERTIES
- SOVERSION ${API_VERSION}
- VERSION ${VERSION})
-
-SET_TARGET_PROPERTIES(${TARGET_ACE_SETTINGS_LIB} PROPERTIES
- COMPILE_FLAGS -fPIC)
-
-TARGET_LINK_LIBRARIES(${TARGET_ACE_SETTINGS_LIB}
- ${ACE_SETTINGS_DEPS_LIBRARIES}
- ${TARGET_ACE_DAO_RW_LIB}
- )
-
-INSTALL(TARGETS ${TARGET_ACE_SETTINGS_LIB}
- DESTINATION lib)
-
-INSTALL(FILES
- ${ACE_SETTINGS_INCLUDE_DIR}/ace_api_settings.h
- DESTINATION include/ace-settings
- )
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/**
- * @file ace_api_settings.cpp
- * @author Tomasz Swierczek (t.swierczek@samsung.com)
- * @version 1.0
- * @brief This file contains implementation ACE settings API
- */
-
-#include <string>
-#include <dpl/log/log.h>
-#include <ace-dao-rw/AceDAO.h>
-
-#include "ace_api_settings.h"
-
-// helper functions
-static ace_preference_t to_ace_preference(const AceDB::PreferenceTypes& db_preference)
-{
- switch (db_preference) {
- case AceDB::PreferenceTypes::PREFERENCE_BLANKET_PROMPT: {
- return ACE_PREFERENCE_BLANKET_PROMPT; }
- case AceDB::PreferenceTypes::PREFERENCE_DEFAULT: {
- return ACE_PREFERENCE_DEFAULT;}
- case AceDB::PreferenceTypes::PREFERENCE_DENY: {
- return ACE_PREFERENCE_DENY;}
- case AceDB::PreferenceTypes::PREFERENCE_ONE_SHOT_PROMPT: {
- return ACE_PREFERENCE_ONE_SHOT_PROMPT;}
- case AceDB::PreferenceTypes::PREFERENCE_PERMIT: {
- return ACE_PREFERENCE_PERMIT;}
- case AceDB::PreferenceTypes::PREFERENCE_SESSION_PROMPT: {
- return ACE_PREFERENCE_SESSION_PROMPT;}
- default: {
- return ACE_PREFERENCE_DEFAULT;}
- }
-}
-
-
-static AceDB::PreferenceTypes to_ace_db_preference(const ace_preference_t& preference)
-{
- switch (preference) {
- case ACE_PREFERENCE_BLANKET_PROMPT: {
- return AceDB::PreferenceTypes::PREFERENCE_BLANKET_PROMPT; }
- case ACE_PREFERENCE_DEFAULT: {
- return AceDB::PreferenceTypes::PREFERENCE_DEFAULT;}
- case ACE_PREFERENCE_DENY: {
- return AceDB::PreferenceTypes::PREFERENCE_DENY;}
- case ACE_PREFERENCE_ONE_SHOT_PROMPT: {
- return AceDB::PreferenceTypes::PREFERENCE_ONE_SHOT_PROMPT;}
- case ACE_PREFERENCE_PERMIT: {
- return AceDB::PreferenceTypes::PREFERENCE_PERMIT;}
- case ACE_PREFERENCE_SESSION_PROMPT: {
- return AceDB::PreferenceTypes::PREFERENCE_SESSION_PROMPT;}
- default: {
- return AceDB::PreferenceTypes::PREFERENCE_DEFAULT;}
- }
-}
-
-ace_return_t ace_settings_initialize(void)
-{
- AceDB::AceDAO::attachToThreadRW();
- return ACE_OK;
-}
-
-ace_return_t ace_settings_shutdown(void)
-{
- AceDB::AceDAO::detachFromThread();
- return ACE_OK;
-}
-
-ace_return_t ace_get_widget_resource_preference(ace_widget_handle_t handle,
- const ace_resource_t resource,
- ace_preference_t* preference)
-{
- if (NULL == resource || NULL == preference) {
- LogError("NULL argument(s) passed");
- return ACE_INVALID_ARGUMENTS;
- }
- Try {
- std::string resource_str(resource);
- AceDB::PreferenceTypes db_preference =
- AceDB::AceDAO::getWidgetDevCapSetting(resource_str, handle);
- *preference = to_ace_preference(db_preference);
- } Catch(AceDB::AceDAOReadOnly::Exception::DatabaseError) {
- return ACE_INTERNAL_ERROR;
- }
- return ACE_OK;
-}
-
-ace_return_t ace_get_global_resource_preference(const ace_resource_t resource,
- ace_preference_t* preference)
-{
- if (NULL == resource || NULL == preference) {
- LogError("NULL argument(s) passed");
- return ACE_INVALID_ARGUMENTS;
- }
- Try {
- AceDB::PreferenceTypes db_preference =
- AceDB::AceDAO::getDevCapSetting(resource);
- *preference = to_ace_preference(db_preference);
- } Catch(AceDB::AceDAOReadOnly::Exception::DatabaseError) {
- return ACE_INTERNAL_ERROR;
- }
- return ACE_OK;
-}
-
-ace_return_t ace_set_widget_resource_preference(ace_widget_handle_t handle,
- const ace_resource_t resource,
- ace_preference_t preference)
-{
- if (NULL == resource) {
- LogError("NULL argument passed");
- return ACE_INVALID_ARGUMENTS;
- }
- Try {
- AceDB::AceDAO::addResource(resource);
- AceDB::PreferenceTypes db_preference = to_ace_db_preference(preference);
- AceDB::AceDAO::removeWidgetDevCapSetting(resource, handle);
- AceDB::AceDAO::setWidgetDevCapSetting(resource, handle, db_preference);
- } Catch(AceDB::AceDAO::Exception::DatabaseError) {
- return ACE_INTERNAL_ERROR;
- }
- return ACE_OK;
-}
-
-ace_return_t ace_set_global_resource_preference(const ace_resource_t resource,
- ace_preference_t preference)
-{
- if (NULL == resource) {
- LogError("NULL argument passed");
- return ACE_INVALID_ARGUMENTS;
- }
- Try {
- AceDB::AceDAO::addResource(resource);
- AceDB::PreferenceTypes db_preference = to_ace_db_preference(preference);
- AceDB::AceDAO::setDevCapSetting(resource, db_preference);
- } Catch(AceDB::AceDAO::Exception::DatabaseError) {
- return ACE_INTERNAL_ERROR;
- }
- return ACE_OK;
-}
-
-ace_return_t ace_reset_widget_resource_settings()
-{
- Try {
- AceDB::AceDAO::clearWidgetDevCapSettings();
- } Catch(AceDB::AceDAO::Exception::DatabaseError) {
- return ACE_INTERNAL_ERROR;
- }
- return ACE_OK;
-}
-
-ace_return_t ace_reset_global_resource_settings(void)
-{
- Try {
- AceDB::AceDAO::clearDevCapSettings();
- } Catch(AceDB::AceDAO::Exception::DatabaseError) {
- return ACE_INTERNAL_ERROR;
- }
- return ACE_OK;
-}
-
-ace_return_t ace_is_private_api(const ace_resource_t resource_name, ace_bool_t* is_private_api)
-{
- static const char * const private_api[] = {
- "bluetooth.admin",
- "bluetooth.gap",
- "bluetooth.spp",
- "calendar.read",
- "calendar.write",
- "callhistory.read",
- "callhistory.write",
- "contact.read",
- "contact.write",
- "nfc.admin",
- "nfc.common",
- "nfc.cardemulation",
- "nfc.p2p",
- "nfc.tag",
- NULL
- };
-
- *is_private_api = ACE_TRUE;
- for (int i=0; private_api[i]; ++i)
- if (!strcmp(resource_name, private_api[i]))
- return ACE_OK;
-
- *is_private_api = ACE_FALSE;
- return ACE_OK;
-}
-
# @file CMakeLists.txt
# @author Tomasz Swierczek (t.swierczek@samsung.com)
#
-ADD_SUBDIRECTORY(ace)
-ADD_SUBDIRECTORY(ace_client)
-ADD_SUBDIRECTORY(ace_settings)
-ADD_SUBDIRECTORY(ace_install)
-ADD_SUBDIRECTORY(ace_popup_validation)
-ADD_SUBDIRECTORY(communication_client)
-ADD_SUBDIRECTORY(wrt-security)
+
ADD_SUBDIRECTORY(security-server)
-ADD_SUBDIRECTORY(wrt_ocsp)
+++ /dev/null
-# Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# @file CMakeLists.txt
-# @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
-# @author Tomasz Swierczek (t.swierczek@samsung.com)
-# @brief
-#
-
-CONFIGURE_FILE(security-dao-ro.pc.in security-dao-ro.pc @ONLY)
-CONFIGURE_FILE(security-dao-rw.pc.in security-dao-rw.pc @ONLY)
-CONFIGURE_FILE(security.pc.in security.pc @ONLY)
-INSTALL(FILES
- ${CMAKE_BINARY_DIR}/build/ace/security-dao-ro.pc
- ${CMAKE_BINARY_DIR}/build/ace/security-dao-rw.pc
- ${CMAKE_BINARY_DIR}/build/ace/security.pc
- DESTINATION
- lib/pkgconfig
- )
-
+++ /dev/null
-prefix=@CMAKE_INSTALL_PREFIX@
-exec_prefix=${prefix}
-libdir=${prefix}/lib
-includedir=${prefix}/include
-
-Name: ace-dao-ro
-Description: ace-dao-ro
-Version: @VERSION@
-Requires: dpl-efl openssl
-Libs: -lace-dao-ro -L${libdir}
-Cflags: -I${includedir}
+++ /dev/null
-prefix=@CMAKE_INSTALL_PREFIX@
-exec_prefix=${prefix}
-libdir=${prefix}/lib
-includedir=${prefix}/include
-
-Name: aco-dao-rw
-Description: ace-dao-rw
-Version: @VERSION@
-Requires: security-dao-ro
-Libs: -lace-dao-rw -L${libdir}
-Cflags: -I${includedir}
+++ /dev/null
-prefix=@CMAKE_INSTALL_PREFIX@
-exec_prefix=${prefix}
-libdir=${prefix}/lib
-includedir=${prefix}/include
-
-Name: ace
-Description: ace
-Version: @VERSION@
-Requires: dpl-efl openssl
-Libs: -lace -L${libdir}
-Cflags: -I${includedir}
+++ /dev/null
-# Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# @file CMakeLists.txt
-# @author Tomasz Swierczek (t.swierczek@samsung.com)
-# @brief
-#
-
-CONFIGURE_FILE(security-client.pc.in security-client.pc @ONLY)
-INSTALL(FILES
- ${CMAKE_BINARY_DIR}/build/ace_client/security-client.pc
- DESTINATION
- lib/pkgconfig
- )
-
+++ /dev/null
-prefix=@CMAKE_INSTALL_PREFIX@
-exec_prefix=${prefix}
-libdir=${prefix}/lib
-includedir=${prefix}/include
-
-Name: ace-client
-Description: ACE thin client library
-Version: @VERSION@
-Requires: dpl-wrt-dao-ro dpl-efl dpl-event-efl dpl-dbus-efl security-dao-ro
-Libs: -lace-client -L${libdir}
-Cflags: -I${includedir}/ace-client -I${includedir}/ace-common
+++ /dev/null
-# Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# @file CMakeLists.txt
-# @author Tomasz Swierczek (t.swierczek@samsung.com)
-# @brief
-#
-
-CONFIGURE_FILE(security-install.pc.in security-install.pc @ONLY)
-INSTALL(FILES
- ${CMAKE_BINARY_DIR}/build/ace_install/security-install.pc
- DESTINATION
- lib/pkgconfig
- )
-
+++ /dev/null
-prefix=@CMAKE_INSTALL_PREFIX@
-exec_prefix=${prefix}
-libdir=${prefix}/lib
-includedir=${prefix}/include
-
-Name: ace-install
-Description: ACE insall library to be used by installer
-Version: @VERSION@
-Requires: dpl-efl dpl-dbus-efl security-dao-rw
-Libs: -lace-install -L${libdir}
-Cflags: -I${includedir}/ace-install -I${includedir}/ace-common
+++ /dev/null
-# Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# @file CMakeLists.txt
-# @author Tomasz Swierczek (t.swierczek@samsung.com)
-# @brief
-#
-
-CONFIGURE_FILE(security-popup-validation.pc.in security-popup-validation.pc @ONLY)
-INSTALL(FILES
- ${CMAKE_BINARY_DIR}/build/ace_popup_validation/security-popup-validation.pc
- DESTINATION
- lib/pkgconfig
- )
-
+++ /dev/null
-prefix=@CMAKE_INSTALL_PREFIX@
-exec_prefix=${prefix}
-libdir=${prefix}/lib
-includedir=${prefix}/include
-
-Name: ace-popup-validation
-Description: ACE popup validation library
-Version: @VERSION@
-Requires: dpl-efl dpl-dbus-efl
-Libs: -lace-popup-validation -L${libdir}
-Cflags: -I${includedir}/ace-popup-validation -I${includedir}/ace-common
+++ /dev/null
-# Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# @file CMakeLists.txt
-# @author Tomasz Swierczek (t.swierczek@samsung.com)
-# @brief
-#
-
-CONFIGURE_FILE(security-settings.pc.in security-settings.pc @ONLY)
-INSTALL(FILES
- ${CMAKE_BINARY_DIR}/build/ace_settings/security-settings.pc
- DESTINATION
- lib/pkgconfig
- )
-
+++ /dev/null
-prefix=@CMAKE_INSTALL_PREFIX@
-exec_prefix=${prefix}
-libdir=${prefix}/lib
-includedir=${prefix}/include
-
-Name: ace-settings
-Description: ACE settings library
-Version: @VERSION@
-Requires:
-Libs: -lace-settings -lace-dao-rw -L${libdir}
-Cflags: -I${includedir}/ace-settings -I${includedir}/ace-common
+++ /dev/null
-# Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# @file CMakeLists.txt
-# @author Zofia Abramowska (z.abramowska@samsung.com)
-# @brief
-#
-
-CONFIGURE_FILE(security-communication-client.pc.in security-communication-client.pc @ONLY)
-INSTALL(FILES
- ${CMAKE_BINARY_DIR}/build/communication_client/security-communication-client.pc
- DESTINATION
- lib/pkgconfig
- )
-
+++ /dev/null
-prefix=@CMAKE_INSTALL_PREFIX@
-exec_prefix=${prefix}
-libdir=${prefix}/lib
-includedir=${prefix}/include
-
-Name: communication-client
-Description: Security communication client library
-Version: @VERSION@
-Requires: dpl-efl dpl-dbus-efl
-Libs: -lcommunication-client -L${libdir}
-Cflags: -I${includedir}/communication-client
+++ /dev/null
-# Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# @file CMakeLists.txt
-# @author Tomasz Swierczek (t.swierczek@samsung.com)
-#
-CONFIGURE_FILE(security-core.pc.in security-core.pc @ONLY)
-INSTALL(FILES ${CMAKE_BINARY_DIR}/build/wrt-security/security-core.pc DESTINATION lib/pkgconfig)
+++ /dev/null
-prefix=@CMAKE_INSTALL_PREFIX@
-exec_prefix=${prefix}
-libdir=${prefix}/lib
-includedir=${prefix}/include/wrt-security
-
-Name: wrt-security
-Description: wrt-security
-Version: @VERSION@
-Requires: dpl-efl dpl-wrt-dao-rw dpl-dbus-efl
-Libs: -L${libdir} -ldpl-dbus-efl
-Cflags: -I${includedir}
+++ /dev/null
-# Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# @file CMakeLists.txt
-# @author Zofia Abramowska (z.abramowska@samsung.com)
-# @brief
-#
-
-CONFIGURE_FILE(security-wrt-ocsp.pc.in security-wrt-ocsp.pc @ONLY)
-INSTALL(FILES
- ${CMAKE_BINARY_DIR}/build/wrt_ocsp/security-wrt-ocsp.pc
- DESTINATION
- lib/pkgconfig
- )
-
+++ /dev/null
-prefix=@CMAKE_INSTALL_PREFIX@
-exec_prefix=${prefix}
-libdir=${prefix}/lib
-includedir=${prefix}/include
-
-Name: wrt-ocsp
-Description: WRT OCSP library to be used by wrt-client
-Version: @VERSION@
-Requires: dpl-efl dpl-dbus-efl
-Libs: -lwrt-ocsp -L${libdir}
-Cflags: -I${includedir}/wrt-ocsp
+++ /dev/null
-/*
- * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file SecurityCommunicationClient.h
- * @author Zofia Abramowska (z.abramowska@samsung.com)
- * @version 1.0
- * @brief This is header of class used by IPC client with implemented templates
- *
- */
-
-/*
- * This class hides implementation of specific communication types
- * and enables switching between them by #defined macros.
- *
- * supported types : DBUS_CONNECTION
- *
- * IMPORTANT : Exactly ONE type MUST be defined.
- *
- */
-
-#ifndef SECURITYCOMMUNICATIONCLIENT_H_
-#define SECURITYCOMMUNICATIONCLIENT_H_
-
-#include <dpl/dbus/dbus_client.h>
-#include <dpl/log/log.h>
-#include <dpl/scoped_ptr.h>
-#include "SecuritySocketClient.h"
-#include <string>
-#include <memory>
-
-
-namespace WrtSecurity {
-namespace Communication {
-class Client
-{
-public:
- class Exception
- {
- public:
- DECLARE_EXCEPTION_TYPE(DPL::Exception, Base)
- DECLARE_EXCEPTION_TYPE(Base, SecurityCommunicationClientException)
- };
-
- explicit Client(const std::string &intefaceName);
-
-
-
- template<typename ... Args>
- void call(const char* methodName, const Args& ... args)
- {
-
- connect();
- Try{
- #ifdef DBUS_CONNECTION
- m_dbusClient->call(methodName, args...);
- } Catch (DPL::DBus::Client::Exception::DBusClientException){
- #endif //DBUS_CONNECTION
- #ifdef SOCKET_CONNECTION
- m_socketClient->call(methodName, args...);
- } Catch (SecuritySocketClient::Exception::SecuritySocketClientException){
- #endif //SOCKET_CONNECTION
- LogError("Error getting response");
- disconnect();
- ReThrowMsg(Exception::SecurityCommunicationClientException,
- "Error getting response");
- }
- LogInfo("Call served");
- disconnect();
- }
-
- template<typename ...Args>
- void call(std::string methodName, const Args&... args)
- {
- call(methodName.c_str(), args...);
- }
-
-
-private:
-
- void connect();
- void disconnect();
-
- std::string m_interfaceName;
- #ifdef DBUS_CONNECTION
- std::unique_ptr<DPL::DBus::Client> m_dbusClient;
- #endif
-
- #ifdef SOCKET_CONNECTION
- std::unique_ptr<SecuritySocketClient> m_socketClient;
- #endif
-};
-} // namespace Communication
-} // namespace WrtSecurity
-
-#endif /* SECURITYCOMMUNICATIONCLIENT_H_ */
+++ /dev/null
-/*
- * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file SecurityCommunicationClient.h
- * @author Zofia Abramowska (z.abramowska@samsung.com)
- * @version 1.0
- * @brief This is implementation of class used IPC client
- */
-
-
-#include "SecurityCommunicationClient.h"
-
-#ifdef DBUS_CONNECTION
-#include "security_daemon_dbus_config.h"
-#endif
-
-namespace WrtSecurity{
-namespace Communication{
-
- Client::Client(const std::string& interfaceName){
- #if DBUS_CONNECTION
- LogInfo("DBus create");
- Try {
- m_dbusClient.reset(new DPL::DBus::Client(WrtSecurity::SecurityDaemonConfig::OBJECT_PATH(),
- WrtSecurity::SecurityDaemonConfig::SERVICE_NAME(),
- interfaceName));
- } Catch (DPL::DBus::Client::Exception::DBusClientException) {
- LogError("Error getting connection");
- ReThrowMsg(Exception::SecurityCommunicationClientException,
- "Error getting connection");
- }
- if(NULL == m_dbusClient.get()){
- LogError("Couldn't get client");
- ThrowMsg(Exception::SecurityCommunicationClientException,
- "Error getting client");
- }
- #endif //DBUS_CONNECTION
-
- #ifdef SOCKET_CONNECTION
- m_socketClient.reset(new SecuritySocketClient(interfaceName));
- if(NULL == m_socketClient.get()){
- LogError("Couldn't get client");
- ThrowMsg(Exception::SecurityCommunicationClientException,
- "Error getting client");
- }
- #endif //SOCKET_CONNECTION
- LogInfo("Created communication client");
- }
-
- void Client::connect(){
- #ifdef SOCKET_CONNECTION
- Try {
- m_socketClient->connect();
- } Catch(SecuritySocketClient::Exception::SecuritySocketClientException){
- LogError("Couldn't connect");
- ReThrowMsg(Exception::SecurityCommunicationClientException,
- "Error connecting");
- }
-
- #endif //SOCKET_CONNECTION
- LogInfo("Connected");
- }
-
- void Client::disconnect(){
-
- #ifdef SOCKET_CONNECTION
- m_socketClient->disconnect();
- #endif //SOCKET_CONNECTION
- LogInfo("Disconnected");
- }
-
-
-} // namespace Communication
-
-} // namespace WrtSecurity
-
+++ /dev/null
-
-SET(ETC_DIR ${PROJECT_SOURCE_DIR}/etc)
-
- INSTALL(FILES
- ${ETC_DIR}/wrt_security_create_clean_db.sh
- ${ETC_DIR}/wrt_security_change_policy.sh
- DESTINATION /usr/bin
- )
-
-INSTALL(FILES
- ${ETC_DIR}/schema.xsd
- DESTINATION share/wrt-engine
- )
-
-INSTALL(FILES
- ${ETC_DIR}/fingerprint_list.xsd
- DESTINATION share/wrt-engine/
- )
-
-INSTALL(FILES
- ${ETC_DIR}/fingerprint_list.xml
- DESTINATION share/wrt-engine/
- )
-
-ADD_SUBDIRECTORY(certificates)
+++ /dev/null
-# Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# @file CMakeLists.txt
-# @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
-# @author Yunchan Cho (yunchan.cho@samsung.com)
-# @version 1.0
-# @brief
-#
-
-SET(CERT_DIR ${PROJECT_SOURCE_DIR}/etc/certificates)
-
-INSTALL(FILES
- ${CERT_DIR}/wac.root.preproduction.pem
- ${CERT_DIR}/wac.root.production.pem
- ${CERT_DIR}/wac.publisherid.pem
- ${CERT_DIR}/tizen.root.preproduction.cert.pem
- ${CERT_DIR}/tizen-developer-root-ca.pem
- ${CERT_DIR}/tizen-distributor-root-ca-partner.pem
- ${CERT_DIR}/tizen-distributor-root-ca-public.pem
- DESTINATION /opt/share/cert-svc/certs/code-signing/wac/
- )
+++ /dev/null
------BEGIN CERTIFICATE-----
-MIICVTCCAb6gAwIBAgIETdzAMDANBgkqhkiG9w0BAQUFADBvMQswCQYDVQQGEwJHQjERMA8GA1UE
-CBMITm9ybWFuZHkxDTALBgNVBAcTBENBRU4xDzANBgNVBAoTBk9yYW5nZTETMBEGA1UECxMKT3Jh
-bmdlTGFiczEYMBYGA1UEAxMPT3JhbmdlTGFicyBDQUVOMB4XDTExMDUyNTA4MzkxMloXDTM2MDUx
-ODA4MzkxMlowbzELMAkGA1UEBhMCR0IxETAPBgNVBAgTCE5vcm1hbmR5MQ0wCwYDVQQHEwRDQUVO
-MQ8wDQYDVQQKEwZPcmFuZ2UxEzARBgNVBAsTCk9yYW5nZUxhYnMxGDAWBgNVBAMTD09yYW5nZUxh
-YnMgQ0FFTjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAj9130ZtpXp/679/2pmFldFgjz5tN
-CjLT6CEWC9yketyKgyV1c0DBMcy4PNLdOb0VxhfcNXNYoBylCp6mPj3mWRM5VSet03XA8k6/L0T4
-dYicYGaIojowhzBBfaIXnBDvMQD5kanC5CDd6HtFzQbBkN73NIdGrR/aFqNtC/wopFECAwEAATAN
-BgkqhkiG9w0BAQUFAAOBgQCIjZYXTdsMCpIYENX6UyD/EM+SZBkVvoB2R8ghRZbKHOcr58ZyGvdH
-i/Y0hp5zNN7bUQurEMWtIxF+s3oaYH0x9xwXCd5UEV9Y+dmD1/qlK7lfSlC7mwynHs3bhMEGOJF2
-TlDzZyVYBIT3LQjfq6G18bGHkwU3uTsxZMSgtz5LgQ==
------END CERTIFICATE-----
+++ /dev/null
------BEGIN CERTIFICATE-----
-MIICnzCCAggCCQCn+GGT4zh+BjANBgkqhkiG9w0BAQUFADCBkzELMAkGA1UEBhMC
-S1IxDjAMBgNVBAgMBVN1d29uMQ4wDAYDVQQHDAVTdXdvbjEWMBQGA1UECgwNVGl6
-ZW4gVGVzdCBDQTElMCMGA1UECwwcVGl6ZW4gVGVzdCBEZXZlbG9wZXIgUm9vdCBD
-QTElMCMGA1UEAwwcVGl6ZW4gVGVzdCBEZXZlbG9wZXIgUm9vdCBDQTAeFw0xMjEw
-MjYwOTUwMTNaFw0yMjEwMjQwOTUwMTNaMIGTMQswCQYDVQQGEwJLUjEOMAwGA1UE
-CAwFU3V3b24xDjAMBgNVBAcMBVN1d29uMRYwFAYDVQQKDA1UaXplbiBUZXN0IENB
-MSUwIwYDVQQLDBxUaXplbiBUZXN0IERldmVsb3BlciBSb290IENBMSUwIwYDVQQD
-DBxUaXplbiBUZXN0IERldmVsb3BlciBSb290IENBMIGfMA0GCSqGSIb3DQEBAQUA
-A4GNADCBiQKBgQDWT6ZH5JyGadTUK1QmNwU8j+py4WtuElJE+4/wPFP8/KBmvvmI
-rGVjhUbKXToKIo8N6C/0SLxGEWuRAIoZHhg5JVbw1Ay7smgJJHizDUAqMTmV6LI9
-yTFbBV+OlO2Dir4LVdQ/XDBiqqslr7pqXgsg1V2g7x+tOI/f3dn2kWoVZQIDAQAB
-MA0GCSqGSIb3DQEBBQUAA4GBADGJYMtzUBDK+KKLZQ6zYmrKb+OWLlmEr/t/c2af
-KjTKUtommcz8VeTPqrDBOwxlVPdxlbhisCYzzvwnWeZk1aeptxxU3kdW9N3/wocN
-5nBzgqkkHJnj/ptqjrH2v/m0Z3hBuI4/akHIIfCBF8mUHwqcxYsRdcCIrkgp2Aiv
-bSaM
------END CERTIFICATE-----
+++ /dev/null
------BEGIN CERTIFICATE-----
-MIICozCCAgwCCQD9IBoOxzq2hjANBgkqhkiG9w0BAQUFADCBlTELMAkGA1UEBhMC
-S1IxDjAMBgNVBAgMBVN1d29uMQ4wDAYDVQQHDAVTdXdvbjEWMBQGA1UECgwNVGl6
-ZW4gVGVzdCBDQTEiMCAGA1UECwwZVGl6ZW4gRGlzdHJpYnV0b3IgVGVzdCBDQTEq
-MCgGA1UEAwwhVGl6ZW4gUGFydG5lciBEaXN0cmlidXRvciBSb290IENBMB4XDTEy
-MTAyNjA4MTIzMVoXDTIyMTAyNDA4MTIzMVowgZUxCzAJBgNVBAYTAktSMQ4wDAYD
-VQQIDAVTdXdvbjEOMAwGA1UEBwwFU3V3b24xFjAUBgNVBAoMDVRpemVuIFRlc3Qg
-Q0ExIjAgBgNVBAsMGVRpemVuIERpc3RyaWJ1dG9yIFRlc3QgQ0ExKjAoBgNVBAMM
-IVRpemVuIFBhcnRuZXIgRGlzdHJpYnV0b3IgUm9vdCBDQTCBnzANBgkqhkiG9w0B
-AQEFAAOBjQAwgYkCgYEAnIBA2qQEaMzGalP0kzvwUxdCC6ybSC/fb+M9iGvt8QXp
-ic2yARQB+bIhfbEu1XHwE1jCAGxKd6uT91b4FWr04YwnBPoRX4rBGIYlqo/dg+pS
-rGyFjy7vfr0BOdWp2+WPlTe7SOS6bVauncrSoHxX0spiLaU5LU686BKr7YaABV0C
-AwEAATANBgkqhkiG9w0BAQUFAAOBgQAX0Tcfmxcs1TUPBdr1U1dx/W/6Y4PcAF7n
-DnMrR0ZNRPgeSCiVLax1bkHxcvW74WchdKIb24ZtAsFwyrsmUCRV842YHdfddjo6
-xgUu7B8n7hQeV3EADh6ft/lE8nalzAl9tALTxAmLtYvEYA7thvDoKi1k7bN48izL
-gS9G4WEAUg==
------END CERTIFICATE-----
+++ /dev/null
------BEGIN CERTIFICATE-----
-MIICozCCAgwCCQD9XW6kNg4bbjANBgkqhkiG9w0BAQUFADCBlTELMAkGA1UEBhMC
-S1IxDjAMBgNVBAgMBVN1d29uMQ4wDAYDVQQHDAVTdXdvbjEWMBQGA1UECgwNVGl6
-ZW4gVGVzdCBDQTEjMCEGA1UECwwaVFRpemVuIERpc3RyaWJ1dG9yIFRlc3QgQ0Ex
-KTAnBgNVBAMMIFRpemVuIFB1YmxpYyBEaXN0cmlidXRvciBSb290IENBMB4XDTEy
-MTAyNjA4MDAyN1oXDTIyMTAyNDA4MDAyN1owgZUxCzAJBgNVBAYTAktSMQ4wDAYD
-VQQIDAVTdXdvbjEOMAwGA1UEBwwFU3V3b24xFjAUBgNVBAoMDVRpemVuIFRlc3Qg
-Q0ExIzAhBgNVBAsMGlRUaXplbiBEaXN0cmlidXRvciBUZXN0IENBMSkwJwYDVQQD
-DCBUaXplbiBQdWJsaWMgRGlzdHJpYnV0b3IgUm9vdCBDQTCBnzANBgkqhkiG9w0B
-AQEFAAOBjQAwgYkCgYEA8o0kPY1U9El1BbBUF1k4jCq6mH8a6MmDJdjgsz+hILAY
-sPWimRTXUcW8GAUWhZWgm1Fbb49xWcasA8b4bIJabC/6hLb8uWiozzpRXyQJbe7k
-//RocskRqDmFOky8ANFsCCww72/Xbq8BFK1sxlGdmOWQiGwDWBDlS2Lw1XOMqb0C
-AwEAATANBgkqhkiG9w0BAQUFAAOBgQBUotZqTNFr+SNyqeZqhOToRsg3ojN1VJUa
-07qdlVo5I1UObSE+UTJPJ0NtSj7OyTY7fF3E4xzUv/w8aUoabQP1erEmztY/AVD+
-phHaPytkZ/Dx+zDZ1u5e9bKm5zfY4dQs/A53zDQta5a/NkZOEF97Dj3+bzAh2bP7
-KOszlocFYw==
------END CERTIFICATE-----
+++ /dev/null
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number:
- b3:cb:d1:5b:de:6e:66:95
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C=KR, ST=Suwon, O=Samsung Electronics, OU=SLP, CN=SLP WebApp Temporary CA/emailAddress=yunchan.cho@samsung.com
- Validity
- Not Before: Dec 8 10:27:32 2011 GMT
- Not After : Nov 30 10:27:32 2021 GMT
- Subject: C=KR, ST=Suwon, O=Samsung Electronics, OU=SLP, CN=SLP WebApp Temporary CA/emailAddress=yunchan.cho@samsung.com
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- Public-Key: (1024 bit)
- Modulus:
- 00:cb:46:b8:94:81:b1:83:d7:29:05:2a:33:01:9e:
- 66:15:f8:be:bb:95:17:dd:7a:c4:c2:f5:d9:e4:aa:
- fd:c8:8d:a9:48:65:fc:3d:dc:47:d7:2a:2f:5e:c7:
- 1f:22:ed:e0:98:e6:43:6d:74:82:ca:7d:22:9c:60:
- 44:18:cd:ca:d6:6b:16:ca:ed:63:c9:7a:f1:00:df:
- e4:6b:33:47:2f:78:75:61:d7:c9:29:3e:a9:ee:76:
- dd:2e:fe:9d:e7:3c:0d:02:f4:e9:2d:46:74:49:52:
- ef:a0:d6:9d:4d:08:65:ea:6b:35:72:a5:08:d8:46:
- 46:03:99:7c:66:8c:60:c4:91
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Subject Key Identifier:
- 47:A8:8F:CD:1F:22:BA:69:85:13:55:21:2D:C2:19:2D:5F:FF:DC:03
- X509v3 Authority Key Identifier:
- keyid:47:A8:8F:CD:1F:22:BA:69:85:13:55:21:2D:C2:19:2D:5F:FF:DC:03
-
- X509v3 Basic Constraints:
- CA:TRUE
- Signature Algorithm: sha1WithRSAEncryption
- c2:c4:62:f2:ec:6f:2b:05:9c:09:cc:ae:e9:77:a9:1d:66:6b:
- 03:7b:01:3a:e6:29:bb:2a:b8:15:d8:a1:7d:9b:05:b4:8c:cb:
- ae:c7:eb:68:c0:e3:29:c7:e7:5a:ca:1a:0c:3a:ab:91:80:4f:
- 9b:36:d4:45:b4:7b:2c:ef:f3:fd:cb:84:84:85:42:3d:ec:18:
- 3f:5f:9e:b1:1f:8d:0a:57:89:51:e4:eb:7e:da:e9:79:82:61:
- 38:ad:ca:94:43:71:00:73:13:b9:e9:ef:bc:68:c5:ff:5e:0a:
- f6:b9:2a:3d:1d:21:77:22:d0:4e:e7:ad:da:31:0b:51:fa:44:
- cd:fa
------BEGIN CERTIFICATE-----
-MIIC9jCCAl+gAwIBAgIJALPL0VvebmaVMA0GCSqGSIb3DQEBBQUAMIGTMQswCQYD
-VQQGEwJLUjEOMAwGA1UECAwFU3V3b24xHDAaBgNVBAoME1NhbXN1bmcgRWxlY3Ry
-b25pY3MxDDAKBgNVBAsMA1NMUDEgMB4GA1UEAwwXU0xQIFdlYkFwcCBUZW1wb3Jh
-cnkgQ0ExJjAkBgkqhkiG9w0BCQEWF3l1bmNoYW4uY2hvQHNhbXN1bmcuY29tMB4X
-DTExMTIwODEwMjczMloXDTIxMTEzMDEwMjczMlowgZMxCzAJBgNVBAYTAktSMQ4w
-DAYDVQQIDAVTdXdvbjEcMBoGA1UECgwTU2Ftc3VuZyBFbGVjdHJvbmljczEMMAoG
-A1UECwwDU0xQMSAwHgYDVQQDDBdTTFAgV2ViQXBwIFRlbXBvcmFyeSBDQTEmMCQG
-CSqGSIb3DQEJARYXeXVuY2hhbi5jaG9Ac2Ftc3VuZy5jb20wgZ8wDQYJKoZIhvcN
-AQEBBQADgY0AMIGJAoGBAMtGuJSBsYPXKQUqMwGeZhX4vruVF916xML12eSq/ciN
-qUhl/D3cR9cqL17HHyLt4JjmQ210gsp9IpxgRBjNytZrFsrtY8l68QDf5GszRy94
-dWHXySk+qe523S7+nec8DQL06S1GdElS76DWnU0IZeprNXKlCNhGRgOZfGaMYMSR
-AgMBAAGjUDBOMB0GA1UdDgQWBBRHqI/NHyK6aYUTVSEtwhktX//cAzAfBgNVHSME
-GDAWgBRHqI/NHyK6aYUTVSEtwhktX//cAzAMBgNVHRMEBTADAQH/MA0GCSqGSIb3
-DQEBBQUAA4GBAMLEYvLsbysFnAnMrul3qR1mawN7ATrmKbsquBXYoX2bBbSMy67H
-62jA4ynH51rKGgw6q5GAT5s21EW0eyzv8/3LhISFQj3sGD9fnrEfjQpXiVHk637a
-6XmCYTitypRDcQBzE7np77xoxf9eCva5Kj0dIXci0E7nrdoxC1H6RM36
------END CERTIFICATE-----
+++ /dev/null
------BEGIN CERTIFICATE-----
-MIID9DCCAtygAwIBAgIOZscBAQACO65mNg72468wDQYJKoZIhvcNAQEFBQAwgZQx
-CzAJBgNVBAYTAkRFMRwwGgYDVQQKExNUQyBUcnVzdENlbnRlciBHbWJIMTEwLwYD
-VQQLEyhQcmUtUHJvZHVjdGlvbiBUQyBUcnVzdENlbnRlciBDbGFzcyAyIENBMTQw
-MgYDVQQDEytQcmUtUHJvZHVjdGlvbiBUQyBUcnVzdENlbnRlciBDbGFzcyAyIENB
-IElJMB4XDTA2MDYwODE0MTYwMVoXDTI1MTIzMTIyNTk1OVowgZQxCzAJBgNVBAYT
-AkRFMRwwGgYDVQQKExNUQyBUcnVzdENlbnRlciBHbWJIMTEwLwYDVQQLEyhQcmUt
-UHJvZHVjdGlvbiBUQyBUcnVzdENlbnRlciBDbGFzcyAyIENBMTQwMgYDVQQDEytQ
-cmUtUHJvZHVjdGlvbiBUQyBUcnVzdENlbnRlciBDbGFzcyAyIENBIElJMIIBIjAN
-BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3Ewnr8E24AqXnf1Lu7w/g79Hht+W
-lvWQg7cPC7685oj0htT0SmDy94uQaC3qRzBJktLKCyuniABykhdTr04rGWgzqD8n
-EzcFCt5k0gF39l3ND/JL+S2YJK/f/xc884hjcLsHUU7cAd6mDlVkOszFK86DNbu0
-noz0y1y462RIOvPCjkYl/GJ5zL62bdDbgFqrWMPZ54JFG0Rj1v575ygfOd2LwOXe
-xjzqfYI4JOx9frKWakPTehW+0UY5UdF0cMvHuLJie9H0vOobR4vtkenbS283b6j7
-0WCoU/BeAr4qskvMs9WwkwDquO4XnzYQDsEVgjBu4H2W0ihNUYJbRo8wtQIDAQAB
-o0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAdBgNVHQ4EFgQU
-DTX6+fYyziPR1HZxViaGOj66QOYwDQYJKoZIhvcNAQEFBQADggEBALZ0pfjOfePn
-D/6QDCt+cjQ5+U4eKcOlJMXrpEAlnC6oAnN1hqbOQaj44aIAbNap36E/Hl9s0Uga
-c4nz73o5uPvdDmbWzNnMz6ey5NU0XXNzHxQWFdb0+Z7Cho5txoZjjynYXmyQc3RJ
-rrPI+6Uej6sEv15ZGirjABza6pNJ+2NLojLyUb+8et3OCLS+wJ4qrX/5uwgL50Lt
-0M2iPdZv+gjZwNmNWYIflYrSXa3ujclH+EAkkk/G1JxPzhVI3cII3y2DUZQAPCcX
-XQDXIX2zJo7bYaUYJhlEeiGX17cdXMXDT1tbXKKg2mRIga1K4lknn9U/vzkjMJXL
-GA38dUZRZ2Y=
------END CERTIFICATE-----
+++ /dev/null
------BEGIN CERTIFICATE-----
-MIIDijCCAnKgAwIBAgIOMwoBAQAuBBKsIqIni7QwDQYJKoZIhvcNAQELBQAwYDEL
-MAkGA1UEBhMCR0IxJTAjBgNVBAoMHFdBQyBBcHBsaWNhdGlvbiBTZXJ2aWNlcyBM
-dGQxKjAoBgNVBAMMIVdBQyBBcHBsaWNhdGlvbiBTZXJ2aWNlcyBMdGQgVEVTVDAe
-Fw0xMTAzMDMxNTA3MTlaFw0zNjAzMDMxNTA3MTlaMGAxCzAJBgNVBAYTAkdCMSUw
-IwYDVQQKDBxXQUMgQXBwbGljYXRpb24gU2VydmljZXMgTHRkMSowKAYDVQQDDCFX
-QUMgQXBwbGljYXRpb24gU2VydmljZXMgTHRkIFRFU1QwggEiMA0GCSqGSIb3DQEB
-AQUAA4IBDwAwggEKAoIBAQC1PB3UrpAQgLSVqHRPhHqdDJsjKQe/CT9oS4lA+mI/
-vkhAvam/EvcNrNHcLVvSph+Mj0d2Y2J9wkcNW7fS3qZJXtpMNU36r7XdBk9kiYhc
-PwJbckCo9Pp8YFxkuR6xV6Cc4o54mO2mumxDQ1hbwCsc5CT7yQz0FVVhCE01X6JJ
-D61DvqmAzCUpehmEXthNV/s/o8fL+I2mD75p8vNDyIZHSJX59czO3PriT3tH2h+0
-tQx7NEWG70fQEU2CzcH9UngPYU7xXqNOhT9GmI/yL3HTeYGNH3i5VHrBjxeTF11t
-IWSUDWQX1W0Y7TbN06XcGcuqPgjZ9xMcV7S4OiCBJz5nAgMBAAGjQjBAMA8GA1Ud
-EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBQp5dzy2tJEArpT
-qcQWNXG6J7y5WTANBgkqhkiG9w0BAQsFAAOCAQEAoXuyi8AjMx2yKVpss7xpVi5v
-aUjcHU3AlptjNCFrXI6Bw+KJGNo8ydYlEASRd5dL/pJ6/V+UuUt9EngjUSdYOZGB
-OgCeB2sJI8EZSay2LLhOCmkAxltC94Y/KRzkKqsYvNc6yvF85d+d4gbokf4APjmR
-1TSlZLZsVhwfR0k0mer2rHQGE5Ljezdk7ZGeEMLdn6WFScwjo980EI0OqEoJU3on
-+1TTBYudZ4o3qMgHiFwJafUJ6i3zuYbi9x86zMqeI4dJTbsTKLM0QV8vIdzI9fkV
-t1tO/uBBAsNFUv8PAYwP4AFyGvyJbR4uxwxuQZKrltgjSTkPGYR14JtrGk7Y9g==
------END CERTIFICATE-----
-
+++ /dev/null
------BEGIN CERTIFICATE-----
-MIIDgTCCAmmgAwIBAgIPAKTxAAEALtiV8/+rhB6+MA0GCSqGSIb3DQEBCwUAMFsx
-CzAJBgNVBAYTAkdCMSUwIwYDVQQKDBxXQUMgQXBwbGljYXRpb24gU2VydmljZXMg
-THRkMSUwIwYDVQQDDBxXQUMgQXBwbGljYXRpb24gU2VydmljZXMgTHRkMB4XDTEx
-MDMxNDE0MDEwNFoXDTM2MDMxNDE0MDEwNFowWzELMAkGA1UEBhMCR0IxJTAjBgNV
-BAoMHFdBQyBBcHBsaWNhdGlvbiBTZXJ2aWNlcyBMdGQxJTAjBgNVBAMMHFdBQyBB
-cHBsaWNhdGlvbiBTZXJ2aWNlcyBMdGQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
-ggEKAoIBAQDCf6RHUPVBUY4YXYMdrmt5yO95eRCOG6vJtI9w0UM2w/2fihD5SMYa
-3cCVam4j6F8FSspMIx+4CTCwdDSUixBGENwGEhD4qxqqV3KTObmxmYbELa97S1IP
-qwoFelzUX6e+qHmYHi+eu/hONeiZaPBLtUtCd6ppCd5ACrD/kf/Ug/tfUtngozjG
-sJ1UB10Ezi3fKs3OkkZMuecJvjWmDpRAyvIeeV8xfzeyn+DMpvhnI9RrSY0j4huE
-ud6Lzzg0jV8+m54v0j7hv9klyNcGiZ+bmHr0LIyAtT+uktcms/4p3V9j01SI9Tmw
-HcHKDXnM6kuThWpr6DR9KFSZ8zD2Nx5nAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMB
-Af8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBT5bKdU2+CGE17R+o/rMCZHHMn+
-WzANBgkqhkiG9w0BAQsFAAOCAQEAXmO+J5suIGuzbfYBoTdr8gahFfWEbhm1y6mJ
-eZAc+Mf5L+In20p+Oj5uy6LsTmJsE9VE/+gi1eALKl9EhgYhET2ZlAzRFCN5dTWv
-NTAFxJfGMkn2U5iW+luJ+lejyYBqEEFRpzwhXZbVDZQLim4CU75H75KzFkUgTulG
-5M6U/Plt6S1rKgMkeYiR27W4C2NZMFXYqctt0m+eKEa3ueZE9pYUxqVcvQKSI017
-Nbc1kSkcuSKFV2Bk2T5dh5jQvywykdWLubAe6XiiC5CIT31kcSX6AlVhgNxWRRKP
-QFO7lWqxnQMR2Or38ve7oSg1oL5Sx80fcbp3ovaYSKt5jnVWfg==
------END CERTIFICATE-----
-
+++ /dev/null
-<CertificateSet>
- <CertificateDomain name="wacpublisher"> <!-- this domain is used to verify author-signatures -->
- <FingerprintSHA1>AF:90:29:D2:B2:E1:6F:D6:7E:7E:EC:8E:BE:74:FA:4C:00:9C:49:FE</FingerprintSHA1><!-- root.cert.pem w3c signature tests -->
- <FingerprintSHA1>A6:00:BC:53:AC:37:5B:6A:03:C3:7A:8A:E0:1B:87:8B:82:94:9B:C2</FingerprintSHA1><!-- wac.publisher.pem -->
- <FingerprintSHA1>C2:C4:B5:72:9A:CF:D9:72:C5:DE:C1:E1:30:FF:74:7F:7A:AF:27:12</FingerprintSHA1><!-- root_cacert.pem certificate for internal tests -->
- <FingerprintSHA1>2B:A0:20:7D:40:90:1D:00:04:89:60:00:3B:DE:34:89:21:BE:D4:4F</FingerprintSHA1><!-- tizen-developer-root-ca.pem -->
- </CertificateDomain>
- <CertificateDomain name="wacroot">
- <FingerprintSHA1>AF:90:29:D2:B2:E1:6F:D6:7E:7E:EC:8E:BE:74:FA:4C:00:9C:49:FE</FingerprintSHA1><!-- root.cert.pem w3c signature tests -->
- <FingerprintSHA1>C2:C4:B5:72:9A:CF:D9:72:C5:DE:C1:E1:30:FF:74:7F:7A:AF:27:12</FingerprintSHA1><!-- root_cacert.pem certificate for internal tests -->
- <FingerprintSHA1>A0:59:D3:37:E8:C8:2E:7F:38:84:7D:21:A9:9E:19:A9:8E:EC:EB:E1</FingerprintSHA1><!-- wac.root.production.pem -->
- <FingerprintSHA1>8D:1F:CB:31:68:11:DA:22:59:26:58:13:6C:C6:72:C9:F0:DE:84:2A</FingerprintSHA1><!-- wac.root.preproduction.pem -->
- <FingerprintSHA1>84:A8:85:67:1C:D9:A9:C9:8C:7C:C3:BC:7F:EB:A6:7D:44:94:D9:8F</FingerprintSHA1><!-- tizen-distributor-root-ca-public.pem -->
- </CertificateDomain>
- <CertificateDomain name="developer">
- <FingerprintSHA1>4A:9D:7A:4B:3B:29:D4:69:0A:70:B3:80:EC:A9:44:6B:03:7C:9A:38</FingerprintSHA1><!-- operator.root.cert.pem internal tests-->
- </CertificateDomain>
- <CertificateDomain name="wacmember">
- </CertificateDomain>
- <CertificateDomain name="tizenmember"> <!-- used to verify tizen widgets -->
- <FingerprintSHA1>67:37:DE:B7:B9:9D:D2:DB:A5:2C:42:DE:CB:2F:2C:3E:33:97:E1:85</FingerprintSHA1><!-- tizen-distributor-root-ca-partner.pem -->
- <FingerprintSHA1>04:C5:A6:1D:75:BB:F5:5C:0F:A2:66:F6:09:4D:9B:2B:5F:3B:44:AE</FingerprintSHA1><!-- tizen-distributor-root-ca-public.pem -->
- <FingerprintSHA1>AD:A1:44:89:6A:35:6D:17:01:E9:6F:46:C6:00:7B:78:BE:2E:D9:4E</FingerprintSHA1><!-- tizen.root.preproduction.cert.pem for internal test of SDK -->
- <FingerprintSHA1>FE:11:C7:FB:38:2E:90:3A:F4:41:80:EE:28:40:61:C2:56:7D:0B:BD</FingerprintSHA1><!-- orange.production.pem - hash from it is encoded on sim cards -->
- </CertificateDomain>
- <CertificateDomain name="orangelegacy">
- <FingerprintSHA1>FE:11:C7:FB:38:2E:90:3A:F4:41:80:EE:28:40:61:C2:56:7D:0B:BD</FingerprintSHA1><!-- orange.production.pem - This certificate requires special treatment during verification process -->
- </CertificateDomain>
-</CertificateSet>
+++ /dev/null
-<?xml version="1.0" encoding="utf-8"?>
-<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema">
-
-<xs:element name="CertificateSet" type="CertificateSetType" />
-<xs:complexType name="CertificateSetType">
- <xs:sequence>
- <xs:element ref="CertificateDomain" minOccurs="0" maxOccurs="unbounded" />
- </xs:sequence>
-</xs:complexType>
-
-<xs:element name="CertificateDomain" type="CertificateDomainType" />
-<xs:complexType name="CertificateDomainType">
- <xs:sequence>
- <xs:element ref="FingerprintSHA1" minOccurs="0" maxOccurs="unbounded" />
- </xs:sequence>
- <xs:attribute name="name" type="xs:string" use="required" />
-</xs:complexType>
-
-<xs:element name="FingerprintSHA1" type="xs:string"/>
-
-</xs:schema>
+++ /dev/null
-<?xml version="1.0" encoding="utf-8"?>
-<!DOCTYPE schema
- PUBLIC "-//W3C//DTD XMLSchema 200102//EN" "http://www.w3.org/2001/XMLSchema.dtd"
- [
- <!ATTLIST schema
- xmlns:ds CDATA #FIXED "http://www.w3.org/2000/09/xmldsig#">
- <!ENTITY dsig 'http://www.w3.org/2000/09/xmldsig#'>
- <!ENTITY % p ''>
- <!ENTITY % s ''>
- ]>
-
-<!-- Schema for XML Signatures
- http://www.w3.org/2000/09/xmldsig#
- $Revision: 1.1 $ on $Date: 2002/02/08 20:32:26 $ by $Author: reagle $
-
- Copyright 2001 The Internet Society and W3C (Massachusetts Institute
- of Technology, Institut National de Recherche en Informatique et en
- Automatique, Keio University). All Rights Reserved.
- http://www.w3.org/Consortium/Legal/
-
- This document is governed by the W3C Software License [1] as described
- in the FAQ [2].
-
- [1] http://www.w3.org/Consortium/Legal/copyright-software-19980720
- [2] http://www.w3.org/Consortium/Legal/IPR-FAQ-20000620.html#DTD
--->
-
-
-<schema xmlns="http://www.w3.org/2001/XMLSchema"
- xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
- targetNamespace="http://www.w3.org/2000/09/xmldsig#"
- version="0.1" elementFormDefault="qualified">
-
-<!-- Basic Types Defined for Signatures -->
-
-<simpleType name="CryptoBinary">
- <restriction base="base64Binary">
- </restriction>
-</simpleType>
-
-<!-- Start Signature -->
-
-<element name="Signature" type="ds:SignatureType"/>
-<complexType name="SignatureType">
- <sequence>
- <element ref="ds:SignedInfo"/>
- <element ref="ds:SignatureValue"/>
- <element ref="ds:KeyInfo" minOccurs="0"/>
- <element ref="ds:Object" minOccurs="0" maxOccurs="unbounded"/>
- </sequence>
- <attribute name="Id" type="ID" use="optional"/>
-</complexType>
-
- <element name="SignatureValue" type="ds:SignatureValueType"/>
- <complexType name="SignatureValueType">
- <simpleContent>
- <extension base="base64Binary">
- <attribute name="Id" type="ID" use="optional"/>
- </extension>
- </simpleContent>
- </complexType>
-
-<!-- Start SignedInfo -->
-
-<element name="SignedInfo" type="ds:SignedInfoType"/>
-<complexType name="SignedInfoType">
- <sequence>
- <element ref="ds:CanonicalizationMethod"/>
- <element ref="ds:SignatureMethod"/>
- <element ref="ds:Reference" maxOccurs="unbounded"/>
- </sequence>
- <attribute name="Id" type="ID" use="optional"/>
-</complexType>
-
- <element name="CanonicalizationMethod" type="ds:CanonicalizationMethodType"/>
- <complexType name="CanonicalizationMethodType" mixed="true">
- <sequence>
- <any namespace="##any" minOccurs="0" maxOccurs="unbounded"/>
- <!-- (0,unbounded) elements from (1,1) namespace -->
- </sequence>
- <attribute name="Algorithm" type="anyURI" use="required"/>
- </complexType>
-
- <element name="SignatureMethod" type="ds:SignatureMethodType"/>
- <complexType name="SignatureMethodType" mixed="true">
- <sequence>
- <element name="HMACOutputLength" minOccurs="0" type="ds:HMACOutputLengthType"/>
- <any namespace="##other" minOccurs="0" maxOccurs="unbounded"/>
- <!-- (0,unbounded) elements from (1,1) external namespace -->
- </sequence>
- <attribute name="Algorithm" type="anyURI" use="required"/>
- </complexType>
-
-<!-- Start Reference -->
-
-<element name="Reference" type="ds:ReferenceType"/>
-<complexType name="ReferenceType">
- <sequence>
- <element ref="ds:Transforms" minOccurs="0"/>
- <element ref="ds:DigestMethod"/>
- <element ref="ds:DigestValue"/>
- </sequence>
- <attribute name="Id" type="ID" use="optional"/>
- <attribute name="URI" type="anyURI" use="optional"/>
- <attribute name="Type" type="anyURI" use="optional"/>
-</complexType>
-
- <element name="Transforms" type="ds:TransformsType"/>
- <complexType name="TransformsType">
- <sequence>
- <element ref="ds:Transform" maxOccurs="unbounded"/>
- </sequence>
- </complexType>
-
- <element name="Transform" type="ds:TransformType"/>
- <complexType name="TransformType" mixed="true">
- <choice minOccurs="0" maxOccurs="unbounded">
- <any namespace="##other" processContents="lax"/>
- <!-- (1,1) elements from (0,unbounded) namespaces -->
- <element name="XPath" type="string"/>
- </choice>
- <attribute name="Algorithm" type="anyURI" use="required"/>
- </complexType>
-
-<!-- End Reference -->
-
-<element name="DigestMethod" type="ds:DigestMethodType"/>
-<complexType name="DigestMethodType" mixed="true">
- <sequence>
- <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
- </sequence>
- <attribute name="Algorithm" type="anyURI" use="required"/>
-</complexType>
-
-<element name="DigestValue" type="ds:DigestValueType"/>
-<simpleType name="DigestValueType">
- <restriction base="base64Binary"/>
-</simpleType>
-
-<!-- End SignedInfo -->
-
-<!-- Start KeyInfo -->
-
-<element name="KeyInfo" type="ds:KeyInfoType"/>
-<complexType name="KeyInfoType" mixed="true">
- <choice maxOccurs="unbounded">
- <element ref="ds:KeyName"/>
- <element ref="ds:KeyValue"/>
- <element ref="ds:RetrievalMethod"/>
- <element ref="ds:X509Data"/>
- <element ref="ds:PGPData"/>
- <element ref="ds:SPKIData"/>
- <element ref="ds:MgmtData"/>
- <any processContents="lax" namespace="##other"/>
- <!-- (1,1) elements from (0,unbounded) namespaces -->
- </choice>
- <attribute name="Id" type="ID" use="optional"/>
-</complexType>
-
- <element name="KeyName" type="string"/>
- <element name="MgmtData" type="string"/>
-
- <element name="KeyValue" type="ds:KeyValueType"/>
- <complexType name="KeyValueType" mixed="true">
- <choice>
- <element ref="ds:DSAKeyValue"/>
- <element ref="ds:RSAKeyValue"/>
- <element ref="ds:ECKeyValue"/>
- <any namespace="##other" processContents="lax"/>
- </choice>
- </complexType>
-
-<!-- ECDSA KEY DEFINITIONS -->
-
- <element name="ECKeyValue" type="ds:ECKeyValueType"/>
- <complexType name="ECKeyValueType">
- <sequence>
- <choice>
- <element name="ECParameters" type="ds:ECParametersType"/>
- <element name="NamedCurve" type="ds:NamedCurveType"/>
- </choice>
- <element name="PublicKey" type="ds:ECPointType"/>
- </sequence>
- <attribute name="Id" type="ID" use="optional"/>
- </complexType>
-
- <complexType name="NamedCurveType">
- <attribute name="URI" type="anyURI" use="required"/>
- </complexType>
-
- <simpleType name="ECPointType">
- <restriction base="ds:CryptoBinary"/>
- </simpleType>
-
- <element name="RetrievalMethod" type="ds:RetrievalMethodType"/>
- <complexType name="RetrievalMethodType">
- <sequence>
- <element ref="ds:Transforms" minOccurs="0"/>
- </sequence>
- <attribute name="URI" type="anyURI"/>
- <attribute name="Type" type="anyURI" use="optional"/>
- </complexType>
-
- <complexType name="ECParametersType">
- <sequence>
- <element name="FieldID" type="ds:FieldIDType"/>
- <element name="Curve" type="ds:CurveType"/>
- <element name="Base" type="ds:ECPointType"/>
- <element name="Order" type="ds:CryptoBinary"/>
- <element name="CoFactor" type="integer" minOccurs="0"/>
- <element name="ValidationData" type="ds:ECValidationDataType" minOccurs="0"/>
- </sequence>
- </complexType>
-
- <complexType name="FieldIDType">
- <choice>
- <element ref="ds:Prime"/>
- <element ref="ds:TnB"/>
- <element ref="ds:PnB"/>
- <element ref="ds:GnB"/>
- <any namespace="##other" processContents="lax"/>
- </choice>
- </complexType>
-
- <element name="Prime" type="ds:PrimeFieldParamsType"/>
- <complexType name="PrimeFieldParamsType">
- <sequence>
- <element name="P" type="ds:CryptoBinary"/>
- </sequence>
- </complexType>
-
- <element name="GnB" type="ds:CharTwoFieldParamsType"/>
- <complexType name="CharTwoFieldParamsType">
- <sequence>
- <element name="M" type="positiveInteger"/>
- </sequence>
- </complexType>
-
- <element name="TnB" type="ds:TnBFieldParamsType"/>
- <complexType name="TnBFieldParamsType">
- <complexContent>
- <extension base="ds:CharTwoFieldParamsType">
- <sequence>
- <element name="K" type="positiveInteger"/>
- </sequence>
- </extension>
- </complexContent>
- </complexType>
-
- <element name="PnB" type="ds:PnBFieldParamsType"/>
- <complexType name="PnBFieldParamsType">
- <complexContent>
- <extension base="ds:CharTwoFieldParamsType">
- <sequence>
- <element name="K1" type="positiveInteger"/>
- <element name="K2" type="positiveInteger"/>
- <element name="K3" type="positiveInteger"/>
- </sequence>
- </extension>
- </complexContent>
- </complexType>
-
- <complexType name="CurveType">
- <sequence>
- <element name="A" type="ds:CryptoBinary"/>
- <element name="B" type="ds:CryptoBinary"/>
- </sequence>
- </complexType>
-
- <complexType name="ECValidationDataType">
- <sequence>
- <element name="seed" type="ds:CryptoBinary"/>
- </sequence>
- <attribute name="hashAlgorithm" type="anyURI" use="required"/>
- </complexType>
-
-
-<!-- Start X509Data -->
-
-<element name="X509Data" type="ds:X509DataType"/>
-<complexType name="X509DataType">
- <sequence maxOccurs="unbounded">
- <choice>
- <element name="X509IssuerSerial" type="ds:X509IssuerSerialType"/>
- <element name="X509SKI" type="base64Binary"/>
- <element name="X509SubjectName" type="string"/>
- <element name="X509Certificate" type="base64Binary"/>
- <element name="X509CRL" type="base64Binary"/>
- <any namespace="##other" processContents="lax"/>
- </choice>
- </sequence>
-</complexType>
-
-<complexType name="X509IssuerSerialType">
- <sequence>
- <element name="X509IssuerName" type="string"/>
- <element name="X509SerialNumber" type="integer"/>
- </sequence>
-</complexType>
-
-<!-- End X509Data -->
-
-<!-- Begin PGPData -->
-
-<element name="PGPData" type="ds:PGPDataType"/>
-<complexType name="PGPDataType">
- <choice>
- <sequence>
- <element name="PGPKeyID" type="base64Binary"/>
- <element name="PGPKeyPacket" type="base64Binary" minOccurs="0"/>
- <any namespace="##other" processContents="lax" minOccurs="0"
- maxOccurs="unbounded"/>
- </sequence>
- <sequence>
- <element name="PGPKeyPacket" type="base64Binary"/>
- <any namespace="##other" processContents="lax" minOccurs="0"
- maxOccurs="unbounded"/>
- </sequence>
- </choice>
-</complexType>
-
-<!-- End PGPData -->
-
-<!-- Begin SPKIData -->
-
-<element name="SPKIData" type="ds:SPKIDataType"/>
-<complexType name="SPKIDataType">
- <sequence maxOccurs="unbounded">
- <element name="SPKISexp" type="base64Binary"/>
- <any namespace="##other" processContents="lax" minOccurs="0"/>
- </sequence>
-</complexType>
-
-<!-- End SPKIData -->
-
-<!-- End KeyInfo -->
-
-<!-- Start Object (Manifest, SignatureProperty) -->
-
-<element name="Object" type="ds:ObjectType"/>
-<complexType name="ObjectType" mixed="true">
- <sequence minOccurs="0" maxOccurs="unbounded">
- <any namespace="##any" processContents="lax"/>
- </sequence>
- <attribute name="Id" type="ID" use="optional"/>
- <attribute name="MimeType" type="string" use="optional"/> <!-- add a grep facet -->
- <attribute name="Encoding" type="anyURI" use="optional"/>
-</complexType>
-
-<element name="Manifest" type="ds:ManifestType"/>
-<complexType name="ManifestType">
- <sequence>
- <element ref="ds:Reference" maxOccurs="unbounded"/>
- </sequence>
- <attribute name="Id" type="ID" use="optional"/>
-</complexType>
-
-<element name="SignatureProperties" type="ds:SignaturePropertiesType"/>
-<complexType name="SignaturePropertiesType">
- <sequence>
- <element ref="ds:SignatureProperty" maxOccurs="unbounded"/>
- </sequence>
- <attribute name="Id" type="ID" use="optional"/>
-</complexType>
-
- <element name="SignatureProperty" type="ds:SignaturePropertyType"/>
- <complexType name="SignaturePropertyType" mixed="true">
- <choice maxOccurs="unbounded">
- <any namespace="##other" processContents="lax"/>
- <!-- (1,1) elements from (1,unbounded) namespaces -->
- </choice>
- <attribute name="Target" type="anyURI" use="required"/>
- <attribute name="Id" type="ID" use="optional"/>
- </complexType>
-
-<!-- End Object (Manifest, SignatureProperty) -->
-
-<!-- Start Algorithm Parameters -->
-
-<simpleType name="HMACOutputLengthType">
- <restriction base="integer"/>
-</simpleType>
-
-<!-- Start KeyValue Element-types -->
-
-<element name="DSAKeyValue" type="ds:DSAKeyValueType"/>
-<complexType name="DSAKeyValueType">
- <sequence>
- <sequence minOccurs="0">
- <element name="P" type="ds:CryptoBinary"/>
- <element name="Q" type="ds:CryptoBinary"/>
- </sequence>
- <element name="G" type="ds:CryptoBinary" minOccurs="0"/>
- <element name="Y" type="ds:CryptoBinary"/>
- <element name="J" type="ds:CryptoBinary" minOccurs="0"/>
- <sequence minOccurs="0">
- <element name="Seed" type="ds:CryptoBinary"/>
- <element name="PgenCounter" type="ds:CryptoBinary"/>
- </sequence>
- </sequence>
-</complexType>
-
-<element name="RSAKeyValue" type="ds:RSAKeyValueType"/>
-<complexType name="RSAKeyValueType">
- <sequence>
- <element name="Modulus" type="ds:CryptoBinary"/>
- <element name="Exponent" type="ds:CryptoBinary"/>
- </sequence>
-</complexType>
-
-<!-- End KeyValue Element-types -->
-
-<!-- End Signature -->
-
-</schema>
+++ /dev/null
-#!/bin/sh
-# Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
-#Uncomment this when IPC is set to DBus
-#dbus-send --system --print-reply --dest=org.tizen.SecurityDaemon /org/tizen/SecurityDaemon org.tizen.AceCheckAccessInterface.update_policy
-
-#Uncomment this when IPC is set to sockets
-echo "delete from AcePolicyResult where 1==1;" | sqlite3 /opt/dbspace/.ace.db
-echo "delete from AceAttribute where 1==1;" | sqlite3 /opt/dbspace/.ace.db
-echo "delete from AcePromptDecision where 1==1;" | sqlite3 /opt/dbspace/.ace.db
-pkill -9 security-ser
-sleep 3
-
+++ /dev/null
-#!/bin/sh
-# Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-for name in ace
-do
- rm -f /opt/dbspace/.$name.db
- rm -f /opt/dbspace/.$name.db-journal
- SQL="PRAGMA journal_mode = PERSIST;"
- sqlite3 /opt/dbspace/.$name.db "$SQL"
- SQL=".read /usr/share/wrt-engine/"$name"_db.sql"
- sqlite3 /opt/dbspace/.$name.db "$SQL"
- touch /opt/dbspace/.$name.db-journal
- chown 0:6026 /opt/dbspace/.$name.db
- chown 0:6026 /opt/dbspace/.$name.db-journal
- chmod 660 /opt/dbspace/.$name.db
- chmod 660 /opt/dbspace/.$name.db-journal
-done
-
-
--- /dev/null
+
+[Unit]
+Description=Start the security server
+
+[Service]
+ExecStart=/usr/bin/security-server
+
+[Install]
+WantedBy=multi-user.target
#sbs-git:slp/pkgs/s/security-server security-server 0.0.37
Name: security-server
Summary: Security server and utilities
-Version: 0.0.61
+Version: 0.0.67
Release: 1
Group: TO_BE/FILLED_IN
License: Apache License, Version 2.0
Source0: %{name}-%{version}.tar.gz
Source1: security-server.manifest
Source2: libsecurity-server-client.manifest
+Source3: security-server.service
BuildRequires: cmake
BuildRequires: zip
BuildRequires: pkgconfig(dlog)
BuildRequires: pkgconfig(icu-i18n)
BuildRequires: pkgconfig(libsoup-2.4)
BuildRequires: pkgconfig(xmlsec1)
+Requires(preun): systemd
+Requires(post): systemd
+Requires(postun): systemd
%description
Security server and utilities
%description -n libsecurity-server-client
Security server package (client)
+#%package -n wrt-security
+#Summary: wrt-security-daemon and client libraries.
+#Group: Development/Libraries
+#Requires(post): /sbin/ldconfig
+#Requires(postun): /sbin/ldconfig
+#
+#%description -n wrt-security
+#Wrt-security-daemon and client libraries.
+#
+#%package -n wrt-security-devel
+#Summary: Header files for client libraries.
+#Group: Development/Libraries
+#Requires: wrt-security = %{version}-%{release}
+#
+#%description -n wrt-security-devel
+#Developer files for client libraries.
%package -n libsecurity-server-client-devel
Summary: Security server (client-devel)
%install
rm -rf %{buildroot}
mkdir -p %{buildroot}/usr/share/license
-cp LICENSE.APLv2.0 %{buildroot}/usr/share/license/%{name}
-cp LICENSE.APLv2.0 %{buildroot}/usr/share/license/libsecurity-server-client
+cp LICENSE %{buildroot}/usr/share/license/%{name}
+cp LICENSE %{buildroot}/usr/share/license/libsecurity-server-client
%make_install
install -D %{SOURCE1} %{buildroot}%{_datadir}/security-server.manifest
install -D %{SOURCE2} %{buildroot}%{_datadir}/libsecurity-server-client.manifest
-%clean
-rm -rf %{buildroot}
+mkdir -p %{buildroot}%{_libdir}/systemd/system/multi-user.target.wants
+install -m 0644 %{SOURCE3} %{buildroot}%{_libdir}/systemd/system/security-server.service
+ln -s ../security-server.service %{buildroot}%{_libdir}/systemd/system/multi-user.target.wants/security-server.service
+
+%preun
+if [ $1 == 0 ]; then
+ systemctl stop security-server.service
+fi
%post
+systemctl daemon-reload
+if [ $1 == 1 ]; then
+ systemctl restart security-server.service
+fi
mkdir -p /etc/rc.d/rc3.d
mkdir -p /etc/rc.d/rc5.d
-ln -s /etc/rc.d/init.d/security-serverd /etc/rc.d/rc3.d/S10security-server
-ln -s /etc/rc.d/init.d/security-serverd /etc/rc.d/rc5.d/S10security-server
-
-if [ -z ${2} ]; then
- echo "This is new install of wrt-security"
- echo "Calling /usr/bin/wrt_security_create_clean_db.sh"
- /usr/bin/wrt_security_create_clean_db.sh
-else
- # Find out old and new version of databases
- ACE_OLD_DB_VERSION=`sqlite3 /opt/dbspace/.ace.db ".tables" | grep "DB_VERSION_"`
- ACE_NEW_DB_VERSION=`cat /usr/share/wrt-engine/ace_db.sql | tr '[:blank:]' '\n' | grep DB_VERSION_`
- echo "OLD ace database version ${ACE_OLD_DB_VERSION}"
- echo "NEW ace database version ${ACE_NEW_DB_VERSION}"
-
- if [ ${ACE_OLD_DB_VERSION} -a ${ACE_NEW_DB_VERSION} ]
- then
- if [ ${ACE_NEW_DB_VERSION} = ${ACE_OLD_DB_VERSION} ]
- then
- echo "Equal database detected so db installation ignored"
- else
- echo "Calling /usr/bin/wrt_security_create_clean_db.sh"
- /usr/bin/wrt_security_create_clean_db.sh
- fi
- else
- echo "Calling /usr/bin/wrt_security_create_clean_db.sh"
- /usr/bin/wrt_security_create_clean_db.sh
- fi
-fi
-
-echo "[WRT] wrt-security postinst done ..."
+ln -sf /etc/rc.d/init.d/security-serverd /etc/rc.d/rc3.d/S10security-server
+ln -sf /etc/rc.d/init.d/security-serverd /etc/rc.d/rc5.d/S10security-server
%postun
-rm -f /etc/rc.d/rc3.d/S10security-server
-rm -f /etc/rc.d/rc5.d/S10security-server
+systemctl daemon-reload
+if [ "$1" = 0 ]; then
+ rm -f /etc/rc.d/rc3.d/S10security-server
+ rm -f /etc/rc.d/rc5.d/S10security-server
+fi
%post -n libsecurity-server-client -p /sbin/ldconfig
%postun -n libsecurity-server-client -p /sbin/ldconfig
-
%files -n security-server
%manifest %{_datadir}/security-server.manifest
%defattr(-,root,root,-)
+%{_libdir}/systemd/system/multi-user.target.wants/security-server.service
+%{_libdir}/systemd/system/security-server.service
/usr/share/security-server/mw-list
%attr(755,root,root) /etc/rc.d/init.d/security-serverd
#/etc/rc.d/rc3.d/S10security-server
#/etc/rc.d/rc5.d/S10security-server
%attr(755,root,root) /usr/bin/security-server
-#/usr/bin/sec-svr-util
-%{_libdir}/libace*.so
-%{_libdir}/libace*.so.*
-%{_libdir}/libwrt-ocsp.so
-%{_libdir}/libwrt-ocsp.so.*
-/usr/share/wrt-engine/*
-%attr(755,root,root) %{_bindir}/wrt_security_create_clean_db.sh
-%attr(755,root,root) %{_bindir}/wrt_security_change_policy.sh
-%attr(664,root,root) %{_datadir}/dbus-1/services/*
-%attr(664,root,root) /usr/etc/ace/bondixml*
-%attr(664,root,root) /usr/etc/ace/UnrestrictedPolicy.xml
-%attr(664,root,root) /usr/etc/ace/WAC2.0Policy.xml
-%attr(664,root,root) /usr/etc/ace/TizenPolicy.xml
+%attr(755,root,root) /etc/rc.d/init.d/security-serverd
+/usr/share/security-server/mw-list
%{_datadir}/license/%{name}
-#%files -n security-server-certs
-%attr(664,root,root) /opt/share/cert-svc/certs/code-signing/wac/wac.publisherid.pem
-%attr(664,root,root) /opt/share/cert-svc/certs/code-signing/wac/tizen.root.preproduction.cert.pem
-%attr(664,root,root) /opt/share/cert-svc/certs/code-signing/wac/wac.root.production.pem
-%attr(664,root,root) /opt/share/cert-svc/certs/code-signing/wac/wac.root.preproduction.pem
-%attr(664,root,root) /opt/share/cert-svc/certs/code-signing/wac/tizen-developer-root-ca.pem
-%attr(664,root,root) /opt/share/cert-svc/certs/code-signing/wac/tizen-distributor-root-ca-partner.pem
-%attr(664,root,root) /opt/share/cert-svc/certs/code-signing/wac/tizen-distributor-root-ca-public.pem
-
%files -n libsecurity-server-client
%manifest %{_datadir}/libsecurity-server-client.manifest
%defattr(-,root,root,-)
%defattr(-,root,root,-)
/usr/lib/libsecurity-server-client.so
/usr/include/security-server/security-server.h
-/usr/lib/pkgconfig/security-server.pc
-%{_includedir}/wrt-security/*
-%{_includedir}/ace/*
-%{_includedir}/ace-client/*
-%{_includedir}/ace-settings/*
-%{_includedir}/ace-install/*
-%{_includedir}/ace-common/*
-%{_includedir}/ace-popup-validation/*
-%{_includedir}/wrt-ocsp/*
%{_libdir}/pkgconfig/*.pc
+++ /dev/null
-/*
- * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/**
- * @file SecuritySocketClient.cpp
- * @author Zofia Abramowska (z.abramowska@samsung.com)
- * @version 1.0
- * @brief Implemtation of socket client class.
- */
-
-#include <sys/socket.h>
-#include <string.h>
-#include <fcntl.h>
-#include <sys/types.h>
-#include <sys/un.h>
-#include <errno.h>
-
-#include "SecuritySocketClient.h"
-#include "security_daemon_socket_config.h"
-
-void SecuritySocketClient::throwWithErrnoMessage(const std::string& specificInfo){
- LogError(specificInfo << " : " << strerror(errno));
- ThrowMsg(Exception::SecuritySocketClientException, specificInfo << " : " << strerror(errno));
-}
-
-SecuritySocketClient::SecuritySocketClient(const std::string& interfaceName) {
- m_interfaceName = interfaceName;
- m_serverAddress = WrtSecurity::SecurityDaemonSocketConfig::SERVER_ADDRESS();
- LogInfo("Client created");
-}
-
-void SecuritySocketClient::connect(){
- struct sockaddr_un remote;
- if(-1 == (m_socketFd = socket(AF_UNIX, SOCK_STREAM,0))){
- throwWithErrnoMessage("socket()");
- }
-
- //socket needs to be nonblocking, because read can block after select
- int flags;
- if (-1 == (flags = fcntl(m_socketFd, F_GETFL, 0)))
- flags = 0;
- if(-1 == (fcntl(m_socketFd, F_SETFL, flags | O_NONBLOCK))){
- throwWithErrnoMessage("fcntl");
- }
-
- bzero(&remote, sizeof(remote));
- remote.sun_family = AF_UNIX;
- strcpy(remote.sun_path, m_serverAddress.c_str());
- if(-1 == ::connect(m_socketFd, (struct sockaddr *)&remote, SUN_LEN(&remote))){
- throwWithErrnoMessage("connect()");
- }
-
- m_socketConnector.reset(new SocketConnection(m_socketFd));
-
- LogInfo("Client connected");
-}
-
-void SecuritySocketClient::disconnect(){
- //Socket should be already closed by server side,
- //even though we should close it in case of any errors
- close(m_socketFd);
- LogInfo("Client disconnected");
-}
+++ /dev/null
-/*
- * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/**
- * @file SecuritySocketClient.h
- * @author Zofia Abramowska (z.abramowska@samsung.com)
- * @version 1.0
- * @brief Header of socket client class.
- */
-
-#ifndef SECURITYSOCKETCLIENT_H_
-#define SECURITYSOCKETCLIENT_H_
-
-#include <memory>
-#include <string>
-#include <dpl/log/log.h>
-#include "SocketConnection.h"
-
-/* IMPORTANT:
- * Methods connect(), call() and disconnected() should be called one by one.
- * Between connect() and disconnect() you can use call() only once.
- * It is because of timeout on call, e.g. to avoid waiting for corrupted data.
- */
-
-/* USAGE:
- * Class should be used according to this scheme:
- * SecuritySocketClient client("Interface Name");
- * (...)
- * client.connect();
- * client.call("Method name", in_arg1, in_arg2, ..., in_argN,
- * out_arg1, out_arg2, ..., out_argM);
- * client.disconnect();
- * (...)
- *
- * input parameters of the call are passed with reference,
- * output ones are passed as pointers - parameters MUST be passed this way.
- *
- * Currently client supports serialization and deserialization of simple types
- * (int, char, float, unsigned), strings (std::string and char*) and
- * some STL containers (std::vector, std::list, std::map, std::pair).
- * Structures and classes are not (yet) supported.
- */
-
-class SecuritySocketClient {
-public:
- class Exception
- {
- public:
- DECLARE_EXCEPTION_TYPE(DPL::Exception, Base)
- DECLARE_EXCEPTION_TYPE(Base, SecuritySocketClientException)
- };
-
- SecuritySocketClient(const std::string &interfaceName);
- void connect();
- void disconnect();
-
- void call(std::string methodName){
- make_call(m_interfaceName);
- make_call(methodName);
- }
-
- template<typename ...Args>
- void call(std::string methodName, const Args&... args){
- make_call(m_interfaceName);
- make_call(methodName);
- make_call(args...);
- }
-
-private:
- template<typename T, typename ...Args>
- void make_call(const T& invalue, const Args&... args){
- make_call(invalue);
- make_call(args...);
- }
-
- template<typename T>
- void make_call(const T& invalue){
- Try {
- m_socketConnector->write(invalue);
- }
- Catch (SocketConnection::Exception::SocketConnectionException){
- LogError("Socket connection write error");
- ReThrowMsg(Exception::SecuritySocketClientException,"Socket connection write error");
- }
- }
-
- template<typename T, typename ...Args>
- void make_call(const T* invalue, const Args&... args){
- make_call(invalue);
- make_call(args...);
- }
-
- template<typename T>
- void make_call(const T* invalue){
- Try {
- m_socketConnector->write(invalue);
- }
- Catch (SocketConnection::Exception::SocketConnectionException){
- LogError("Socket connection write error");
- ReThrowMsg(Exception::SecuritySocketClientException,"Socket connection write error");
- }
- }
-
- template<typename T, typename ...Args>
- void make_call(T * outvalue, const Args&... args){
- make_call(outvalue);
- make_call(args...);
- }
-
- template<typename T>
- void make_call(T* outvalue){
- Try {
- m_socketConnector->read(outvalue);
- }
- Catch (SocketConnection::Exception::SocketConnectionException){
- LogError("Socket connection read error");
- ReThrowMsg(Exception::SecuritySocketClientException,"Socket connection read error");
- }
- }
-
-
-private:
- void throwWithErrnoMessage(const std::string& specificInfo);
- std::string m_serverAddress;
- std::string m_interfaceName;
- std::unique_ptr<SocketConnection> m_socketConnector;
- int m_socketFd;
-};
-
-#endif /* SECURITYSOCKETCLIENT_H_ */
+++ /dev/null
-/*
- * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file SocketConnection.cpp
- * @author Zofia Abramowska (z.abramowska@samsung.com)
- * @version 1.0
- */
-
-#include "SocketConnection.h"
-
-//
-// Note:
-//
-// The file here is left blank to enable precompilation
-// of templates in corresponding header file.
-// Do not remove this file.
-//
+++ /dev/null
-/*
- * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file SocketConnection.h
- * @author Zofia Abramowska (z.abramowska@samsung.com)
- * @version 1.0
- * @brief This file is a header of Socket Connection class with implemented templates
- */
-
-#ifndef SOCKETCONNECTION_H_
-#define SOCKETCONNECTION_H_
-
-#include <dpl/serialization.h>
-#include <dpl/log/log.h>
-#include <new>
-#include "SocketStream.h"
-
-/*
- * This class implements interface for generic read and write from given socket.
- * It does not maintain socket descriptor, so any connecting and disconnecting should be
- * done above calls to this class.
- */
-
-/*
- * Throws SocketConnectionException when read/write will not succeed or if any bad allocation
- * exception occurs during read.
- */
-
-class SocketConnection {
-
-public:
-
- class Exception
- {
- public:
- DECLARE_EXCEPTION_TYPE(DPL::Exception, Base)
- DECLARE_EXCEPTION_TYPE(Base, SocketConnectionException)
- };
-
- explicit SocketConnection(int socket_fd) : m_socketStream(socket_fd){
- LogInfo("Created");
- }
-
- template<typename T, typename ...Args>
- void read(T* out, const Args&... args ){
- read(out);
- read(args...);
- }
-
- template<typename T>
- void read(T* out){
- Try {
- DPL::Deserialization::Deserialize(m_socketStream, *out);
- }
-
- Catch (std::bad_alloc){
- LogError("Bad allocation error");
- ThrowMsg(Exception::SocketConnectionException, "Bad allocation error");
- }
-
- Catch (SocketStream::Exception::SocketStreamException) {
- LogError("Socket stream error");
- ReThrowMsg(Exception::SocketConnectionException, "Socket stream error");
- }
- }
-
- template<typename T, typename ...Args>
- void write(const T& in, const Args&... args){
- write(in);
- write(args...);
- }
-
- template<typename T>
- void write(const T& in){
- Try {
- DPL::Serialization::Serialize(m_socketStream, in);
- } Catch (SocketStream::Exception::SocketStreamException) {
- LogError("Socket stream error");
- ReThrowMsg(Exception::SocketConnectionException, "Socket stream error");
- }
- }
-
- template<typename T, typename ...Args>
- void write(const T* in, const Args&... args){
- write(in);
- write(args...);
- }
-
- template<typename T>
- void write(const T* in){
- Try {
- DPL::Serialization::Serialize(m_socketStream, in);
- } Catch (SocketStream::Exception::SocketStreamException) {
- LogError("Socket stream error");
- ReThrowMsg(Exception::SocketConnectionException, "Socket stream error");
- }
- }
-
-private:
- SocketStream m_socketStream;
-};
-
-#endif /* SOCKETCONNECTION_H_ */
+++ /dev/null
-/*
- * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/**
- * @file SocketStream.cpp
- * @author Zofia Abramowska (z.abramowska@samsung.com)
- * @version 1.0
- * @brief Implementation of socket stream class
- */
-
-
-#include <sys/socket.h>
-#include <sys/select.h>
-#include <errno.h>
-#include <cstring>
-#include <dpl/log/log.h>
-#include "SocketStream.h"
-
-#define READ_TIEMOUT_SEC 60
-#define READ_TIMEUOT_NSEC 0
-#define WRITE_TIMEOUT_SEC 60
-#define WRITE_TIMEOUT_NSEC 0
-#define MAX_BUFFER 10240
-
-void SocketStream::throwWithErrnoMessage(std::string function_name){
- LogError(function_name << " : " << strerror(errno));
- ThrowMsg(Exception::SocketStreamException, function_name << " : " << strerror(errno));
-}
-
-void SocketStream::Read(size_t num, void * bytes){
-
- if(NULL == bytes){
- LogError("Null pointer to buffer");
- ThrowMsg(Exception::SocketStreamException, "Null pointer to buffer");
- }
-
- m_bytesRead += num;
-
- if(m_bytesRead > MAX_BUFFER){
- LogError("Too big buffer requested!");
- ThrowMsg(Exception::SocketStreamException, "Too big buffer requested!");
- }
-
- char part_buffer[MAX_BUFFER];
- std::string whole_buffer;
-
- fd_set rset, allset;
- int max_fd;
- ssize_t bytes_read = 0, bytes_to_read = (ssize_t) num;
-
- timespec timeout;
-
- max_fd = m_socketFd;
- ++max_fd;
-
- FD_ZERO(&allset);
- FD_SET(m_socketFd, &allset);
-
- int returned_value;
-
- while(bytes_to_read != 0){
- timeout.tv_sec = READ_TIEMOUT_SEC;
- timeout.tv_nsec = READ_TIMEUOT_NSEC;
- rset = allset;
-
- if(-1 == (returned_value = pselect(max_fd, &rset, NULL, NULL, &timeout, NULL))){
- if(errno == EINTR) continue;
- throwWithErrnoMessage("pselect()");
- }
- if(0 == returned_value){
- //This means pselect got timedout
- //This is not a proper behavior in reading data from UDS
- //And could mean we got corrupted connection
- LogError("Couldn't read whole data");
- ThrowMsg(Exception::SocketStreamException, "Couldn't read whole data");
- }
- if(FD_ISSET(m_socketFd, &rset)){
- bytes_read = read(m_socketFd, part_buffer, num);
- if(bytes_read <= 0){
- if(errno == ECONNRESET || errno == ENOTCONN || errno == ETIMEDOUT){
- LogInfo("Connection closed : " << strerror(errno));
- ThrowMsg(Exception::SocketStreamException,
- "Connection closed : " << strerror(errno) << ". Couldn't read whole data");
- }else if (errno != EAGAIN && errno != EWOULDBLOCK){
- throwWithErrnoMessage("read()");
- }
- }
-
- whole_buffer.append(part_buffer, bytes_read);
- bytes_to_read-=bytes_read;
- bytes_read = 0;
- continue;
- }
-
- }
- memcpy(bytes, whole_buffer.c_str(), num);
-}
-
-void SocketStream::Write(size_t num, const void * bytes){
-
- if(NULL == bytes){
- LogError("Null pointer to buffer");
- ThrowMsg(Exception::SocketStreamException, "Null pointer to buffer");
- }
-
- m_bytesWrote += num;
-
- if(m_bytesWrote > MAX_BUFFER){
- LogError("Too big buffer requested!");
- ThrowMsg(Exception::SocketStreamException, "Too big buffer requested!");
- }
-
- fd_set wset, allset;
- int max_fd;
-
- timespec timeout;
-
- max_fd = m_socketFd;
- ++max_fd;
-
- FD_ZERO(&allset);
- FD_SET(m_socketFd, &allset);
-
- int returned_value;
-
- int write_res, bytes_to_write = num;
- unsigned int current_offset = 0;
-
- while(current_offset != num){
- timeout.tv_sec = WRITE_TIMEOUT_SEC;
- timeout.tv_nsec = WRITE_TIMEOUT_NSEC;
- wset = allset;
-
- if(-1 == (returned_value = pselect(max_fd, NULL, &wset, NULL, &timeout, NULL))){
- if(errno == EINTR) continue;
- throwWithErrnoMessage("pselect()");
- }
-
- if(FD_ISSET(m_socketFd, &wset)){
- if(-1 == (write_res = write(m_socketFd, reinterpret_cast<const char *>(bytes) + current_offset, bytes_to_write))){
- if(errno == ECONNRESET || errno == EPIPE){
- LogInfo("Connection closed : " << strerror(errno));
- ThrowMsg(Exception::SocketStreamException,
- "Connection closed : " << strerror(errno) << ". Couldn't write whole data");
-
- }else if(errno != EAGAIN && errno != EWOULDBLOCK){
- throwWithErrnoMessage("write()");
- }
- }
- current_offset += write_res;
- bytes_to_write -= write_res;
- }
- }
-}
+++ /dev/null
-/*
- * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/**
- * @file SocketStream.h
- * @author Zofia Abramowska (z.abramowska@samsung.com)
- * @version 1.0
- * @brief Header of socket stream class.
- */
-
-#ifndef SOCKETSTREAM_H_
-#define SOCKETSTREAM_H_
-
-#include <string>
-#include <sys/socket.h>
-#include <sys/select.h>
-#include <dpl/serialization.h>
-#include <dpl/log/log.h>
-
-/*
- * This class implements binary read/write from socket used for DPL serialization and deserialization
- * It can read or write buffers of max *total* size 10kB.
- * I does not maintain socket descriptor.
- */
-
-/*
- * Throws SocketStreamException when buffer is null or its size exceeds max size or when
- * there is an error during read or write.
- */
-
-
-
-class SocketStream : public DPL::IStream {
-public:
- class Exception
- {
- public:
- DECLARE_EXCEPTION_TYPE(DPL::Exception, Base)
- DECLARE_EXCEPTION_TYPE(Base, SocketStreamException)
- };
-
- explicit SocketStream(int socket_fd) : m_socketFd(socket_fd),
- m_bytesRead(0),
- m_bytesWrote(0)
- {
- LogInfo("Created");
- }
- void Read(size_t num, void * bytes);
- void Write(size_t num, const void * bytes);
-private:
- void throwWithErrnoMessage(std::string specificInfo);
- int m_socketFd;
- int m_bytesRead;
- int m_bytesWrote;
-};
-
-#endif /* SOCKETSTREAM_H_ */
-# Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-#
-# @file CMakeLists.txt
-# @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
-#
-
-SET(DAEMON_BASIC_DEP
- dpl-efl
- dpl-dbus-efl
- dpl-utils-efl
- libsoup-2.4
+PKG_CHECK_MODULES(SECURITY_SERVER_DEP
dlog
openssl
libsmack
- )
-
-IF(SMACK_ENABLE)
- LIST(APPEND DAEMON_BASIC_DEP libprivilege-control)
-ENDIF(SMACK_ENABLE)
-
-PKG_CHECK_MODULES(DAEMON_DEP
- ${DAEMON_BASIC_DEP}
- REQUIRED)
-
-SET(DAEMON_SOURCES_PATH ${PROJECT_SOURCE_DIR}/src)
-
-SET(DAEMON_SOURCES
- #socket connection
- ${PROJECT_SOURCE_DIR}/socket_connection/connection/SocketConnection.cpp
- ${PROJECT_SOURCE_DIR}/socket_connection/connection/SocketStream.cpp
- #caller
- ${DAEMON_SOURCES_PATH}/services/caller/security_caller.cpp
- #daemon
- ${DAEMON_SOURCES_PATH}/daemon/dbus/security_dbus_service.cpp
- ${DAEMON_SOURCES_PATH}/daemon/sockets/security_socket_service.cpp
- ${DAEMON_SOURCES_PATH}/daemon/security_daemon.cpp
- ${DAEMON_SOURCES_PATH}/main.cpp
- #ocsp
- ${DAEMON_SOURCES_PATH}/services/ocsp/dbus/ocsp_server_dbus_interface.cpp
- ${DAEMON_SOURCES_PATH}/services/ocsp/socket/ocsp_service_callbacks.cpp
- ${DAEMON_SOURCES_PATH}/services/ocsp/ocsp_service.cpp
- #ace
- ${DAEMON_SOURCES_PATH}/services/ace/dbus/ace_server_dbus_interface.cpp
- ${DAEMON_SOURCES_PATH}/services/ace/socket/ace_service_callbacks.cpp
- ${DAEMON_SOURCES_PATH}/services/ace/ace_service.cpp
- ${DAEMON_SOURCES_PATH}/services/ace/logic/security_controller.cpp
- ${DAEMON_SOURCES_PATH}/services/ace/logic/attribute_facade.cpp
- ${DAEMON_SOURCES_PATH}/services/ace/logic/security_logic.cpp
- ${DAEMON_SOURCES_PATH}/services/ace/logic/simple_roaming_agent.cpp
- #popup
- ${DAEMON_SOURCES_PATH}/services/popup/dbus/popup_response_dbus_interface.cpp
- ${DAEMON_SOURCES_PATH}/services/popup/socket/popup_service_callbacks.cpp
- )
-
-SET_SOURCE_FILES_PROPERTIES(${DAEMON_SOURCES} PROPERTIES COMPILE_FLAGS "-std=c++0x")
-
-SET(LEGACY_DAEMON_SOURCES
- #security-server
- ${DAEMON_SOURCES_PATH}/security-srv/communication/security-server-comm.c
- ${DAEMON_SOURCES_PATH}/security-srv/server/security-server-cookie.c
- ${DAEMON_SOURCES_PATH}/security-srv/server/security-server-main.c
- ${DAEMON_SOURCES_PATH}/security-srv/server/security-server-password.c
- ${DAEMON_SOURCES_PATH}/security-srv/util/security-server-util-common.c)
-
-SET_SOURCE_FILES_PROPERTIES(${LEGACY_DAEMON_SOURCES}
- PROPERTIES COMPILE_FLAGS "-DSECURITY_SERVER_DEBUG_DLOG")
-
-SET(DAEMON_SOURCES
- ${DAEMON_SOURCES}
- #security-server
- ${LEGACY_DAEMON_SOURCES})
+ REQUIRED
+ )
+
+SET(SECURITY_SERVER_PATH ${PROJECT_SOURCE_DIR}/src)
+
+SET(SECURITY_SERVER_SOURCES
+ ${SECURITY_SERVER_PATH}/communication/security-server-comm.c
+ ${SECURITY_SERVER_PATH}/server/security-server-cookie.c
+ ${SECURITY_SERVER_PATH}/server/security-server-main.c
+ ${SECURITY_SERVER_PATH}/server/security-server-password.c
+ ${SECURITY_SERVER_PATH}/util/security-server-util-common.c
+ )
SET_SOURCE_FILES_PROPERTIES(
- ${DAEMON_SOURCES_PATH}/security-srv/communication/security-server-comm.c
- PROPERTIES COMPILE_FLAGS "-D_GNU_SOURCE")
-
-
-############################# Lets start compilation process ##################
-#ace library
-INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/ace/include)
-#socket connection library
-INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/socket_connection/connection)
-#daemon
-INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src)
-INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/daemon)
-INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/daemon/dbus)
-INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/daemon/sockets/api)
-INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/daemon/sockets)
-#caller
-INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/services/caller)
-#ace
-INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/services/ace)
-INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/services/ace/dbus)
-INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/services/ace/socket)
-INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/services/ace/socket/api)
-INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/services/ace/logic)
-#ocsp
-INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/services/ocsp)
-INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/services/ocsp/dbus)
-INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/services/ocsp/socket)
-INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/services/ocsp/socket/api)
-INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/services/ocsp/logic)
-#popup
-INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/services/popup)
-INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/services/popup/dbus)
-INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/services/popup/socket)
-INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/services/popup/socket/api)
-INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/services/popup/logic)
-INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/ace/include)
-INCLUDE_DIRECTORIES(${DAEMON_DEP_INCLUDE_DIRS})
-#security-server
-INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/security-srv/include)
-
-
-
-ADD_EXECUTABLE(${TARGET_DAEMON}
- ${DAEMON_SOURCES})
-
-TARGET_LINK_LIBRARIES(${TARGET_DAEMON}
- ${DAEMON_DEP_LIBRARIES}
- ${TARGET_ACE_LIB}
- ${TARGET_ACE_DAO_RW_LIB})
-
-
-
-###################################################################################################
-## for libsecurity-server-client.so (library)
-pkg_check_modules(pkgs REQUIRED dlog openssl libsmack)
-
-SET(VERSION_MAJOR 1)
-SET(VERSION ${VERSION_MAJOR}.0.1)
-
-SET(libsecurity-server-client_SOURCES
- ${DAEMON_SOURCES_PATH}/security-srv/client/security-server-client.c
- ${DAEMON_SOURCES_PATH}/security-srv/communication/security-server-comm.c)
-SET(libsecurity-server-client_LDFLAGS " -module -avoid-version")
-SET(libsecurity-server-client_CFLAGS " ${CFLAGS} -fPIC -I${sec_svr_include_dir} ${debug_type} -D_GNU_SOURCE ")
-#SET(libsecurity-server-client_LIBADD "")
-
-ADD_LIBRARY(security-server-client SHARED ${libsecurity-server-client_SOURCES})
-TARGET_LINK_LIBRARIES(security-server-client ${pkgs_LDFLAGS})
-SET_TARGET_PROPERTIES(security-server-client PROPERTIES SOVERSION ${VERSION_MAJOR})
-SET_TARGET_PROPERTIES(security-server-client PROPERTIES VERSION ${VERSION})
-SET_TARGET_PROPERTIES(security-server-client PROPERTIES COMPILE_FLAGS "${libsecurity-server-client_CFLAGS}")
-###################################################################################################
-
-INSTALL(TARGETS ${TARGET_DAEMON}
- DESTINATION bin)
+ ${SECURITY_SERVER_SOURCES}
+ PROPERTIES
+ COMPILE_FLAGS "-D_GNU_SOURCE -DSECURITY_SERVER_DEBUG_DLOG")
-INSTALL(FILES
- ${PROJECT_SOURCE_DIR}/src/daemon/dbus/org.tizen.SecurityDaemon.service
- DESTINATION /usr/share/dbus-1/services
+INCLUDE_DIRECTORIES(
+ ${SECURITY_SERVER_PATH}/include
+ ${SECURITY_SERVER_DEP_INCLUDE_DIRS}
)
-INSTALL(FILES
- ${PROJECT_SOURCE_DIR}/src/services/ace/ace_server_api.h
- ${PROJECT_SOURCE_DIR}/src/services/ocsp/ocsp_server_api.h
- ${PROJECT_SOURCE_DIR}/src/services/popup/popup_response_server_api.h
- ${PROJECT_SOURCE_DIR}/src/services/popup/popup_ace_data_types.h
- ${PROJECT_SOURCE_DIR}/src/daemon/dbus/security_daemon_dbus_config.h
- DESTINATION /usr/include/wrt-security
+ADD_EXECUTABLE(${TARGET_SECURITY_SERVER} ${SECURITY_SERVER_SOURCES})
+
+TARGET_LINK_LIBRARIES(${TARGET_SECURITY_SERVER}
+ ${SECURITY_SERVER_DEP_LIBRARIES}
+ )
+
+################################################################################
+
+SET(SECURITY_CLIENT_VERSION_MAJOR 1)
+SET(SECURITY_CLIENT_VERSION ${SECURITY_CLIENT_VERSION_MAJOR}.0.1)
+
+SET(SECURITY_CLIENT_SOURCES
+ ${SECURITY_SERVER_PATH}/client/security-server-client.c
+ ${SECURITY_SERVER_PATH}/communication/security-server-comm.c
)
+ADD_LIBRARY(${TARGET_SECURITY_CLIENT} SHARED ${SECURITY_CLIENT_SOURCES})
+
+SET_TARGET_PROPERTIES(
+ ${TARGET_SECURITY_CLIENT}
+ PROPERTIES
+ LINK_FLAGS "-module -avoid-version"
+ COMPILE_FLAGS "-D_GNU_SOURCE -DSECURITY_SERVER_DEBUG_DLOG -fPIC"
+ SOVERSION ${SECURITY_CLIENT_VERSION_MAJOR}
+ VERSION ${SECURITY_CLIENT_VERSION}
+ )
+
+TARGET_LINK_LIBRARIES(${TARGET_SECURITY_CLIENT}
+ ${SECURITY_SERVER_DEP_LIBRARIES}
+ )
+
+################################################################################
+
+INSTALL(TARGETS ${TARGET_SECURITY_CLIENT} DESTINATION lib)
+
+INSTALL(TARGETS ${TARGET_SECURITY_SERVER} DESTINATION bin)
+
INSTALL(FILES
- ${PROJECT_SOURCE_DIR}/src/security-srv/include/security-server.h
+ ${SECURITY_SERVER_PATH}/include/security-server.h
DESTINATION /usr/include/security-server
)
INSTALL(FILES
- ${PROJECT_SOURCE_DIR}/src/security-srv/mw-list
- DESTINATION /usr/share/security-server/)
+ ${SECURITY_SERVER_PATH}/mw-list
+ DESTINATION /usr/share/security-server
+ )
INSTALL(FILES
- ${PROJECT_SOURCE_DIR}/src/security-srv/security-serverd
- DESTINATION /etc/rc.d/init.d)
+ ${SECURITY_SERVER_PATH}/security-serverd
+ DESTINATION /etc/rc.d/init.d
+ )
+
+################################################################################
+
+#CONFIGURE_FILE(security-server.pc.in security-server.pc @ONLY)
+#INSTALL
-INSTALL(TARGETS security-server-client DESTINATION lib)
+################################################################################
#include <unistd.h>
#include <string.h>
#include <sys/smack.h>
+#include <fcntl.h>
#include "security-server.h"
#include "security-server-common.h"
retval = convert_to_public_error_code(retval);
return retval;
}
+
+SECURITY_SERVER_API
+char * security_server_get_smacklabel_cookie(const char * cookie)
+{
+ char * label = NULL;
+ int sockfd = -1, retval, pid = -1;
+ response_header hdr;
+
+ if(cookie == NULL)
+ {
+ retval = SECURITY_SERVER_ERROR_INPUT_PARAM;
+ goto error;
+ }
+
+ retval = connect_to_server(&sockfd);
+ if(retval != SECURITY_SERVER_SUCCESS)
+ {
+ /* Error on socket */
+ goto error;
+ }
+
+ /* make request packet */
+ retval = send_smack_request(sockfd, cookie);
+ if(retval != SECURITY_SERVER_SUCCESS)
+ {
+ /* Error on socket */
+ SEC_SVR_DBG("Client: Send failed: %d", retval);
+ goto error;
+ }
+
+ //allocating buffer for storing SMACK label received from server
+ label = calloc(SMACK_LABEL_LEN + 1, 1);
+ if(NULL == label)
+ {
+ SEC_SVR_DBG("Client ERROR: Memory allocation error");
+ goto error;
+ }
+
+ retval = recv_smack_response(sockfd, &hdr, label);
+
+ retval = return_code_to_error_code(hdr.return_code);
+ if(hdr.basic_hdr.msg_id != SECURITY_SERVER_MSG_TYPE_SMACK_RESPONSE) /* Wrong response */
+ {
+ if(hdr.basic_hdr.msg_id == SECURITY_SERVER_MSG_TYPE_GENERIC_RESPONSE)
+ {
+ /* There must be some error */
+ SEC_SVR_DBG("Client: Error has been received. return code:%d", hdr.return_code);
+ }
+ else
+ {
+ /* Something wrong with response */
+ SEC_SVR_DBG("Client ERROR: Unexpected error occurred:%d", retval);
+ retval = SECURITY_SERVER_ERROR_BAD_RESPONSE;
+ }
+ goto error;
+ }
+ if(hdr.return_code == SECURITY_SERVER_RETURN_CODE_NO_SUCH_COOKIE)
+ {
+ SEC_SVR_DBG("%s"," Client: There is no such cookie exist");
+ }
+
+error:
+ if(sockfd > 0)
+ close(sockfd);
+
+ retval = convert_to_public_error_code(retval);
+ if(retval == 0)
+ return label;
+
+ if(NULL != label)
+ free(label);
+
+ return NULL;
+}
+
+ SECURITY_SERVER_API
+char * security_server_get_smacklabel_sockfd(int fd)
+{
+ char * label = NULL;
+
+ if(smack_new_label_from_socket(fd, &label) != 0)
+ {
+ SEC_SVR_DBG("Client ERROR: Unable to get socket SMACK label");
+ return NULL;
+ }
+
+ return label;
+}
+
+
#include <sys/types.h>
#include <sys/smack.h>
#include <fcntl.h>
+#include <pwd.h>
#include <sys/un.h>
#include <errno.h>
#include <unistd.h>
#include <sys/stat.h>
+#include <limits.h>
#include "security-server-common.h"
#include "security-server-comm.h"
return SECURITY_SERVER_SUCCESS;
}
+/* Send SMACK label to client with lenght N
+ * 0 1 2 3
+ * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+ * |---------------------------------------------------------------|
+ * | version=0x01 |MessageID=0x1e | Message Length = SMACK_LABEL_LEN + 1
+ * |---------------------------------------------------------------|
+ * | return code | SMACK label byte 0 |
+ * |---------------------------------------------------------------|
+ * | .................. |
+ * |---------------------------------------------------------------|
+ * | SMACK label byte N |
+ * |---------------------------------------------------------------|
+*/
+int send_smack(int sockfd, char * label)
+{
+ response_header hdr;
+ //added 1 to the size is for NULL terminating label
+ int LABEL_SIZE = SMACK_LABEL_LEN + 1;
+ int PACKET_SIZE = sizeof(hdr) + LABEL_SIZE;
+ unsigned char msg[PACKET_SIZE];
+ int ret;
+
+ /* Assemble header */
+ hdr.basic_hdr.version = SECURITY_SERVER_MSG_VERSION;
+ hdr.basic_hdr.msg_id = SECURITY_SERVER_MSG_TYPE_SMACK_RESPONSE;
+ hdr.basic_hdr.msg_len = LABEL_SIZE;
+ hdr.return_code = SECURITY_SERVER_RETURN_CODE_SUCCESS;
+
+ /* Perpare packet */
+ memcpy(msg, &hdr, sizeof(hdr));
+ memcpy(msg + sizeof(hdr), label, LABEL_SIZE);
+ memset(msg + sizeof(hdr) + SMACK_LABEL_LEN, 0x00, 1); //adding NULL ad the label end
+
+ /* Check poll */
+ ret = check_socket_poll(sockfd, POLLOUT, SECURITY_SERVER_SOCKET_TIMEOUT_MILISECOND);
+ if(ret == SECURITY_SERVER_ERROR_POLL)
+ {
+ SEC_SVR_DBG("%s", "poll() error");
+ return SECURITY_SERVER_ERROR_SEND_FAILED;
+ }
+ if(ret == SECURITY_SERVER_ERROR_TIMEOUT)
+ {
+ SEC_SVR_DBG("%s", "poll() timeout");
+ return SECURITY_SERVER_ERROR_SEND_FAILED;
+ }
+
+ /* Send it */
+ ret = write(sockfd, msg, PACKET_SIZE);
+ if(ret < PACKET_SIZE)
+ {
+ /* Error on writing */
+ SEC_SVR_DBG("Error on write(): %d", ret);
+ ret = SECURITY_SERVER_ERROR_SEND_FAILED;
+ return ret;
+ }
+ return SECURITY_SERVER_SUCCESS;
+}
+
/* Send Check password response to client
*
* Check password response packet format
return SECURITY_SERVER_SUCCESS;
}
+/* Send SMACK request message to security server *
+ *
+ * Message format
+ * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+ * |---------------------------------------------------------------|
+ * | version=0x01 |MessageID=0x1d | Message Length = 20 |
+ * |---------------------------------------------------------------|
+ * | |
+ * | |
+ * | Cookie (20bytes) |
+ * | |
+ * | |
+ * |---------------------------------------------------------------|
+ */
+int send_smack_request(int sock_fd, const char * cookie)
+{
+ basic_header hdr;
+ int retval;
+ unsigned char buf[sizeof(hdr) + SECURITY_SERVER_COOKIE_LEN];
+
+ /* Assemble header */
+ hdr.version = SECURITY_SERVER_MSG_VERSION;
+ hdr.msg_id = SECURITY_SERVER_MSG_TYPE_SMACK_REQUEST;
+ hdr.msg_len = SECURITY_SERVER_COOKIE_LEN;
+
+ memcpy(buf, &hdr, sizeof(hdr));
+ memcpy(buf + sizeof(hdr), cookie, SECURITY_SERVER_COOKIE_LEN);
+
+ /* Check poll */
+ retval = check_socket_poll(sock_fd, POLLOUT, SECURITY_SERVER_SOCKET_TIMEOUT_MILISECOND);
+ if(retval == SECURITY_SERVER_ERROR_POLL)
+ {
+ SEC_SVR_DBG("%s", "poll() error");
+ return SECURITY_SERVER_ERROR_SEND_FAILED;
+ }
+ if(retval == SECURITY_SERVER_ERROR_TIMEOUT)
+ {
+ SEC_SVR_DBG("%s", "poll() timeout");
+ return SECURITY_SERVER_ERROR_SEND_FAILED;
+ }
+
+ /* Send to server */
+ retval = write(sock_fd, buf, sizeof(buf));
+ if(retval < sizeof(buf))
+ {
+ /* Write error */
+ SEC_SVR_DBG("Error on write(): %d", retval);
+ return SECURITY_SERVER_ERROR_SEND_FAILED;
+ }
+ return SECURITY_SERVER_SUCCESS;
+}
+
/* Send PID check request message to security server *
*
* Message format
}
retval = read(sockfd, &alen, sizeof(int));
- if(retval < sizeof(int) || alen < 0 || olen > MAX_MODE_STR_LEN)
+ if(retval < sizeof(int) || alen < 0 || alen > MAX_MODE_STR_LEN)
{
SEC_SVR_DBG("error reading access_rights len: %d", retval);
return SECURITY_SERVER_ERROR_RECV_FAILED;
return SECURITY_SERVER_SUCCESS;
}
+/* receiving cookie from package */
+int recv_smack_request(int sockfd, unsigned char *requested_cookie)
+{
+ int retval;
+ retval = read(sockfd, requested_cookie, SECURITY_SERVER_COOKIE_LEN);
+ if(retval < SECURITY_SERVER_COOKIE_LEN)
+ {
+ SEC_SVR_DBG("Received cookie size is too small: %d", retval);
+ return SECURITY_SERVER_ERROR_RECV_FAILED;
+ }
+ return SECURITY_SERVER_SUCCESS;
+}
+
/* Receive pid request packet body */
int recv_launch_tool_request(int sockfd, int argc, char *argv[])
{
return SECURITY_SERVER_ERROR_RECV_FAILED;
}
+ if(argv_len <= 0 || argv_len >= INT_MAX)
+ {
+ SEC_SVR_DBG("Error: argv length out of boundaries");
+ free_argv(argv, argc);
+ return SECURITY_SERVER_ERROR_RECV_FAILED;
+ }
+
argv[i] = malloc(argv_len + 1);
if(argv[i] == NULL)
{
return SECURITY_SERVER_SUCCESS;
}
+int recv_smack_response(int sockfd, response_header *hdr, char * label)
+{
+ int retval;
+
+ retval = recv_generic_response(sockfd, hdr);
+ if(retval != SECURITY_SERVER_SUCCESS)
+ return return_code_to_error_code(hdr->return_code);
+
+ retval = read(sockfd, label, SMACK_LABEL_LEN + 1);
+ if(retval < sizeof(int))
+ {
+ /* Error on socket */
+ SEC_SVR_DBG("Client: Receive failed %d", retval);
+ return SECURITY_SERVER_ERROR_RECV_FAILED;
+ }
+ return SECURITY_SERVER_SUCCESS;
+}
+
int recv_pid_response(int sockfd, response_header *hdr, int *pid)
{
int retval;
}
/* Authenticate the application is middleware daemon
- * The middleware must run as root and the cmd line must be pre listed */
+ * The middleware must run as root (or middleware user) and the cmd line must be
+ * pre listed for authentication to succeed */
int authenticate_client_middleware(int sockfd, int *pid)
{
int retval = SECURITY_SERVER_ERROR_AUTHENTICATION_FAILED;
struct ucred cr;
unsigned int cl = sizeof(cr);
char *cmdline = NULL;
+ struct passwd pw, *ppw;
+ size_t buf_size;
+ char *buf;
+ static uid_t middleware_uid = 0;
*pid = 0;
goto error;
}
- /* All middlewares will run as root */
- if(cr.uid != 0)
+ if (!middleware_uid)
+ {
+ buf_size = sysconf(_SC_GETPW_R_SIZE_MAX);
+ if (buf_size == -1)
+ buf_size = 1024;
+
+ buf = malloc(buf_size);
+
+ /* This test isn't essential, skip it in case of error */
+ if (buf) {
+ if (getpwnam_r(SECURITY_SERVER_MIDDLEWARE_USER, &pw, buf, buf_size, &ppw) == 0 && ppw)
+ middleware_uid = pw.pw_uid;
+
+ free(buf);
+ }
+ }
+
+ /* Middleware services need to run as root or middleware/app user */
+ if(cr.uid != 0 && cr.uid != middleware_uid)
{
retval = SECURITY_SERVER_ERROR_AUTHENTICATION_FAILED;
SEC_SVR_DBG("Non root process has called API: %d", cr.uid);
return retval;
}
+/* Get app PID from socked and read its privilege (GID) list
+ * from /proc/<PDI>/status.
+ *
+ * param 1: socket descriptor
+ * param 2: pointer for hold returned array
+ *
+ * ret: size of array or -1 in case of error
+ *
+ * Notice that user must free space allocated in this function and
+ * returned by second parameter (int * privileges)
+ * */
+int get_client_gid_list(int sockfd, int ** privileges)
+{
+ int ret;
+ //for read socket options
+ struct ucred socopt;
+ unsigned int socoptSize = sizeof(socopt);
+ //privileges to be returned
+ int privilegesSize;
+ //buffer for store /proc/<PID>/status filepath
+ const int PATHSIZE = 24;
+ char path[PATHSIZE];
+ //file pointer
+ FILE * fp = NULL;
+ //buffer for filelines
+ const int LINESIZE = 128;
+ char fileLine[LINESIZE];
+ //for parsing file
+ char delim[] = ": ";
+ char * token = NULL;
+
+
+ //clear pointer
+ *privileges = NULL;
+
+ //read socket options
+ ret = getsockopt(sockfd, SOL_SOCKET, SO_PEERCRED, &socopt, &socoptSize);
+ if(ret != 0)
+ {
+ SEC_SVR_DBG("%s", "Error on getsockopt");
+ return -1;
+ }
+
+ //now we have PID in sockopt.pid
+ bzero(path, PATHSIZE);
+ snprintf(path, PATHSIZE, "/proc/%d/status", socopt.pid);
+
+ fp = fopen(path, "r");
+ if(fp == NULL)
+ {
+ SEC_SVR_DBG("%s", "Error on fopen");
+ return -1;
+ }
+
+ bzero(fileLine, LINESIZE);
+
+ //search for line beginning with "Groups:"
+ while(strncmp(fileLine, "Groups:", 7) != 0)
+ {
+ ret = fgets(fileLine, LINESIZE, fp);
+ if(ret == NULL)
+ {
+ SEC_SVR_DBG("%s", "Error on fgets");
+ fclose(fp);
+ return -1;
+ }
+ }
+
+ fclose(fp);
+
+ //now we have "Groups:" line in fileLine[]
+ ret = 0;
+ token = strtok(fileLine, delim);
+ while(token = strtok(NULL, delim))
+ {
+ //add found GID
+ if(*privileges == NULL)
+ {
+ //first GID on list
+ *privileges = (int *)malloc(sizeof(int) * 1);
+ if(*privileges == NULL)
+ {
+ SEC_SVR_DBG("%s", "Error on malloc");
+ return -1;
+ }
+ (*privileges)[0] = atoi(token);
+ }
+ else
+ {
+ *privileges = realloc(*privileges, sizeof(int) * (ret + 1));
+ (*privileges)[ret] = atoi(token);
+ }
+
+ ret++;
+ }
+
+ //check if we found any GIDs for process
+ if(*privileges == NULL)
+ {
+ SEC_SVR_DBG("%s %d", "No GIDs found for PID:", socopt.pid);
+ }
+ else
+ {
+ SEC_SVR_DBG("%s %d", "Number of GIDs found:", ret);
+ }
+
+ return ret;
+}
+
/* Authenticate the application is middleware daemon
* The middleware must run as root and the cmd line must be pre listed */
int authenticate_developer_shell(int sockfd)
+++ /dev/null
-[D-BUS Service]
-Name=org.tizen.SecurityDaemon
-Exec=/usr/bin/security-server
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/**
- * @file security_daemon_dbus_config.h
- * @author Tomasz Swierczek (t.swierczek@samsung.com)
- * @version 1.0
- * @brief This file contains security daemon DBus configuration.
- */
-#ifndef WRT_SRC_RPC_SECURITY_DAEMON_DBUS_CONFIG_H_
-#define WRT_SRC_RPC_SECURITY_DAEMON_DBUS_CONFIG_H_
-
-#include <string>
-
-namespace WrtSecurity {
-
-struct SecurityDaemonConfig {
- static const std::string OBJECT_PATH()
- {
- return "/org/tizen/SecurityDaemon";
- }
-
- static const std::string SERVICE_NAME()
- {
- return "org.tizen.SecurityDaemon";
- }
-};
-
-} // namespace WrtSecurity
-
-#endif // WRT_SRC_RPC_SECURITY_DAEMON_DBUS_CONFIG_H_
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/**
- * @file security_dbus_service.cpp
- * @author Tomasz Swierczek (t.swierczek@samsung.com)
- * @author Zbigniew Kostrzewa (z.kostrzewa@samsung.com)
- * @version 1.0
- * @brief This file contains implementation of security DBus service.
- */
-#include <dpl/log/log.h>
-#include <algorithm>
-#include <gio/gio.h>
-#include <dpl/exception.h>
-#include <dpl/dbus/interface.h>
-#include <dpl/dbus/connection.h>
-#include "security_dbus_service.h"
-#include "security_daemon_dbus_config.h"
-#include <ace_server_dbus_interface.h>
-#include <ocsp_server_dbus_interface.h>
-#include <popup_response_dbus_interface.h>
-
-
-void SecurityDBusService::start()
-{
- LogDebug("SecurityDBusService starting");
- m_connection = DPL::DBus::Connection::systemBus();
- std::for_each(m_objects.begin(),
- m_objects.end(),
- [&m_connection] (const DPL::DBus::ObjectPtr& object)
- {
- m_connection->registerObject(object);
- });
- m_connection->registerService(
- WrtSecurity::SecurityDaemonConfig::SERVICE_NAME());
-}
-
-void SecurityDBusService::stop()
-{
- LogDebug("SecurityDBusService stopping");
- m_connection.reset();
-}
-
-void SecurityDBusService::initialize()
-{
- LogDebug("SecurityDBusService initializing");
- g_type_init();
-
- addInterface(WrtSecurity::SecurityDaemonConfig::OBJECT_PATH(),
- std::make_shared<RPC::AceServerDBusInterface>());
- addInterface(WrtSecurity::SecurityDaemonConfig::OBJECT_PATH(),
- std::make_shared<RPC::OcspServerDBusInterface>());
- addInterface(WrtSecurity::SecurityDaemonConfig::OBJECT_PATH(),
- std::make_shared<RPC::PopupResponseDBusInterface>());
-}
-
-void SecurityDBusService::addInterface(const std::string& objectPath,
- const InterfaceDispatcherPtr& dispatcher)
-{
- auto ifaces =
- DPL::DBus::Interface::fromXMLString(dispatcher->getXmlSignature());
- if (ifaces.empty())
- {
- ThrowMsg(DPL::Exception, "No interface description.");
- }
-
- auto iface = ifaces.at(0);
- iface->setDispatcher(dispatcher.get());
-
- m_dispatchers.push_back(dispatcher);
- m_objects.push_back(DPL::DBus::Object::create(objectPath, iface));
-}
-
-void SecurityDBusService::deinitialize()
-{
- LogDebug("SecurityDBusService deinitializing");
- m_objects.clear();
- m_dispatchers.clear();
-}
-
-#ifdef DBUS_CONNECTION
-DAEMON_REGISTER_SERVICE_MODULE(SecurityDBusService)
-#endif //DBUS_CONNECTION
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file security_dbus_service.h
- * @author Tomasz Swierczek (t.swierczek@samsung.com)
- * @author Zbigniew Kostrzewa (z.kostrzewa@samsung.com)
- * @version 1.0
- * @brief This file contains definitions of security DBus service.
- */
-#ifndef WRT_SRC_RPC_SECURITY_DBUS_SERVICE_H_
-#define WRT_SRC_RPC_SECURITY_DBUS_SERVICE_H_
-
-#include <memory>
-#include <vector>
-#include <dpl/dbus/connection.h>
-#include <dpl/dbus/object.h>
-#include <dpl/dbus/dispatcher.h>
-#include <dpl/dbus/dbus_interface_dispatcher.h>
-#include <security_daemon.h>
-
-class SecurityDBusService : public SecurityDaemon::DaemonService {
-private:
- virtual void initialize();
- virtual void start();
- virtual void stop();
- virtual void deinitialize();
-
-private:
- typedef std::shared_ptr<DPL::DBus::InterfaceDispatcher> InterfaceDispatcherPtr;
- typedef std::shared_ptr<DPL::DBus::Dispatcher> DispatcherPtr;
-
- void addInterface(const std::string& objectPath,
- const InterfaceDispatcherPtr& dispatcher);
-
- DPL::DBus::ConnectionPtr m_connection;
- std::vector<DPL::DBus::ObjectPtr> m_objects;
- std::vector<DispatcherPtr> m_dispatchers;
-};
-
-#endif // WRT_SRC_RPC_SECURITY_DBUS_SERVICE_H_
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file security_daemon.cpp
- * @author Lukasz Wrzosek (l.wrzosek@samsung.com)
- * @version 1.0
- * @brief This is implementation file of Security Daemon
- */
-
-#include "security_daemon.h"
-
-#include <dpl/assert.h>
-#include <dpl/foreach.h>
-#include <dpl/log/log.h>
-
-#include <dpl/framework_efl.h>
-
-#include <dpl/singleton_impl.h>
-IMPLEMENT_SINGLETON(SecurityDaemon::SecurityDaemon)
-
-#include <ace-dao-rw/AceDAO.h>
-
-namespace SecurityDaemon {
-
-//This is declared not in SecurityDaemon class, so no Ecore.h is needed there.
-static Ecore_Event_Handler *g_exitHandler;
-static Eina_Bool exitHandler(void */*data*/, int /*type*/, void */*event*/)
-{
- auto& daemon = SecurityDaemonSingleton::Instance();
- daemon.terminate(0);
-
- return ECORE_CALLBACK_CANCEL;
-}
-
-SecurityDaemon::SecurityDaemon() :
- m_initialized(false),
- m_terminating(false),
- m_returnValue(0)
-{
-}
-
-void SecurityDaemon::initialize(int& /*argc*/, char** /*argv*/)
-{
- DPL::Log::LogSystemSingleton::Instance().SetTag("SECURITY_DAEMON");
- LogDebug("Initializing");
- Assert(!m_initialized && "Already Initialized");
-
- g_exitHandler = ecore_event_handler_add(ECORE_EVENT_SIGNAL_EXIT,
- &exitHandler,
- NULL);
-
- DatabaseService::initialize();
- FOREACH (service, m_servicesList) {
- (*service)->initialize();
- }
- m_initialized = true;
- LogDebug("Initialized");
-}
-
-int SecurityDaemon::execute()
-{
- Assert(m_initialized && "Not Initialized");
- LogDebug("Starting execute");
- FOREACH (service, m_servicesList) {
- (*service)->start();
- }
- ecore_main_loop_begin();
- return m_returnValue;
-}
-
-void SecurityDaemon::terminate(int returnValue)
-{
- Assert(m_initialized && "Not Initialized");
- Assert(!m_terminating && "Already terminating");
- LogDebug("Terminating");
-
- ecore_event_handler_del(g_exitHandler);
-
- m_returnValue = returnValue;
- m_terminating = true;
-
- FOREACH (service, m_servicesList) {
- (*service)->stop();
- }
-
- ecore_main_loop_quit();
-}
-
-void SecurityDaemon::shutdown()
-{
- LogDebug("Shutdown");
- Assert(m_initialized && "Not Initialized");
- Assert(m_terminating && "Not terminated");
-
- DatabaseService::deinitialize();
- FOREACH (service, m_servicesList) {
- (*service)->deinitialize();
- }
-
- m_initialized = false;
-}
-
-namespace DatabaseService {
-
-void initialize(void)
-{
- LogDebug("Ace/Wrt database services initializing...");
- AceDB::AceDAO::attachToThreadRW();
-}
-
-void deinitialize(void)
-{
- LogDebug("Ace/Wrt database services deinitializing...");
- AceDB::AceDAO::detachFromThread();
-}
-
-} //namespace DatabaseService
-
-} //namespace SecurityDaemon
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file security_daemon.h
- * @author Lukasz Wrzosek (l.wrzosek@samsung.com)
- * @version 1.0
- * @brief This is header file of Security Daemon
- */
-
-#ifndef WRT_SRC_SECURITY_DAEMON_SECURITY_DAEMON_H
-#define WRT_SRC_SECURITY_DAEMON_SECURITY_DAEMON_H
-
-#include <utility>
-#include <memory>
-#include <list>
-#include <dpl/noncopyable.h>
-#include <dpl/singleton.h>
-#include <dpl/assert.h>
-
-
-namespace SecurityDaemon {
-
-class DaemonService : DPL::Noncopyable {
- public:
- virtual void initialize() = 0;
- virtual void start() = 0;
- virtual void stop() = 0;
- virtual void deinitialize() = 0;
-};
-
-class SecurityDaemon : DPL::Noncopyable
-{
- public:
- SecurityDaemon();
-
- void initialize(int& argc, char** argv);
- int execute();
- void terminate(int returnValue = 0);
-
- template<typename ServiceType, typename ...Args>
- void registerService(Args&&... args)
- {
- Assert(!m_initialized && "Too late for registration");
-
- m_servicesList.push_back(
- std::make_shared<ServiceType>(std::forward<Args>(args)...));
- }
-
- void shutdown();
-
- private:
- bool m_initialized;
- bool m_terminating;
- int m_returnValue;
- typedef std::list<std::shared_ptr<DaemonService>> DaemonServiceList;
- DaemonServiceList m_servicesList;
-};
-
-namespace DatabaseService {
- void initialize();
- void deinitialize();
-};
-
-} //namespace SecurityDaemon
-
-typedef DPL::Singleton<SecurityDaemon::SecurityDaemon> SecurityDaemonSingleton;
-
-#define DAEMON_REGISTER_SERVICE_MODULE(Type) \
- namespace { \
- static int initializeModule(); \
- static int initializeModuleHelper = initializeModule(); \
- int initializeModule() \
- { \
- (void)initializeModuleHelper; \
- SecurityDaemonSingleton::Instance().registerService<Type>(); \
- return 0; \
- } \
- }
-
-
-#endif /* WRT_SRC_SECURITY_DAEMON_SECURITY_DAEMON_H */
+++ /dev/null
-/*
- * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file callback_api.h
- * @author Zofia Abramowska (z.abramowska@samsung.com)
- * @version 1.0
- * @brief This header provides types and exceptions required for security service callbacks
- */
-
-#ifndef CALLBACK_API_H_
-#define CALLBACK_API_H_
-
-#include <dpl/exception.h>
-
-typedef void (*socketServerCallback) (SocketConnection * connector);
-
-typedef bool (*securityCheck) (int socketfd);
-
-namespace ServiceCallbackApi{
-
- class Exception{
- public:
- DECLARE_EXCEPTION_TYPE(DPL::Exception, Base)
- DECLARE_EXCEPTION_TYPE(Base, ServiceCallbackException)
- };
-
-}
-
-#endif /* CALLBACK_API_H_ */
+++ /dev/null
-/*
- * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/**
- * @file security_daemon_socket_config.h
- * @author Zofia Abramowska (z.abramowska@samsung.com)
- * @version 1.0
- * @brief
- */
-
-#ifndef SECURITY_DAEMON_SOCKET_CONFIG_H_
-#define SECURITY_DAEMON_SOCKET_CONFIG_H_
-
-#include <string>
-#include <signal.h>
-
-namespace WrtSecurity {
-
-struct SecurityDaemonSocketConfig {
- static const std::string SERVER_ADDRESS()
- {
- return "/tmp/server";
- }
-};
-
-} // namespace WrtSecurity
-#endif /* SECURITY_DAEMON_SOCKET_CONFIG_H_ */
+++ /dev/null
-/*
- * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/**
- * @file security_socket_service.cpp
- * @author Zofia Abramowska (z.abramowska@samsung.com)
- * @version 1.0
- * @brief Implementation of socket server
- */
-#include <errno.h>
-#include <sys/types.h>
-#include <sys/socket.h>
-#include <sys/un.h>
-#include <sys/signalfd.h>
-#include <sys/select.h>
-#include <sys/stat.h>
-#include <signal.h>
-#include <fcntl.h>
-#include <cstring>
-#include <dpl/log/log.h>
-#include "ace_service_callbacks_api.h"
-#include "ocsp_service_callbacks_api.h"
-#include "popup_service_callbacks_api.h"
-#include "security_daemon_socket_config.h"
-#include "security_socket_service.h"
-
-#define TIMEOUT_SEC 0
-#define TIMEOUT_NSEC 100000000
-#define MAX_LISTEN 5
-#define SIGNAL_TO_CLOSE SIGUSR1
-
-void SecuritySocketService::throwWithErrnoMessage(const std::string& specificInfo){
- LogError(specificInfo << " : " << strerror(errno));
- ThrowMsg(DPL::Exception, specificInfo << " : " << strerror(errno));
-}
-
-void SecuritySocketService::registerServiceCallback(const std::string &interfaceName,
- const std::string &methodName,
- socketServerCallback callbackMethod,
- securityCheck securityMethod){
- if(NULL == callbackMethod){
- LogError("Null callback");
- ThrowMsg(DPL::Exception, "Null callback");
- }
- if(interfaceName.empty() || methodName.empty()){
- LogError("Interface and method name cannot be empty");
- ThrowMsg(DPL::Exception, "Empty interface or method name");
- }
-
- auto serviceCallbackPtr = std::make_shared<ServiceCallback>(ServiceCallback(callbackMethod, securityMethod));
- m_callbackMap[interfaceName][methodName] = serviceCallbackPtr;
-}
-
-void SecuritySocketService::addClientSocket(int clientSocket){
- std::lock_guard<std::mutex> guard(m_clientSocketListMutex);
- m_clientSocketList.push_back(clientSocket);
-}
-
-void SecuritySocketService::removeClientSocket(int clientSocket){
- std::lock_guard<std::mutex> guard(m_clientSocketListMutex);
- m_clientSocketList.remove(clientSocket);
-}
-
-bool SecuritySocketService::popClientSocket(int * clientSocket){
- std::lock_guard<std::mutex> guard(m_clientSocketListMutex);
- if(m_clientSocketList.empty())
- return false;
- *clientSocket = m_clientSocketList.front();
- m_clientSocketList.pop_front();
- return true;
-}
-
-void SecuritySocketService::initialize(){
-
- LogInfo("Initializing...");
- m_serverAddress = WrtSecurity::SecurityDaemonSocketConfig::SERVER_ADDRESS();
- m_signalToClose = SIGNAL_TO_CLOSE;
-
- //registering Ace callbacks
- registerServiceCallback(WrtSecurity::AceServerApi::INTERFACE_NAME(),
- WrtSecurity::AceServiceCallbacksApi::CHECK_ACCESS_METHOD_CALLBACK().first,
- WrtSecurity::AceServiceCallbacksApi::CHECK_ACCESS_METHOD_CALLBACK().second);
-
- registerServiceCallback(WrtSecurity::AceServerApi::INTERFACE_NAME(),
- WrtSecurity::AceServiceCallbacksApi::CHECK_ACCESS_INSTALL_METHOD_CALLBACK().first,
- WrtSecurity::AceServiceCallbacksApi::CHECK_ACCESS_INSTALL_METHOD_CALLBACK().second);
-
- registerServiceCallback(WrtSecurity::AceServerApi::INTERFACE_NAME(),
- WrtSecurity::AceServiceCallbacksApi::UPDATE_POLICY_METHOD_CALLBACK().first,
- WrtSecurity::AceServiceCallbacksApi::UPDATE_POLICY_METHOD_CALLBACK().second);
- LogInfo("Registered Ace callbacks");
-
- //registering Ocsp callbacks
- registerServiceCallback(WrtSecurity::OcspServerApi::INTERFACE_NAME(),
- WrtSecurity::OcspServiceCallbacksApi::CHECK_ACCESS_METHOD_CALLBACK().first,
- WrtSecurity::OcspServiceCallbacksApi::CHECK_ACCESS_METHOD_CALLBACK().second);
- LogInfo("Registered Ocsp callbacks");
-
- //registering Popup callbacks
- registerServiceCallback(WrtSecurity::PopupServerApi::INTERFACE_NAME(),
- WrtSecurity::PopupServiceCallbacksApi::VALIDATION_METHOD_CALLBACK().first,
- WrtSecurity::PopupServiceCallbacksApi::VALIDATION_METHOD_CALLBACK().second);
- LogInfo("Registered Popup callbacks");
-
- if(-1 == (m_listenFd = socket(AF_UNIX, SOCK_STREAM, 0))){
- throwWithErrnoMessage("socket()");
- }
- LogInfo("Server socket created");
-
- //socket needs to be nonblocking, because read can block after select
- int flags;
- if (-1 == (flags = fcntl(m_listenFd, F_GETFL, 0)))
- flags = 0;
- if(-1 == (fcntl(m_listenFd, F_SETFL, flags | O_NONBLOCK))){
- throwWithErrnoMessage("fcntl");
- }
-
- sockaddr_un server_address;
- bzero(&server_address, sizeof(server_address));
- server_address.sun_family = AF_UNIX;
- strcpy(server_address.sun_path, m_serverAddress.c_str());
- unlink(server_address.sun_path);
-
- mode_t socket_umask, original_umask;
- socket_umask = 0;
- original_umask = umask(socket_umask);
-
- if(-1 == bind(m_listenFd, (struct sockaddr *)&server_address, SUN_LEN(&server_address))){
- throwWithErrnoMessage("bind()");
- }
-
- umask(original_umask);
-
- LogInfo("Initialized");
-}
-
-void SecuritySocketService::start(){
-
- LogInfo("Starting...");
- if(m_serverAddress.empty()){
- LogError("Server not initialized");
- ThrowMsg(DPL::Exception, "Server not initialized");
- }
-
- sigset_t sigset;
- sigemptyset(&sigset);
- if(-1 == sigaddset(&sigset, m_signalToClose)){
- throwWithErrnoMessage("sigaddset()");
- }
- int returned_value;
- if ((returned_value = pthread_sigmask(SIG_BLOCK, &sigset, NULL)) < 0) {
- errno = returned_value;
- throwWithErrnoMessage("pthread_sigmask()");
- }
-
- pthread_t mainThread;
-
- if((returned_value = pthread_create(&mainThread, NULL, &serverThread, this)) < 0){
- errno = returned_value;
- throwWithErrnoMessage("pthread_create()");
- }
- m_mainThread = mainThread;
-
- LogInfo("Started");
-}
-
-void * SecuritySocketService::serverThread(void * data){
- pthread_detach(pthread_self());
- SecuritySocketService &t = *static_cast<SecuritySocketService *>(data);
- LogInfo("Running server main thread");
- Try {
- t.mainLoop();
- } Catch (DPL::Exception) {
- LogError("Socket server error. Exiting...");
- return (void *)1;
- }
-
- return (void *)0;
-}
-
-
-void SecuritySocketService::mainLoop(){
-
- if(listen(m_listenFd, MAX_LISTEN) == -1){
- throwWithErrnoMessage("listen()");
- }
-
- //Settings to catch closing signal in select
- int signal_fd;
- sigset_t sigset;
- if(-1 == (sigemptyset(&sigset))){
- throwWithErrnoMessage("sigemptyset()");
- }
- if(-1 == (sigaddset(&sigset, m_signalToClose))) {
- throwWithErrnoMessage("sigaddset()");
- }
- if((signal_fd = signalfd(-1, &sigset, 0)) < 0){
- throwWithErrnoMessage("signalfd()");
- }
-
- //Setting descriptors for pselect
- fd_set allset, rset;
- int maxfd;
- FD_ZERO(&allset);
- FD_SET(m_listenFd, &allset);
- FD_SET(signal_fd, &allset);
- timespec timeout;
- maxfd = (m_listenFd > signal_fd) ? (m_listenFd) : (signal_fd);
- ++maxfd;
- //this will block SIGPIPE for this thread and every thread created in it
- //reason : from here on we don't won't to receive SIGPIPE on writing to closed socket
- //instead of signal we want to receive error from write - hence blocking SIGPIPE
- sigset_t set;
- sigemptyset(&set);
- sigaddset(&set, SIGPIPE);
- pthread_sigmask(SIG_BLOCK, &set, NULL);
-
- while(1){
- timeout.tv_sec = TIMEOUT_SEC;
- timeout.tv_nsec = TIMEOUT_NSEC;
- rset = allset;
- if(-1 == pselect(maxfd, &rset, NULL, NULL, &timeout, NULL)){
- closeConnections();
- throwWithErrnoMessage("pselect()");
- }
-
- if(FD_ISSET(signal_fd, &rset)){
- LogInfo("Got signal to close");
- signalfd_siginfo siginfo;
- ssize_t res;
- res = read(signal_fd, &siginfo, sizeof(siginfo));
- if(res <= 0){
- closeConnections();
- throwWithErrnoMessage("read()");
- }
- if((size_t)res != sizeof(siginfo)){
- closeConnections();
- LogError("couldn't read whole siginfo");
- ThrowMsg(DPL::Exception, "couldn't read whole siginfo");
- }
- if((int)siginfo.ssi_signo == m_signalToClose){
- LogInfo("Server thread got signal to close");
- closeConnections();
- return;
- } else {
- LogInfo("Got not handled signal");
- }
- }
- if(FD_ISSET(m_listenFd, &rset)){
- int client_fd;
- if(-1 == (client_fd = accept(m_listenFd, NULL, NULL))){
- closeConnections();
- throwWithErrnoMessage("accept()");
- }
- LogInfo("Got incoming connection");
- Connection_Info * connection = new Connection_Info(client_fd, (void *)this);
- int res;
- pthread_t client_thread;
- if((res = pthread_create(&client_thread, NULL, &connectionThread, connection)) < 0){
- delete connection;
- errno = res;
- closeConnections();
- throwWithErrnoMessage("pthread_create()");
- }
- addClientSocket(client_fd);
- }
- }
-}
-
-void * SecuritySocketService::connectionThread(void * data){
- pthread_detach(pthread_self());
- std::auto_ptr<Connection_Info> c (static_cast<Connection_Info *>(data));
- SecuritySocketService &t = *static_cast<SecuritySocketService *>(c->data);
- LogInfo("Starting connection thread");
- Try {
- t.connectionService(c->connfd);
- } Catch (DPL::Exception){
- LogError("Connection thread error : " << _rethrown_exception.DumpToString());
- t.removeClientSocket(c->connfd);
- close(c->connfd);
- return (void*)1;
- }
- LogInfo("Client serviced");
- return (void*)0;
-}
-
-void SecuritySocketService::connectionService(int fd){
-
- SocketConnection connector = SocketConnection(fd);
- std::string interfaceName, methodName;
-
- Try {
- connector.read(&interfaceName, &methodName);
- } Catch (SocketConnection::Exception::SocketConnectionException){
- LogError("Socket Connection read error");
- ReThrowMsg(DPL::Exception, "Socket Connection read error");
- }
-
- LogDebug("Got interface : " << interfaceName);
- LogDebug("Got method : " << methodName);
-
- if( m_callbackMap.find(interfaceName) == m_callbackMap.end()){
- LogError("Unknown interface : " << interfaceName);
- ThrowMsg(DPL::Exception, "Unknown interface : " << interfaceName);
- }
-
- if(m_callbackMap[interfaceName].find(methodName) == m_callbackMap[interfaceName].end()){
- LogError("Unknown method : " << methodName);
- ThrowMsg(DPL::Exception, "Unknown method");
- }
-
- if(m_callbackMap[interfaceName][methodName]->securityCallback != NULL){
- if(!m_callbackMap[interfaceName][methodName]->securityCallback(fd)){
- LogError("Security check returned false");
- ThrowMsg(DPL::Exception, "Security check returned false");
- }
- }
-
- LogInfo("Calling service");
- Try{
- m_callbackMap[interfaceName][methodName]->serviceCallback(&connector);
- } Catch (ServiceCallbackApi::Exception::ServiceCallbackException){
- LogError("Service callback error");
- ReThrowMsg(DPL::Exception, "Service callback error");
- }
-
- LogInfo("Removing client");
- removeClientSocket(fd);
- close(fd);
-
- LogInfo("Call served");
-
-}
-
-void SecuritySocketService::stop(){
- LogInfo("Stopping");
- if(-1 == close(m_listenFd))
- if(errno != ENOTCONN)
- throwWithErrnoMessage("close()");
- int returned_value;
- if((returned_value = pthread_kill(m_mainThread, m_signalToClose)) < 0){
- errno = returned_value;
- throwWithErrnoMessage("pthread_kill()");
- }
- pthread_join(m_mainThread, NULL);
-
- LogInfo("Stopped");
-}
-
-void SecuritySocketService::closeConnections(){
-
- int clientSocket;
- LogInfo("Closing client sockets");
- while(popClientSocket(&clientSocket)){
- if(-1 == close(clientSocket)){
- LogError("close() : " << strerror(errno));
- }
- }
-
- LogInfo("Connections closed");
-}
-
-void SecuritySocketService::deinitialize(){
- m_serverAddress.clear();
-
- LogInfo("Deinitialized");
-
-}
-
-#ifdef SOCKET_CONNECTION
-DAEMON_REGISTER_SERVICE_MODULE(SecuritySocketService)
-#endif
+++ /dev/null
-/*
- * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/**
- * @file security_socket_service.h
- * @author Zofia Abramowska (z.abramowska@samsung.com)
- * @version 1.0
- * @brief Header of socket server class
- */
-
-#ifndef SECURITY_SOCKET_SERVICE_H_
-#define SECURITY_SOCKET_SERVICE_H_
-
-#include <map>
-#include <list>
-#include <memory>
-#include <mutex>
-#include <pthread.h>
-#include <security_daemon.h>
-#include <SocketConnection.h>
-#include <callback_api.h>
-
-class SecuritySocketService : public SecurityDaemon::DaemonService {
-
-private:
-
- virtual void initialize();
- virtual void start();
- virtual void stop();
- virtual void deinitialize();
-
-
-private:
-
- //Function for registering callback with given interface and method name and possibly security check callback
- void registerServiceCallback(const std::string& interfaceName,
- const std::string& methodName,
- socketServerCallback serviceCallback,
- securityCheck securityCallback = NULL);
- //Thread function for server
- static void * serverThread(void *);
- //Main function for server
- void mainLoop();
- //Thread function for connection serving
- static void * connectionThread(void *);
- //Main function for connection serving
- void connectionService(int fd);
- //closing all connections
- void closeConnections();
- //logs an error and throws an exception with message containing errno message
- void throwWithErrnoMessage(const std::string &specificInfo);
-
- //concurrency safe methods for client socket list - add, remove and pop (with returned value)
- void addClientSocket(int clientThread);
- void removeClientSocket(int clientThread);
- bool popClientSocket(int* clientThread);
-
- //Address of socket server
- std::string m_serverAddress;
- //Signal used for informing threads to stop
- int m_signalToClose;
- //Socket for listening
- int m_listenFd;
- //Number of main thread
- pthread_t m_mainThread;
- //Numbers of all created threads for connections
- std::list<int> m_clientSocketList;
-
- //Thread list mutex
- std::mutex m_clientSocketListMutex;
-
- //Structure for callback maps
- class ServiceCallback
- {
- public:
- ServiceCallback(socketServerCallback ser, securityCheck sec) : serviceCallback(ser), securityCallback(sec){}
- socketServerCallback serviceCallback;
- securityCheck securityCallback;
- };
-
- typedef std::shared_ptr<ServiceCallback> ServiceCallbackPtr;
- //Map for callback methods, key is a method name and value is a callback to method
- typedef std::map<std::string, ServiceCallbackPtr> ServiceMethodCallbackMap;
- //Map for interface methods, key is an interface name and value is a map of available methods with callbacks
- std::map<std::string, ServiceMethodCallbackMap> m_callbackMap;
-
- //Structure passed to connection thread
- struct Connection_Info{
- Connection_Info(int fd, void * data) : connfd(fd), data(data)
- {}
- int connfd;
- void * data;
- };
-
-};
-
-#endif /* SECURITY_SOCKET_SERVICE_H_ */
unsigned char return_code;
} response_header;
+#define SECURITY_SERVER_MIDDLEWARE_USER "app"
+
/* Message Types */
#define SECURITY_SERVER_MSG_TYPE_COOKIE_REQUEST 0x01
#define SECURITY_SERVER_MSG_TYPE_COOKIE_RESPONSE 0x02
#define SECURITY_SERVER_MSG_TYPE_SET_PWD_MAX_CHALLENGE_RESPONSE 0x1a
#define SECURITY_SERVER_MSG_TYPE_SET_PWD_VALIDITY_REQUEST 0x1b
#define SECURITY_SERVER_MSG_TYPE_SET_PWD_VALIDITY_RESPONSE 0x1c
+#define SECURITY_SERVER_MSG_TYPE_SMACK_REQUEST 0x1d
+#define SECURITY_SERVER_MSG_TYPE_SMACK_RESPONSE 0x1e
#define SECURITY_SERVER_MSG_TYPE_GENERIC_RESPONSE 0xff
/* Return code */
int accept_client(int server_sockfd);
int authenticate_client_application(int sockfd, int *pid, int *uid);
int authenticate_client_middleware(int sockfd, int *pid);
+int get_client_gid_list(int sockfd, int ** privileges);
int authenticate_developer_shell(int sockfd);
char *read_cmdline_from_proc(pid_t pid);
int send_generic_response (int sockfd, unsigned char msgid, unsigned char return_code);
int recv_pid_response(int sockfd, response_header *hdr, int *pid);
int recv_pid_request(int sockfd, unsigned char *requested_cookie);
int send_pid(int sockfd, int pid);
+int send_smack_request(int sockfd, const char * cookie);
+int recv_smack_response(int sockfd, response_header *hdr, char * label);
+int recv_smack_request(int sockfd, unsigned char *requested_cookie);
+int send_smack(int sockfd, char * label);
int send_launch_tool_request(int sock_fd, int argc, const char **argv);
int recv_generic_response(int sockfd, response_header *hdr);
int recv_launch_tool_request(int sockfd, int argc, char *argv[]);
pid_t pid; /* Client process's PID */
char *path; /* Client process's cmd line string */
int *permissions; /* Array of GID that the client process has */
- char *smack_label; /* SMACK label of the client process */
+ char *smack_label; /* SMACK label of the client process */
+ char is_roots_process; /* Is cookie belongs to roots process */
struct _cookie_list *prev; /* Next cookie list */
struct _cookie_list *next; /* Previous cookie list */
} cookie_list;
int free_cookie_item(cookie_list *cookie);
cookie_list *delete_cookie_item(cookie_list *cookie);
cookie_list *search_existing_cookie(int pid, const cookie_list *c_list);
-cookie_list *search_cookie(const cookie_list *c_list, const unsigned char *cookie, int privilege);
+cookie_list *search_cookie(const cookie_list *c_list, const unsigned char *cookie, int * privileges, int privilegesSize);
cookie_list *search_cookie_new(const cookie_list *c_list,
const unsigned char *cookie,
const char *object,
int process_chk_pwd_request(int sockfd);
int process_set_pwd_max_challenge_request(int sockfd);
int process_set_pwd_validity_request(int sockfd);
-int init_try(void);
+void initiate_try(void);
#endif
*/
int security_server_launch_debug_tool(int argc, const char **argv);
+/*
+ * This function allows to get process SMACK label by passing cookie assigned
+ * to process. Function returns pointer to allocated buffer with label.
+ * User has to free the buffer after using.
+ *
+ * \param[in] Pointer to cookie
+ *
+ * \return Pointer to SMACK label or NULL
+ *
+ * \par For free label use free(), label allocated by calloc()
+ * User responsibility is to free resource.
+ */
+char * security_server_get_smacklabel_cookie(const char *cookie);
+
+/*
+ * This function allows to get process SMACK label by passing socket descriptor.
+ * Function returns pointer to allocated buffer with label.
+ * User has to free the buffer after using.
+ *
+ * \param[in] Socket descriptor
+ *
+ * \return Pointer to SMACK label or NULL
+ *
+ * \par For free label use free(), label allocated by calloc().
+ * User responsibility is to free resource.
+ */
+char * security_server_get_smacklabel_sockfd(int fd);
+
#ifdef __cplusplus
}
#endif
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file main.cpp
- * @author Lukasz Wrzosek (l.wrzosek@samsung.com)
- * @version 1.0
- * @brief This is main routing for Security Daemon
- */
-
-#include <dpl/log/log.h>
-#include <dpl/single_instance.h>
-
-#include "security_daemon.h"
-
-#include <pthread.h>
-
-static const std::string DAEMON_INSTANCE_UUID =
- "5ebf3f24-dad6-4a27-88b4-df7970efe7a9";
-
-extern "C" void *security_server_main_thread(void *data);
-
-int main(int argc, char* argv[])
-{
-
- pthread_t main_thread;
-
- if (0 != pthread_create(&main_thread, NULL, security_server_main_thread, NULL)) {
- LogError("Cannot create security server thread");
- return -1;
- }
-
- DPL::SingleInstance instance;
- try {
- if (!instance.TryLock(DAEMON_INSTANCE_UUID)) {
- LogError("Security Daemon is already running");
- return -1;
- }
- } catch (const DPL::SingleInstance::Exception::LockError &e) {
- LogError(e.DumpToString());
- return -1;
- }
-
- auto& daemon = SecurityDaemonSingleton::Instance();
-
- daemon.initialize(argc, argv);
-
- //Run daemon
- auto retVal = daemon.execute();
-
- daemon.shutdown();
- try {
- instance.Release();
- } catch (const DPL::SingleInstance::Exception::LockError &e) {
- LogError(e.DumpToString());
- }
-
- return retVal;
-}
/usr/bin/telephony-server
/usr/bin/ss-server
-/usr/bin/dnet
/usr/bin/msg-server
/usr/bin/alarm-server
-/usr/bin/dnet
-/usr/bin/audio-session-mgr-server
/usr/bin/lbs_server
/usr/bin/power_manager
/usr/bin/system_server
-/opt/home/root/security_server_tc_server
/usr/bin/sec-svr-util
-
+/usr/bin/mdm-server
+/usr/bin/smartcard-daemon
+/usr/bin/sound_server
+/usr/bin/nfc-manager-daemon
# start secure-storage server
/usr/bin/security-server &
+set_pmon -p security-server
+++ /dev/null
-SET(PREFIX ${CMAKE_INSTALL_PREFIX})
-SET(EXEC_PREFIX "\${prefix}")
-SET(LIBDIR "\${prefix}/lib")
-SET(INCLUDEDIR "\${prefix}/include")
-SET(VERSION_MAJOR 1)
-SET(VERSION ${VERSION_MAJOR}.0.1)
-
-#Verbose
-#SET(CMAKE_VERBOSE_MAKEFILE ON)
-
-INCLUDE_DIRECTORIES(${CMAKE_SOURCE_DIR}/include)
-
-INCLUDE(FindPkgConfig)
-pkg_check_modules(pkgs REQUIRED dlog openssl libsmack)
-
-FOREACH(flag ${pkgs_CFLAGS})
- SET(EXTRA_CFLAGS "${EXTRA_CFLAGS} ${flag}")
-ENDFOREACH(flag)
-
-SET(sec_svr_dir "./")
-SET(sec_svr_include_dir "./include")
-SET(sec_svr_src_dir "./src")
-SET(sec_svr_test_dir "./testcases")
-
-## Additional flag
-#SET(debug_type "-DSECURITY_SERVER_DEBUG_TO_CONSOLE")
-SET(debug_type "-DSECURITY_SERVER_DEBUG_DLOG")
-#SET(debug_type "")
-
-SET(EXTRA_CFLAGS "${EXTRA_CFLAGS} -fvisibility=hidden")
-SET(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} ${EXTRA_CFLAGS}")
-
-###################################################################################################
-## for libsecurity-server-client.so (library)
-SET(libsecurity-server-client_SOURCES ${sec_svr_src_dir}/client/security-server-client.c ${sec_svr_src_dir}/communication/security-server-comm.c)
-SET(libsecurity-server-client_LDFLAGS " -module -avoid-version")
-SET(libsecurity-server-client_CFLAGS " ${CFLAGS} -fPIC -I${sec_svr_include_dir} ${debug_type} -D_GNU_SOURCE ")
-#SET(libsecurity-server-client_LIBADD "")
-
-ADD_LIBRARY(security-server-client SHARED ${libsecurity-server-client_SOURCES})
-TARGET_LINK_LIBRARIES(security-server-client ${pkgs_LDFLAGS})
-SET_TARGET_PROPERTIES(security-server-client PROPERTIES SOVERSION ${VERSION_MAJOR})
-SET_TARGET_PROPERTIES(security-server-client PROPERTIES VERSION ${VERSION})
-SET_TARGET_PROPERTIES(security-server-client PROPERTIES COMPILE_FLAGS "${libsecurity-server-client_CFLAGS}")
-###################################################################################################
-
-###################################################################################################
-## for security-server (binary)
-SET(security-server_SOURCES ${sec_svr_src_dir}/server/security-server-main.c ${sec_svr_src_dir}/communication/security-server-comm.c ${sec_svr_src_dir}/server/security-server-cookie.c ${sec_svr_src_dir}/server/security-server-password.c ${sec_svr_src_dir}/util/security-server-util-common.c )
-SET(security-server_CFLAGS " -I/usr/include -I. -I${sec_svr_include_dir} ${debug_type} -D_GNU_SOURCE ")
-SET(security-server_LDFLAGS ${pkgs_LDFLAGS} -lpthread)
-
-ADD_EXECUTABLE(security-server ${security-server_SOURCES})
-TARGET_LINK_LIBRARIES(security-server ${pkgs_LDFLAGS})
-SET_TARGET_PROPERTIES(security-server PROPERTIES COMPILE_FLAGS "${security-server_CFLAGS}")
-####################################################################################################
-
-##FOR TEST METHOD ONLY. MUST BE DELETED ON RELEASE ############################################################
-## for security-server util (binary)
-SET(sec-svr-util_SOURCES ${sec_svr_src_dir}/util/security-server-util.c ${sec_svr_src_dir}/communication/security-server-comm.c ${sec_svr_src_dir}/util/security-server-util-common.c ${sec_svr_src_dir}/server/security-server-cookie.c)
-SET(sec-svr-util_CFLAGS " -I/usr/include -I. -I${sec_svr_include_dir} ${debug_type} -D_GNU_SOURCE ")
-SET(sec-svr-util_LDFLAGS ${pkgs_LDFLAGS})
-
-ADD_EXECUTABLE(sec-svr-util ${sec-svr-util_SOURCES})
-TARGET_LINK_LIBRARIES(sec-svr-util ${pkgs_LDFLAGS})
-SET_TARGET_PROPERTIES(sec-svr-util PROPERTIES COMPILE_FLAGS "${sec-svr-util_CFLAGS}")
-####################################################################################################
-
-CONFIGURE_FILE(security-server.pc.in security-server.pc @ONLY)
-
-INSTALL(TARGETS security-server-client DESTINATION lib)
-
-INSTALL(PROGRAMS ${CMAKE_BINARY_DIR}/security-server DESTINATION bin)
-INSTALL(PROGRAMS ${CMAKE_BINARY_DIR}/sec-svr-util DESTINATION bin)
-INSTALL(FILES ${CMAKE_CURRENT_BINARY_DIR}/security-server.pc DESTINATION lib/pkgconfig)
-INSTALL(FILES ${CMAKE_CURRENT_SOURCE_DIR}/include/security-server.h DESTINATION include/security-server)
-INSTALL(FILES ${CMAKE_CURRENT_SOURCE_DIR}/mw-list DESTINATION share/security-server)
-INSTALL(PROGRAMS ${CMAKE_CURRENT_SOURCE_DIR}/security-serverd DESTINATION /etc/rc.d/init.d)
/* Search existing cookie from the cookie list for matching cookie and privilege */
/* If privilege is 0, just search cookie exists or not */
-cookie_list *search_cookie(const cookie_list *c_list, const unsigned char *cookie, int privilege)
+cookie_list *search_cookie(const cookie_list *c_list, const unsigned char *cookie, int * privileges, int privilegesSize)
{
cookie_list *current = (cookie_list *)c_list, *retval = NULL;
- int i;
+ int i, j;
/* Search from the list */
while(current != NULL)
if(current == NULL)
break;
+ //searching for cookie
if(memcmp(current->cookie, cookie, SECURITY_SERVER_COOKIE_LEN) == 0)
{
- SEC_SVR_DBG("%s", "cookie has been found");
-
- /* default cookie is for root process which is pid is set to 0 */
- if(current->pid == 0 || privilege == 0)
- {
- retval = current;
- goto finish;
- }
- else
- {
- for(i=0 ; i < current->permission_len ; i++)
- {
- if(privilege == current->permissions[i])
- {
- SEC_SVR_DBG("Found privilege %d", privilege);
- retval = current;
- goto finish;
- }
- }
- }
+ SEC_SVR_DBG("%s", "Cookie has been found");
+
+ //check if this cookie belongs to root process (root process created it)
+ if(current->is_roots_process == 1)
+ {
+ SEC_SVR_DBG("%s", "Root process cookie, special privileges");
+ //we can skip privilege checking
+ retval = current;
+ goto finish;
+ }
+
+ if((privileges == NULL) || (privilegesSize == 0))
+ {
+ SEC_SVR_DBG("%s", "No privileges to search in cookie!");
+ }
+ else if(current->permissions == NULL)
+ {
+ SEC_SVR_DBG("%s", "Cookie has no privileges inside!");
+ }
+ else
+ {
+ SEC_SVR_DBG("%s", "Searching for privileges");
+ SEC_SVR_DBG("%s %d", "Privileges in cookie:", current->permission_len);
+ SEC_SVR_DBG("%s %d", "Privileges to search:", privilegesSize);
+
+ for(j = 0; j < privilegesSize; j++)
+ {
+ for(i = 0; i < current->permission_len; i++)
+ {
+ if(privileges[j] == current->permissions[i])
+ {
+ SEC_SVR_DBG("Found privilege %d", privileges[j]);
+ retval = current;
+ goto finish;
+ }
+ }
+ }
+ }
}
current = current->next;
}
ret = SECURITY_SERVER_ERROR_FILE_OPERATION;
goto error;
}
- close(fd);
ret = SECURITY_SERVER_SUCCESS;
error:
if(fd >= 0)
#include <signal.h>
#include <pthread.h>
#include <limits.h>
+#include <fcntl.h>
+#include <sys/smack.h>
#include "security-server-cookie.h"
#include "security-server-common.h"
goto error;
}
/* If client application is root process, just respond default cookie */
+ /*
if( client_uid == 0)
{
SEC_SVR_DBG("%s", "Requested application is a root process");
}
else
{
+ */
+ //TODO: Remove above code if there will be no crashes without it
+ //All process should be treaded the same
/* Create a new cookie. or find existing one */
pthread_mutex_lock(&cookie_mutex);
created_cookie = create_cookie_item(client_pid, sockfd, c_list);
SEC_SVR_DBG("%s","Cannot create a cookie");
goto error;
}
- }
+
+ //let others know if this cookie belongs to root process
+ if(client_uid == 0)
+ created_cookie->is_roots_process = 1;
+ else
+ created_cookie->is_roots_process = 0;
+
+ //}
/* send cookie as response */
retval = send_cookie(sockfd, created_cookie->cookie);
if(retval != SECURITY_SERVER_SUCCESS)
{
/* Authenticate client */
int retval, client_pid, requested_privilege;
+ int privileges[1];
unsigned char requested_cookie[SECURITY_SERVER_COOKIE_LEN];
cookie_list *search_result = NULL;
/* Search cookie list */
pthread_mutex_lock(&cookie_mutex);
- search_result = search_cookie(c_list, requested_cookie, requested_privilege);
+ privileges[0] = requested_privilege;
+ search_result = search_cookie(c_list, requested_cookie, privileges, 1);
pthread_mutex_unlock(&cookie_mutex);
if(search_result != NULL)
{
{
int retval, client_pid;
unsigned char requested_cookie[SECURITY_SERVER_COOKIE_LEN];
+ int * privileges;
cookie_list *search_result = NULL;
/* Authenticate client */
/* Search cookie list */
pthread_mutex_lock(&cookie_mutex);
- search_result = search_cookie(c_list, requested_cookie, 0);
+
+ retval = get_client_gid_list(sockfd, &privileges);
+ if(retval < 0)
+ {
+ SEC_SVR_DBG("ERROR: Cannot get GID list");
+ goto error;
+ }
+
+ search_result = search_cookie(c_list, requested_cookie, privileges, retval);
+ free(privileges);
+
pthread_mutex_unlock(&cookie_mutex);
if(search_result != NULL)
{
return retval;
}
+int process_smack_request(int sockfd)
+{
+ int retval, client_pid;
+ int privileges[1];
+ unsigned char requested_cookie[SECURITY_SERVER_COOKIE_LEN];
+ cookie_list *search_result = NULL;
+ //handler for SMACK label
+ char * label = NULL;
+ //buffer for storing file path
+ const int BUFFSIZE = 30;
+ char path[BUFFSIZE];
+ int fd;
+
+ /* Authenticate client */
+ retval = authenticate_client_middleware(sockfd, &client_pid);
+ if(retval != SECURITY_SERVER_SUCCESS)
+ {
+ SEC_SVR_DBG("%s", "Client Authentication Failed");
+ retval = send_generic_response(sockfd,
+ SECURITY_SERVER_MSG_TYPE_SMACK_RESPONSE,
+ SECURITY_SERVER_RETURN_CODE_AUTHENTICATION_FAILED);
+ if(retval != SECURITY_SERVER_SUCCESS)
+ {
+ SEC_SVR_DBG("ERROR: Cannot send generic response: %d", retval);
+ }
+ goto error;
+ }
+
+ retval = recv_smack_request(sockfd, requested_cookie);
+ if(retval == SECURITY_SERVER_ERROR_RECV_FAILED)
+ {
+ SEC_SVR_DBG("%s", "Receiving request failed");
+ retval = send_generic_response(sockfd,
+ SECURITY_SERVER_MSG_TYPE_SMACK_RESPONSE,
+ SECURITY_SERVER_RETURN_CODE_BAD_REQUEST);
+ if(retval != SECURITY_SERVER_SUCCESS)
+ {
+ SEC_SVR_DBG("ERROR: Cannot send generic response: %d", retval);
+ }
+ goto error;
+ }
+
+ /* Search cookie list */
+ pthread_mutex_lock(&cookie_mutex);
+
+ retval = get_client_gid_list(sockfd, &privileges);
+ if(retval < 0)
+ {
+ SEC_SVR_DBG("ERROR: Cannot get GID list");
+ goto error;
+ }
+
+ search_result = search_cookie(c_list, requested_cookie, privileges, retval);
+ free(privileges);
+
+ pthread_mutex_unlock(&cookie_mutex);
+ if(search_result != NULL)
+ {
+ /* We found */
+ SEC_SVR_DBG("We found the cookie and pid:%d", search_result->pid);
+ SEC_SVR_DBG("%s", "Cookie comparison succeeded. Access granted.");
+
+ //clearing buffer
+ memset(path, 0x00, BUFFSIZE);
+
+ //preparing file path
+ snprintf(path, BUFFSIZE, "/proc/%d/attr/current", search_result->pid);
+ SEC_SVR_DBG("Path to file: %s\n", path);
+
+ //allocation place for label
+ label = calloc(SMACK_LABEL_LEN, 1);
+ if(NULL == label)
+ {
+ SEC_SVR_DBG("Client ERROR: Memory allocation error");
+ goto error;
+ }
+
+ //clearing buffer for label
+ memset(label, 0x00, SMACK_LABEL_LEN);
+
+ //opening file /proc/<pid>/attr/curent with SMACK label
+ fd = open(path, O_RDONLY);
+ if(fd < 0)
+ {
+ SEC_SVR_DBG("Client ERROR: Unable to open file in /proc");
+ goto error;
+ }
+
+ //reading label from file, it is NOT NULL TERMINATED
+ retval = read(fd, label, SMACK_LABEL_LEN);
+ close(fd);
+ if(retval < 0)
+ {
+ SEC_SVR_DBG("Client ERROR: Unable to read from file");
+ goto error;
+ }
+
+ SEC_SVR_DBG("Readed label is: %s\n", label);
+
+ retval = send_smack(sockfd, label);
+
+ if(retval != SECURITY_SERVER_SUCCESS)
+ {
+ SEC_SVR_DBG("ERROR: Cannot send generic response: %d", retval);
+ }
+ }
+ else
+ {
+ /* It's not exist */
+ SEC_SVR_DBG("%s", "Could not find the cookie");
+ retval = send_generic_response(sockfd,
+ SECURITY_SERVER_MSG_TYPE_SMACK_RESPONSE,
+ SECURITY_SERVER_RETURN_CODE_NO_SUCH_COOKIE);
+ if(retval != SECURITY_SERVER_SUCCESS)
+ {
+ SEC_SVR_DBG("ERROR: Cannot send SMACK label response: %d", retval);
+ }
+ }
+error:
+ if(NULL != label)
+ free(label);
+
+ return retval;
+}
+
int process_tool_request(int client_sockfd, int server_sockfd)
{
int retval, argcnum;
memset(recved_argv, 0, sizeof(char *) * argcnum);
retval = recv_launch_tool_request(client_sockfd, argcnum -1, recved_argv);
- if(retval == SECURITY_SERVER_ERROR_RECV_FAILED)
+ if(retval == SECURITY_SERVER_ERROR_RECV_FAILED || retval == SECURITY_SERVER_ERROR_OUT_OF_MEMORY)
{
SEC_SVR_DBG("%s", "Receiving request failed");
recved_argv = NULL;
process_pid_request(client_sockfd);
break;
+ case SECURITY_SERVER_MSG_TYPE_SMACK_REQUEST:
+ SEC_SVR_DBG("%s", "SMACK label request received");
+ process_smack_request(client_sockfd);
+ break;
+
case SECURITY_SERVER_MSG_TYPE_TOOL_REQUEST:
SEC_SVR_DBG("%s", "launch tool request received");
process_tool_request(client_sockfd, server_sockfd);
for(retval = 0 ; retval < SECURITY_SERVER_NUM_THREADS; retval++)
thread_status[retval] = 0;
-
initiate_try();
/* Create and bind a Unix domain socket */
pthread_exit(NULL);
}
-/*
int main(int argc, char* argv[])
{
int res;
pthread_exit(NULL);
return 0;
}
-*/
+
struct timeval prev_try;
-int initiate_try()
+void initiate_try()
{
gettimeofday(&prev_try, NULL);
}
goto error;
}
retval = read(sockfd, &new_pwd_len, sizeof(char));
- if(retval < sizeof(char) || new_pwd_len > SECURITY_SERVER_MAX_PASSWORD_LEN)
+ if(retval < sizeof(char) || new_pwd_len > SECURITY_SERVER_MAX_PASSWORD_LEN || new_pwd_len < 0)
{
SEC_SVR_DBG("Server Error: new password length recieve failed: %d, %d", retval, new_pwd_len);
retval = send_generic_response(sockfd,
/* Receive size of pwd */
retval = read(sockfd, &new_pwd_len, sizeof(char));
- if(retval < sizeof(char) || new_pwd_len > SECURITY_SERVER_MAX_PASSWORD_LEN)
+ if(retval < sizeof(char) || new_pwd_len < 0 || new_pwd_len > SECURITY_SERVER_MAX_PASSWORD_LEN)
{
SEC_SVR_DBG("Server Error: new password length recieve failed: %d, %d", retval, new_pwd_len);
retval = send_generic_response(sockfd,
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file ace_server_api.h
- * @author Zofia Abramowska (z.abramowska@samsung.com)
- * @version 1.0
- * @brief This file contains definitions of ACE server interface name & methods.
- */
-
-#ifndef WRT_SRC_RPC_SECURITY_DAEMON_ACE_SERVER_API_H_
-#define WRT_SRC_RPC_SECURITY_DAEMON_ACE_SERVER_API_H_
-
-#include<string>
-
-
-namespace WrtSecurity{
-namespace AceServerApi{
-
- // DBus interface names
- inline const std::string INTERFACE_NAME()
- {
- return "org.tizen.AceCheckAccessInterface";
- }
-
- // IN string subject
- // IN string resource
- // IN vector<string> function param names
- // IN vector<string> function param values
- // OUT int allow, deny, popup type
- inline const std::string CHECK_ACCESS_METHOD()
- {
- return "check_access";
- }
-
- // IN string subject
- // IN string resource
- // OUT int allow, deny, popup type
- inline const std::string CHECK_ACCESS_INSTALL_METHOD()
- {
- return "check_access_install";
- }
-
- // Policy update trigger
- inline const std::string UPDATE_POLICY_METHOD()
- {
- return "update_policy";
- }
-};
-};
-
-
-#endif // WRT_SRC_RPC_SECURITY_DAEMON_ACE_SERVER_API_H_
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file ace_service.cpp
- * @author Lukasz Wrzosek (l.wrzosek@samsung.com)
- * @version 1.0
- * @brief This is implementation file of AceService service
- */
-
-#include <dpl/log/log.h>
-#include <security_controller.h>
-
-#include "security_daemon.h"
-
-namespace AceService
-{
-
-class AceService : public SecurityDaemon::DaemonService
-{
- private:
- virtual void initialize()
- {
- LogDebug("AceService initializing");
-
- SecurityControllerSingleton::Instance().Touch();
- SecurityControllerSingleton::Instance().SwitchToThread(NULL);
-
- CONTROLLER_POST_SYNC_EVENT(
- SecurityController,
- SecurityControllerEvents::InitializeSyncEvent());
- }
-
- virtual void start()
- {
- LogDebug("Starting AceService");
- }
-
- virtual void stop()
- {
- LogDebug("Stopping AceService");
- }
-
- virtual void deinitialize()
- {
- LogDebug("AceService deinitializing");
- SecurityControllerSingleton::Instance().SwitchToThread(NULL);
- //this is direct call inside
- CONTROLLER_POST_SYNC_EVENT(
- SecurityController,
- SecurityControllerEvents::TerminateSyncEvent());
- }
-
-};
-
-DAEMON_REGISTER_SERVICE_MODULE(AceService)
-
-}//namespace AceService
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file ace_service_dbus_interface.cpp
- * @author Tomasz Swierczek (t.swierczek@samsung.com)
- * @version 1.0
- * @brief Implementation of ACE server API.
- */
-#include <dpl/foreach.h>
-#include <vector>
-#include <string>
-#include "ace_server_dbus_interface.h"
-#include <dpl/dbus/dbus_server_deserialization.h>
-#include <dpl/dbus/dbus_server_serialization.h>
-
-#include <ace/Request.h>
-#include <ace/PolicyResult.h>
-#include <security_controller.h>
-#include <attribute_facade.h>
-
-
-namespace RPC {
-
-void AceServerDBusInterface::onMethodCall(const gchar* methodName,
- GVariant* parameters,
- GDBusMethodInvocation* invocation)
-{
- using namespace WrtSecurity;
-
- if (0 == g_strcmp0(methodName, AceServerApi::ECHO_METHOD().c_str()))
- {
- std::string str;
- DPL::DBus::ServerDeserialization::deserialize(parameters, &str);
- g_dbus_method_invocation_return_value(invocation,
- DPL::DBus::ServerSerialization::serialize(str));
- } else if (0 == g_strcmp0(methodName,
- AceServerApi::CHECK_ACCESS_METHOD().c_str()))
- {
- int widgetHandle;
- std::string subject, resource, sessionId;
- std::vector<std::string> paramNames, paramValues;
- if (!DPL::DBus::ServerDeserialization::deserialize(parameters,
- &widgetHandle,
- &subject,
- &resource,
- ¶mNames,
- ¶mValues,
- &sessionId)) {
- g_dbus_method_invocation_return_dbus_error(
- invocation,
- "org.tizen.AceCheckAccessInterface.UnknownError",
- "Error in deserializing input parameters");
- return;
- }
- if (paramNames.size() != paramValues.size()) {
- g_dbus_method_invocation_return_dbus_error(
- invocation,
- "org.tizen.AceCheckAccessInterface.UnknownError",
- "Varying sizes of parameter names and parameter values");
- return;
- }
- LogDebug("We got subject: " << subject);
- LogDebug("We got resource: " << resource);
-
- FunctionParamImpl params;
- for (size_t i = 0; i < paramNames.size(); ++i) {
- params.addAttribute(paramNames[i], paramValues[i]);
- }
-
- Request request(widgetHandle,
- WidgetExecutionPhase_Invoke,
- ¶ms);
- request.addDeviceCapability(resource);
-
- PolicyResult result(PolicyEffect::DENY);
- CONTROLLER_POST_SYNC_EVENT(
- SecurityController,
- SecurityControllerEvents::CheckRuntimeCallSyncEvent(
- &result,
- &request,
- sessionId));
-
- int response = PolicyResult::serialize(result);
- g_dbus_method_invocation_return_value(invocation,
- DPL::DBus::ServerSerialization::serialize(response));
- } else if (0 == g_strcmp0(methodName,
- AceServerApi::CHECK_ACCESS_INSTALL_METHOD().c_str()))
- {
- int widgetHandle;
- std::string resource;
- if (!DPL::DBus::ServerDeserialization::deserialize(parameters,
- &widgetHandle,
- &resource)) {
- g_dbus_method_invocation_return_dbus_error(
- invocation,
- "org.tizen.AceCheckAccessInterface.UnknownError",
- "Error in deserializing input parameters");
- return;
- }
- LogDebug("We got handle: " << widgetHandle);
- LogDebug("We got resource: " << resource);
-
- Request request(widgetHandle,
- WidgetExecutionPhase_WidgetInstall);
- request.addDeviceCapability(resource);
-
- PolicyResult result(PolicyEffect::DENY);
- CONTROLLER_POST_SYNC_EVENT(
- SecurityController,
- SecurityControllerEvents::CheckFunctionCallSyncEvent(
- &result,
- &request));
-
- int response = PolicyResult::serialize(result);
- g_dbus_method_invocation_return_value(invocation,
- DPL::DBus::ServerSerialization::serialize(response));
- } else if (0 == g_strcmp0(methodName,
- AceServerApi::UPDATE_POLICY_METHOD().c_str()))
- {
- LogDebug("Policy update DBus message received");
- CONTROLLER_POST_SYNC_EVENT(
- SecurityController,
- SecurityControllerEvents::UpdatePolicySyncEvent());
- g_dbus_method_invocation_return_value(invocation, NULL);
- } else {
- // invalid method name
- g_dbus_method_invocation_return_value(invocation, NULL);
- }
-}
-
-} // namespace RPC
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file ace_service_dbus_interface.h
- * @author Tomasz Swierczek (t.swierczek@samsung.com)
- * @version 1.0
- * @brief Class that handles ACE server API.
- */
-#ifndef WRT_SRC_RPC_SECURITY_DAEMON_ACE_SERVER_DBUS_INTERFACE_H_
-#define WRT_SRC_RPC_SECURITY_DAEMON_ACE_SERVER_DBUS_INTERFACE_H_
-
-#include <dpl/dbus/dbus_interface_dispatcher.h>
-#include "api/ace_server_dbus_api.h"
-
-namespace RPC {
-
-class AceServerDBusInterface : public DPL::DBus::InterfaceDispatcher {
- public:
- AceServerDBusInterface():
- DPL::DBus::InterfaceDispatcher(WrtSecurity::AceServerApi::INTERFACE_NAME())
- {
- using namespace WrtSecurity;
-
- setXmlSignature("<node>"
- " <interface name='" + AceServerApi::INTERFACE_NAME() + "'>"
- " <method name='" + AceServerApi::ECHO_METHOD() + "'>"
- " <arg type='s' name='input' direction='in'/>"
- " <arg type='s' name='output' direction='out'/>"
- " </method>"
- " <method name='" + AceServerApi::CHECK_ACCESS_METHOD() + "'>"
- " <arg type='i' name='handle' direction='in'/>"
- " <arg type='s' name='subject' direction='in'/>"
- " <arg type='s' name='resource' direction='in'/>"
- " <arg type='as' name='parameter names' direction='in'/>"
- " <arg type='as' name='parameter values' direction='in'/>"
- " <arg type='s' name='session' direction='in'/>"
- " <arg type='i' name='output' direction='out'/>"
- " </method>"
- " <method name='" + AceServerApi::CHECK_ACCESS_INSTALL_METHOD() + "'>"
- " <arg type='i' name='handle' direction='in'/>"
- " <arg type='s' name='resource' direction='in'/>"
- " <arg type='i' name='output' direction='out'/>"
- " </method>"
- " <method name='" + AceServerApi::UPDATE_POLICY_METHOD() + "'>"
- " </method>"
- " </interface>"
- "</node>");
- }
-
- virtual ~AceServerDBusInterface()
- {}
-
- virtual void onMethodCall(const gchar* methodName,
- GVariant* parameters,
- GDBusMethodInvocation* invocation);
-};
-
-} // namespace RPC
-
-#endif // WRT_SRC_RPC_SECURITY_DAEMON_ACE_SERVER_DBUS_INTERFACE_H_
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file ace_server_api.h
- * @author Tomasz Swierczek (t.swierczek@samsung.com)
- * @version 1.0
- * @brief This file contains definitions ACE server interface & methods specifically needed by DBUS.
- */
-#ifndef WRT_SRC_RPC_SECURITY_DAEMON_ACE_SERVER_DBUS_API_H_
-#define WRT_SRC_RPC_SECURITY_DAEMON_ACE_SERVER_DBUS_API_H_
-
-#include "ace_server_api.h"
-#include<string>
-
-namespace WrtSecurity{
-namespace AceServerApi{
-
- // RPC test function
- // IN std::string
- // OUT std::string
- inline const std::string ECHO_METHOD()
- {
- return "echo";
- }
-};
-};
-
-
-#endif // WRT_SRC_RPC_SECURITY_DAEMON_ACE_SERVER_DBUS_API_H_
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * This file contain consts for Signing Template and Policy Manager
- * This values will be used to specified and identified algorithms in xml policy documents.
- * Its consistent with BONDI 1.0 released requirements
- *
- * NOTE: This values should be verified when ACF will be updated to the latest version of BONDI requirements
- * This values comes from widget digital signature 1.0 - required version of this doc is very important
- *
- **/
-
-#ifndef ACF_CONSTS_TYPES_H
-#define ACF_CONSTS_TYPES_H
-
-//Digest Algorithms
-extern const char* DIGEST_ALG_SHA256;
-
-//Canonicalization Algorithms
-extern const char* CANONICAL_ALG_C14N;
-
-//Signature Algorithms
-extern const char* SIGNATURE_ALG_RSA_with_SHA256;
-extern const char* SIGNATURE_ALG_DSA_with_SHA1;
-extern const char* SIGNATURE_ALG_ECDSA_with_SHA256;
-
-#endif
-
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/**
- *
- * This file contains classes that implement WRT_INTERFACE.h interfaces,
- * so that ACE could access WRT specific and other information during
- * the decision making.
- *
- * @file attribute_.cpp
- * @author Jaroslaw Osmanski (j.osmanski@samsung.com)
- * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com)
- * @author Ming Jin(ming79.jin@samsung.com)
- * @version 1.0
- * @brief Implementation file for attributes obtaining.
- */
-
-#include <dpl/exception.h>
-#include <sstream>
-#include <algorithm>
-#include <list>
-#include <string>
-#include <sstream>
-#include <stdexcept>
-#include <map>
-#include <cstdlib>
-#include <ace-dao-ro/AceDAOReadOnly.h>
-#include <ace/WRT_INTERFACE.h>
-#include <map>
-#include <dpl/log/log.h>
-#include <dpl/foreach.h>
-#include <attribute_facade.h>
-#include <ace/Request.h>
-#include <simple_roaming_agent.h>
-
-namespace // anonymous
-{
-typedef std::list<std::string> AttributeHandlerResponse;
-
-typedef AttributeHandlerResponse (*AttributeHandler)(
- const WidgetExecutionPhase &phase,
- const WidgetHandle &widgetHandle);
-typedef AttributeHandlerResponse (*ResourceAttributeHandler)(
- const WidgetExecutionPhase &phase,
- const WidgetHandle &widgetHandle,
- const Request &request);
-
-AttributeHandlerResponse AttributeClassHandler(const WidgetExecutionPhase & /*phase*/,
- const WidgetHandle & /*widgetHandle*/)
-{
- AttributeHandlerResponse response;
- response.push_back("widget");
- return response;
-}
-
-AttributeHandlerResponse AttributeInstallUriHandler(
- const WidgetExecutionPhase & /*phase*/,
- const WidgetHandle &widgetHandle)
-{
- AttributeHandlerResponse response;
- std::string value = AceDB::AceDAOReadOnly::getShareHref(widgetHandle);
- if(!value.empty())
- response.push_back(value);
- return response;
-}
-
-AttributeHandlerResponse AttributeVersionHandler(const WidgetExecutionPhase & /*phase*/,
- const WidgetHandle &widgetHandle)
-{
- AttributeHandlerResponse response;
-
- std::string value = AceDB::AceDAOReadOnly::getVersion(widgetHandle);
-
- if (!value.empty()) {
- response.push_back(value);
- }
-
- return response;
-}
-
-AttributeHandlerResponse AttributeDistributorKeyCnHandler(
- const WidgetExecutionPhase & /*phase*/,
- const WidgetHandle &widgetHandle)
-{
- AttributeHandlerResponse response;
- response = AceDB::AceDAOReadOnly::getKeyCommonNameList(widgetHandle,
- AceDB::WidgetCertificateData::DISTRIBUTOR, AceDB::WidgetCertificateData::ENDENTITY);
- return response;
-}
-
-AttributeHandlerResponse AttributeDistributorKeyFingerprintHandler(
- const WidgetExecutionPhase & /*phase*/,
- const WidgetHandle &widgetHandle)
-{
- AttributeHandlerResponse response;
- response = AceDB::AceDAOReadOnly::getKeyFingerprints(widgetHandle,
- AceDB::WidgetCertificateData::DISTRIBUTOR, AceDB::WidgetCertificateData::ENDENTITY);
- return response;
-}
-
-AttributeHandlerResponse AttributeDistributorKeyRootCnHandler(
- const WidgetExecutionPhase & /*phase*/,
- const WidgetHandle &widgetHandle)
-{
- AttributeHandlerResponse response;
- response = AceDB::AceDAOReadOnly::getKeyCommonNameList(widgetHandle,
- AceDB::WidgetCertificateData::DISTRIBUTOR, AceDB::WidgetCertificateData::ROOT);
- return response;
-}
-
-AttributeHandlerResponse AttributeDistributorKeyRootFingerprintHandler(
- const WidgetExecutionPhase & /*phase*/,
- const WidgetHandle &widgetHandle)
-{
- AttributeHandlerResponse response;
- response = AceDB::AceDAOReadOnly::getKeyFingerprints(widgetHandle,
- AceDB::WidgetCertificateData::DISTRIBUTOR, AceDB::WidgetCertificateData::ROOT);
- return response;
-}
-
-AttributeHandlerResponse AttributeAuthorKeyCnHandler(
- const WidgetExecutionPhase & /*phase*/,
- const WidgetHandle &widgetHandle)
-{
- AttributeHandlerResponse response;
- response = AceDB::AceDAOReadOnly::getKeyCommonNameList(widgetHandle,
- AceDB::WidgetCertificateData::AUTHOR, AceDB::WidgetCertificateData::ENDENTITY);
- return response;
-}
-
-AttributeHandlerResponse AttributeAuthorKeyFingerprintHandler(
- const WidgetExecutionPhase & /*phase*/,
- const WidgetHandle &widgetHandle)
-{
- AttributeHandlerResponse response;
- response = AceDB::AceDAOReadOnly::getKeyFingerprints(widgetHandle,
- AceDB::WidgetCertificateData::AUTHOR, AceDB::WidgetCertificateData::ENDENTITY);
- return response;
-}
-
-AttributeHandlerResponse AttributeAuthorKeyRootCnHandler(
- const WidgetExecutionPhase & /*phase*/,
- const WidgetHandle &widgetHandle)
-{
- AttributeHandlerResponse response;
- response = AceDB::AceDAOReadOnly::getKeyCommonNameList(widgetHandle,
- AceDB::WidgetCertificateData::AUTHOR, AceDB::WidgetCertificateData::ROOT);
- return response;
-}
-
-AttributeHandlerResponse AttributeAuthorKeyRootFingerprintHandler(
- const WidgetExecutionPhase & /*phase*/,
- const WidgetHandle &widgetHandle)
-{
- AttributeHandlerResponse response;
- response = AceDB::AceDAOReadOnly::getKeyFingerprints(widgetHandle,
- AceDB::WidgetCertificateData::AUTHOR, AceDB::WidgetCertificateData::ROOT);
- return response;
-}
-
-AttributeHandlerResponse AttributeNetworkAccessUriHandler(
- const WidgetExecutionPhase & /*phase*/,
- const WidgetHandle & /*widgetHandle*/)
-{
- AttributeHandlerResponse response;
- return response;
-}
-
-AttributeHandlerResponse AttributeIdHandler(const WidgetExecutionPhase & /*phase*/,
- const WidgetHandle &widgetHandle)
-{
- AttributeHandlerResponse response;
-
- std::string wGUID = AceDB::AceDAOReadOnly::getGUID(widgetHandle);
-
- if (!wGUID.empty()) {
- response.push_back(wGUID);
- }
- return response;
-}
-
-AttributeHandlerResponse AttributeAuthorNameHandler(
- const WidgetExecutionPhase & /*phase*/,
- const WidgetHandle &widgetHandle)
-{
- AttributeHandlerResponse response;
-
- std::string value = AceDB::AceDAOReadOnly::getAuthorName(widgetHandle);
-
- if (!value.empty()) {
- response.push_back(value);
- }
-
- return response;
-}
-
-AttributeHandlerResponse AttributeRoamingHandler(
- const WidgetExecutionPhase &phase,
- const WidgetHandle & /*widgetHandle*/)
-{
- AttributeHandlerResponse response;
-
- if (WidgetExecutionPhase_WidgetInstall == phase) {
- // TODO undetermind value
- response.push_back(std::string(""));
- } else if (SimpleRoamingAgentSingleton::Instance().IsRoamingOn()) {
- response.push_back(std::string("true"));
- } else {
- response.push_back(std::string("false"));
- }
-
- return response;
-}
-
-AttributeHandlerResponse AttributeBearerTypeHandler(
- const WidgetExecutionPhase & /*phase*/,
- const WidgetHandle & /*widgetHandle*/)
-{
- AttributeHandlerResponse response;
-
- std::string bearerName = "undefined-bearer-name";
-
- if (bearerName.empty()) {
- LogWarning("Bearer-type is NOT SET or empty");
- } else {
- response.push_back(bearerName);
- }
-
- return response;
-}
-
-struct AttributeHandlerContext
-{
- std::string name;
- WidgetExecutionPhase allowedPhaseMask;
- AttributeHandler handler;
-};
-
-// Private masks
-const WidgetExecutionPhase WidgetExecutionPhase_All =
- static_cast<WidgetExecutionPhase>(
- WidgetExecutionPhase_WidgetInstall |
- WidgetExecutionPhase_WidgetInstantiate |
- WidgetExecutionPhase_WebkitBind |
- WidgetExecutionPhase_Invoke);
-const WidgetExecutionPhase WidgetExecutionPhase_NoWidgetInstall =
- static_cast<WidgetExecutionPhase>(
- WidgetExecutionPhase_WidgetInstantiate |
- WidgetExecutionPhase_WebkitBind |
- WidgetExecutionPhase_Invoke);
-
-#define ALL_PHASE(name, handler) \
- { # name, WidgetExecutionPhase_All, handler },
-
-#define NO_INSTALL(name, handler) \
- { # name, WidgetExecutionPhase_NoWidgetInstall, handler },
-
-AttributeHandlerContext HANDLED_ATTRIBUTES_LIST[] = {
- ALL_PHASE(Class, &AttributeClassHandler)
- ALL_PHASE(install-uri, &AttributeInstallUriHandler)
- ALL_PHASE(version, &AttributeVersionHandler)
- ALL_PHASE(distributor-key-cn, &AttributeDistributorKeyCnHandler)
- ALL_PHASE(distributor-key-fingerprint,
- &AttributeDistributorKeyFingerprintHandler)
- ALL_PHASE(distributor-key-root-cn,
- &AttributeDistributorKeyRootCnHandler)
- ALL_PHASE(distributor-key-root-fingerprint,
- &AttributeDistributorKeyRootFingerprintHandler)
- ALL_PHASE(author-key-cn, &AttributeAuthorKeyCnHandler)
- ALL_PHASE(author-key-fingerprint, &AttributeAuthorKeyFingerprintHandler)
- ALL_PHASE(author-key-root-cn, &AttributeAuthorKeyRootCnHandler)
- ALL_PHASE(author-key-root-fingerprint,
- &AttributeAuthorKeyRootFingerprintHandler)
- ALL_PHASE(network-access-uri, &AttributeNetworkAccessUriHandler)
- ALL_PHASE(id, &AttributeIdHandler)
-// ALL_PHASE(name, &AttributeNameHandler)
-// ALL_PHASE(widget-attr:name, &AttributeWidgetAttrNameHandler)
- ALL_PHASE(author-name, &AttributeAuthorNameHandler)
- /* Enviroment attributes*/
- NO_INSTALL(roaming, &AttributeRoamingHandler)
- NO_INSTALL(bearer-type, &AttributeBearerTypeHandler)
-};
-
-#undef ALL_PHASE
-#undef NO_INSTALL
-
-const size_t HANDLED_ATTRIBUTES_LIST_COUNT =
- sizeof(HANDLED_ATTRIBUTES_LIST) / sizeof(HANDLED_ATTRIBUTES_LIST[0]);
-
-template<class T>
-class lambdaCollectionPusher
-{
- public:
- std::list<T>& m_collection;
- lambdaCollectionPusher(std::list<T>& collection) : m_collection(collection)
- {
- }
- void operator()(const T& element) const
- {
- m_collection.push_back(element);
- }
-};
-
-AttributeHandlerResponse AttributeDeviceCapHandler(const WidgetExecutionPhase & /*phase*/,
- const WidgetHandle & /*widgetHandle*/,
- const Request &request)
-{
- AttributeHandlerResponse response;
-
- Request::DeviceCapabilitySet capSet = request.getDeviceCapabilitySet();
- LogDebug("device caps set contains");
- FOREACH(dc, capSet)
- {
- LogDebug("-> " << *dc);
- }
-
- std::for_each(
- capSet.begin(),
- capSet.end(),
- lambdaCollectionPusher<std::string>(response));
-
- return response;
-}
-
-//class lambdaFeatureEquality :
-// public std::binary_function<FeatureHandle, int, bool>
-//{
-// public:
-// bool operator()(const FeatureHandle& wFeature,
-// const int& resurceId) const
-// {
-// return wFeature == resurceId;
-// }
-//};
-//
-//class lambdaPushFeatureName :
-// public std::binary_function<WidgetFeature, AttributeHandlerResponse, void>
-//{
-// void operator()(const WidgetFeature& wFeature,
-// AttributeHandlerResponse& response) const
-// {
-// response.push_back(DPL::ToUTF8String(wFeature.name));
-// }
-//};
-
-AttributeHandlerResponse AttributeApiFeatureHandler(
- const WidgetExecutionPhase & /* phase */,
- const WidgetHandle & /* widgetHandle */,
- const Request & /* request */)
-{
- LogDebug("WAC 2.0 does not support api-feature and resource-id in policy.");
- AttributeHandlerResponse response;
- return response;
-}
-
-AttributeHandlerResponse AttributeFeatureInstallUriHandler(
- const WidgetExecutionPhase & /* phase */,
- const WidgetHandle & /* widgetHandle */,
- const Request & /* request */)
-{
- LogDebug("WAC 2.0 does not support feature-install-uri is policy!");
- AttributeHandlerResponse response;
- return response;
-}
-
-AttributeHandlerResponse AttributeFeatureFeatureKeyCnHandler(
- const WidgetExecutionPhase & /* phase */,
- const WidgetHandle & /* widgetHandle */,
- const Request & /* request */)
-{
- LogDebug("WAC 2.0 does not support feature-key-cn is policy!");
- AttributeHandlerResponse response;
- return response;
-}
-
-AttributeHandlerResponse AttributeFeatureKeyRootCnHandler(
- const WidgetExecutionPhase & /* phase */,
- const WidgetHandle & /* widgetHandle */,
- const Request & /* request */)
-{
- LogDebug("WAC 2.0 does not support feature-key-root-cn is policy!");
- AttributeHandlerResponse response;
- return response;
-}
-
-AttributeHandlerResponse AttributeFeatureKeyRootFingerprintHandler(
- const WidgetExecutionPhase & /* phase */,
- const WidgetHandle & /* widgetHandle */,
- const Request & /* request */)
-{
- LogDebug("WAC 2.0 does not support"
- " feature-key-root-fingerprint is policy!");
- AttributeHandlerResponse response;
- return response;
-}
-
-struct ResourceAttributeHandlerContext
-{
- std::string name;
- WidgetExecutionPhase allowedPhaseMask;
- ResourceAttributeHandler handler;
-};
-
-#define ALL_PHASE(name, handler) \
- { # name, WidgetExecutionPhase_All, handler },
-
-ResourceAttributeHandlerContext HANDLED_RESOURCE_ATTRIBUTES_LIST[] = {
- ALL_PHASE(device-cap, &AttributeDeviceCapHandler)
- ALL_PHASE(api-feature, &AttributeApiFeatureHandler)
- // For compatiblity with older policies we tread resource-id
- // identically as api-feature
- ALL_PHASE(resource-id, &AttributeApiFeatureHandler)
-
- ALL_PHASE(feature-install-uri, &AttributeFeatureInstallUriHandler)
- ALL_PHASE(feature-key-cn, &AttributeFeatureFeatureKeyCnHandler)
- ALL_PHASE(feature-key-root-cn, &AttributeFeatureKeyRootCnHandler)
- ALL_PHASE(feature-key-root-fingerprint,
- &AttributeFeatureKeyRootFingerprintHandler)
-};
-
-#undef ALL_PHASE
-
-const size_t HANDLED_RESOURCE_ATTRIBUTES_LIST_COUNT =
- sizeof(HANDLED_RESOURCE_ATTRIBUTES_LIST) /
- sizeof(HANDLED_RESOURCE_ATTRIBUTES_LIST[0]);
-} // namespace anonymous
-
-/*
- * class WebRuntimeImpl
- */
-int WebRuntimeImpl::getAttributesValuesLoop(const Request &request,
- std::list<ATTRIBUTE>* attributes,
- WidgetExecutionPhase executionPhase)
-{
- UNHANDLED_EXCEPTION_HANDLER_BEGIN
- {
- WidgetHandle widgetHandle = request.getWidgetHandle();
-
- FOREACH(itr, *attributes)
- {
- // Get attribute name
- std::string attribute = *itr->first;
-
- // Search for attribute handler
- bool attributeFound = false;
-
- for (size_t i = 0; i < HANDLED_ATTRIBUTES_LIST_COUNT; ++i) {
- if (HANDLED_ATTRIBUTES_LIST[i].name == attribute) {
- // Check if execution phase is valid
- if ((executionPhase &
- HANDLED_ATTRIBUTES_LIST[i].allowedPhaseMask) == 0) {
- // Attribute found, but execution state
- // forbids to execute handler
- LogWarning(
- "Request for attribute: '" <<
- attribute << "' which is supported " <<
- "but forbidden at widget execution phase: "
- <<
- executionPhase);
- } else {
- // Execution phase allows handler
- AttributeHandlerResponse attributeResponse =
- (*HANDLED_ATTRIBUTES_LIST[i].handler)(
- executionPhase,
- widgetHandle);
- std::copy(attributeResponse.begin(),
- attributeResponse.end(),
- std::back_inserter(*itr->second));
- }
-
- attributeFound = true;
- break;
- }
- }
-
- if (!attributeFound) {
- LogWarning("Request for attribute: '" <<
- attribute << "' which is not supported");
- }
- }
-
- return 0;
- }
- UNHANDLED_EXCEPTION_HANDLER_END
-}
-
-int WebRuntimeImpl::getAttributesValues(const Request &request,
- std::list<ATTRIBUTE>* attributes)
-{
- UNHANDLED_EXCEPTION_HANDLER_BEGIN
- {
- // Get current execution state
- WidgetExecutionPhase executionPhase =
- request.getExecutionPhase();
-
- return getAttributesValuesLoop(request, attributes, executionPhase);
- }
- UNHANDLED_EXCEPTION_HANDLER_END
-}
-
-std::string WebRuntimeImpl::getSessionId(const Request & /* request */)
-{
- std::string result;
- LogError("Not implemented!");
- return result;
-}
-
-WebRuntimeImpl::WebRuntimeImpl()
-{
-}
-
-/*
- * class ResourceInformationImpl
- */
-
-int ResourceInformationImpl::getAttributesValuesLoop(const Request &request,
- std::list<ATTRIBUTE>* attributes,
- WidgetExecutionPhase executionPhase)
-{
- // Currently, we assume widgets have internal representation of integer IDs
- WidgetHandle widgetHandle = request.getWidgetHandle();
- //TODO add resource id string analyzys
- FOREACH(itr, *attributes)
- {
- // Get attribute name
- std::string attribute = *itr->first;
- LogDebug("getting attribute value for: " << attribute);
- FOREACH(aaa, *itr->second)
- {
- LogDebug("its value is: " << *aaa);
- }
-
- // Search for attribute handler
- bool attributeFound = false;
-
- for (size_t i = 0; i < HANDLED_RESOURCE_ATTRIBUTES_LIST_COUNT; ++i) {
- if (HANDLED_RESOURCE_ATTRIBUTES_LIST[i].name == attribute) {
- // Check if execution phase is valid
- if ((executionPhase &
- HANDLED_RESOURCE_ATTRIBUTES_LIST[i].allowedPhaseMask) ==
- 0) {
- // Attribute found, but execution state
- // forbids to execute handler
- LogDebug(
- "Request for attribute: '" <<
- attribute <<
- "' which is supported but forbidden " <<
- "at widget execution phase: " << executionPhase);
- itr->second = NULL;
- } else {
- // Execution phase allows handler
- AttributeHandlerResponse attributeResponse =
- (*HANDLED_RESOURCE_ATTRIBUTES_LIST[i].handler)(
- executionPhase,
- widgetHandle,
- request);
- std::copy(attributeResponse.begin(),
- attributeResponse.end(),
- std::back_inserter(*itr->second));
-
- std::ostringstream attributeResponseFull;
-
- for (AttributeHandlerResponse::const_iterator
- it = attributeResponse.begin();
- it != attributeResponse.end(); ++it) {
- attributeResponseFull <<
- (it == attributeResponse.begin() ? "" : ", ") <<
- *it;
- }
-
- LogDebug("Attribute(" << attribute << ") = " <<
- attributeResponseFull.str());
- }
-
- attributeFound = true;
- break;
- }
- }
-
- if (!attributeFound) {
- LogWarning("Request for attribute: '" << attribute <<
- "' which is not supported");
- }
- }
- return 0;
-}
-
-int ResourceInformationImpl::getAttributesValues(const Request &request,
- std::list<ATTRIBUTE>* attributes)
-{
- UNHANDLED_EXCEPTION_HANDLER_BEGIN
- {
- // Get current execution state
- WidgetExecutionPhase executionPhase =
- request.getExecutionPhase();
- return getAttributesValuesLoop(request, attributes, executionPhase);
- }
- UNHANDLED_EXCEPTION_HANDLER_END
-}
-
-ResourceInformationImpl::ResourceInformationImpl()
-{
-}
-
-/*
- * class OperationSystemImpl
- */
-
-int OperationSystemImpl::getAttributesValues(const Request &request,
- std::list<ATTRIBUTE>* attributes)
-{
- UNHANDLED_EXCEPTION_HANDLER_BEGIN
- {
- //FIXME:
- //GetExecution name without widget name
- WidgetExecutionPhase executionPhase =
- request.getExecutionPhase();
-
- FOREACH(itr, *attributes)
- {
- // Get attribute name
- std::string attribute = *itr->first;
-
- // Search for attribute handler
- bool attributeFound = false;
-
- for (size_t i = 0; i < HANDLED_ATTRIBUTES_LIST_COUNT; ++i) {
- if (HANDLED_ATTRIBUTES_LIST[i].name == attribute) {
- // Check if execution phase is valid
- if ((executionPhase &
- HANDLED_ATTRIBUTES_LIST[i].allowedPhaseMask) == 0) {
- // Attribute found, but execution state forbids
- // to execute handler
- LogDebug("Request for attribute: '" << attribute <<
- "' which is supported but forbidden at " <<
- "widget execution phase: " << executionPhase);
- itr->second = NULL;
- } else {
- // Execution phase allows handler
- AttributeHandlerResponse attributeResponse =
- (*HANDLED_ATTRIBUTES_LIST[i].handler)(
- executionPhase,
- 0);
- std::copy(attributeResponse.begin(),
- attributeResponse.end(),
- std::back_inserter(*itr->second));
-
- std::ostringstream attributeResponseFull;
-
- typedef AttributeHandlerResponse::const_iterator Iter;
- FOREACH(it, attributeResponse)
- {
- attributeResponseFull <<
- (it == attributeResponse.begin()
- ? "" : ", ") << *it;
- }
-
- LogDebug("Attribute(" << attribute <<
- ") = " << attributeResponseFull.str());
- }
-
- attributeFound = true;
- break;
- }
- }
-
- if (!attributeFound) {
- LogWarning("Request for attribute: '" << attribute <<
- "' which is not supported");
- }
- }
-
- return 0;
- }
- UNHANDLED_EXCEPTION_HANDLER_END
-}
-
-OperationSystemImpl::OperationSystemImpl()
-{
-}
-
-/*
- * end of class OperationSystemImpl
- */
-
-int FunctionParamImpl::getAttributesValues(const Request & /*request*/,
- std::list<ATTRIBUTE> *attributes)
-{
- FOREACH(iter, *attributes)
- {
- std::string attributeName = *(iter->first);
-
- ParamMap::const_iterator i;
- std::pair<ParamMap::const_iterator, ParamMap::const_iterator> jj =
- paramMap.equal_range(attributeName);
-
- for (i = jj.first; i != jj.second; ++i) {
- iter->second->push_back(i->second);
- LogDebug("Attribute: " << attributeName << " Value: " <<
- i->second);
- }
- }
- return 0;
-}
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/**
- * @file attribute_facade.h
- * @author Jaroslaw Osmanski (j.osmanski@samsung.com)
- * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com)
- * @version 1.0
- * @brief This file contains the declaration of WebRuntimeImpl,
- * ResourceInformationImpl, OperationSystemImpl
- */
-
-#ifndef ATTRIBUTE_FACADE_H
-#define ATTRIBUTE_FACADE_H
-
-#include <string>
-#include <map>
-#include <vector>
-
-#include <ace/WRT_INTERFACE.h>
-
-class Request;
-
-class WebRuntimeImpl : public IWebRuntime
-{
- public:
- // Return current sessionId
- int getAttributesValuesLoop(const Request &request,
- std::list<ATTRIBUTE>* attributes,
- WidgetExecutionPhase executionPhase);
-
- int getAttributesValues(const Request &request,
- std::list<ATTRIBUTE>* attributes);
- virtual std::string getSessionId(const Request &request);
- WebRuntimeImpl();
-};
-
-class ResourceInformationImpl : public IResourceInformation
-{
- public:
- int getAttributesValuesLoop(const Request &request,
- std::list<ATTRIBUTE>* attributes,
- WidgetExecutionPhase executionPhase);
- int getAttributesValues(const Request &request,
- std::list<ATTRIBUTE>* attributes);
- ResourceInformationImpl();
-};
-
-class OperationSystemImpl : public IOperationSystem
-{
- public:
- /**
- * gather and set attributes values for specified attribute name
- * @param attributes is a list of pairs(
- * first: pointer to attribute name
- * second: list of values for attribute (std::string) -
- * its a list of string (BONDI requirement), but usually there
- * will be only one string
- */
- int getAttributesValues(const Request &request,
- std::list<ATTRIBUTE>* attributes);
- OperationSystemImpl();
-};
-
-class FunctionParamImpl : public IFunctionParam
-{
- public:
- virtual int getAttributesValues(const Request & /*request*/,
- std::list<ATTRIBUTE> *attributes);
- void addAttribute(const std::string &key,
- const std::string &value)
- {
- paramMap.insert(make_pair(key, value));
- }
- virtual ~FunctionParamImpl()
- {
- }
-
- private:
- typedef std::multimap<std::string, std::string> ParamMap;
- ParamMap paramMap;
-};
-
-typedef std::vector <FunctionParamImpl> FunctionParams;
-
-#endif //ATTRIBUTE_FACADE_H
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/**
- * This class simply redirects the access requests to access control engine.
- * The aim is to hide access control engine specific details from WRT modules.
- * It also implements WRT_INTERFACE.h interfaces, so that ACE could access
- * WRT specific and other information during the decision making.
- *
- * @file security_controller.cpp
- * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com)
- * @author Ming Jin(ming79.jin@samsung.com)
- * @version 1.0
- * @brief Implementation file for security controller
- */
-#include <security_controller.h>
-#include <ace/PolicyEnforcementPoint.h>
-#include <ace/WRT_INTERFACE.h>
-//#include <engine/PolicyEvaluatorFactory.h>
-//#include <logic/attribute_facade.h>
-#include <dpl/singleton_impl.h>
-#include <dpl/log/log.h>
-#include <security_logic.h>
-#include <security_caller.h>
-
-IMPLEMENT_SINGLETON(SecurityController)
-
-struct SecurityController::Impl
-{
- SecurityLogic logic;
-};
-
-SecurityController::SecurityController()
-{
- m_impl.Reset(new Impl);
-}
-
-SecurityController::~SecurityController()
-{
-}
-
-void SecurityController::OnEventReceived(
- const SecurityControllerEvents::InitializeSyncEvent & /* event */)
-{
- SecurityCallerSingleton::Instance().Run();
- m_impl->logic.initialize();
-}
-
-void SecurityController::OnEventReceived(
- const SecurityControllerEvents::UpdatePolicySyncEvent& /* event */)
-{
- m_impl->logic.updatePolicy();
-}
-
-void SecurityController::OnEventReceived(
- const SecurityControllerEvents::TerminateSyncEvent & /*event*/)
-{
- SecurityCallerSingleton::Instance().Quit();
- m_impl->logic.terminate();
-}
-
-void SecurityController::OnEventReceived(
- const SecurityControllerEvents::CheckFunctionCallSyncEvent &ev)
-{
- *ev.GetArg0() = m_impl->logic.checkFunctionCall(ev.GetArg1());
-}
-
-void SecurityController::OnEventReceived(
- const SecurityControllerEvents::CheckRuntimeCallSyncEvent &ev)
-{
- *ev.GetArg0() = m_impl->logic.checkFunctionCall(ev.GetArg1(), ev.GetArg2());
-}
-
-void SecurityController::OnEventReceived(
- const SecurityControllerEvents::ValidatePopupResponseEvent &ev)
-{
- m_impl->logic.validatePopupResponse(ev.GetArg0(),
- ev.GetArg1(),
- ev.GetArg2(),
- ev.GetArg3(),
- ev.GetArg4());
-}
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/**
- * This class simply redirects the access requests to access control engine.
- * The aim is to hide access control engine specific details from WRT modules.
- * It also implements WRT_INTERFACE.h interfaces, so that ACE could access
- * WRT specific and other information during the decision making.
- *
- * @file security_controller.h
- * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com)
- * @author Ming Jin(ming79.jin@samsung.com)
- * @version 1.0
- * @brief Header file for security controller
- */
-#ifndef SECURITY_CONTROLLER_H
-#define SECURITY_CONTROLLER_H
-
-#include <dpl/singleton.h>
-#include <dpl/event/controller.h>
-#include <dpl/generic_event.h>
-#include <dpl/scoped_ptr.h>
-#include <dpl/type_list.h>
-#include <string>
-#include <ace-dao-ro/PreferenceTypes.h>
-#include <ace/AbstractPolicyEnforcementPoint.h>
-#include <ace-dao-ro/PromptModel.h>
-#include <string>
-#include <dpl/event/inter_context_delegate.h>
-
-namespace Jobs {
-class Job;
-}
-
-namespace SecurityControllerEvents {
-DECLARE_GENERIC_EVENT_0(InitializeSyncEvent)
-DECLARE_GENERIC_EVENT_0(TerminateSyncEvent)
-DECLARE_GENERIC_EVENT_0(UpdatePolicySyncEvent)
-
-DECLARE_GENERIC_EVENT_2(CheckFunctionCallSyncEvent,
- PolicyResult *,
- Request *
- )
-
-DECLARE_GENERIC_EVENT_3(CheckRuntimeCallSyncEvent,
- PolicyResult *,
- Request *,
- std::string //sessionId
- )
-
-DECLARE_GENERIC_EVENT_5(ValidatePopupResponseEvent,
- Request *,
- bool, //is allowed
- Prompt::Validity,
- std::string, //sessionId
- bool* //check return value
- )
-
-} // namespace SecurityControllerEvents
-
-typedef DPL::TypeListDecl<
- SecurityControllerEvents::InitializeSyncEvent,
- SecurityControllerEvents::TerminateSyncEvent,
- SecurityControllerEvents::UpdatePolicySyncEvent,
- SecurityControllerEvents::ValidatePopupResponseEvent,
- SecurityControllerEvents::CheckRuntimeCallSyncEvent,
- SecurityControllerEvents::CheckFunctionCallSyncEvent>::Type
-SecurityControllerEventsTypeList;
-
-class SecurityController :
- public DPL::Event::Controller<SecurityControllerEventsTypeList>
-{
- protected:
- virtual void OnEventReceived(
- const SecurityControllerEvents::InitializeSyncEvent &event);
- virtual void OnEventReceived(
- const SecurityControllerEvents::UpdatePolicySyncEvent &event);
- virtual void OnEventReceived(
- const SecurityControllerEvents::ValidatePopupResponseEvent &e);
- virtual void OnEventReceived(
- const SecurityControllerEvents::TerminateSyncEvent &event);
- virtual void OnEventReceived(
- const SecurityControllerEvents::CheckFunctionCallSyncEvent &e);
- virtual void OnEventReceived(
- const SecurityControllerEvents::CheckRuntimeCallSyncEvent &e);
-
- private:
- class Impl;
- DPL::ScopedPtr<Impl> m_impl;
-
- SecurityController();
- //This desctructor must be in implementation file (cannot be autogenerated)
- ~SecurityController();
-
- friend class DPL::Singleton<SecurityController>;
-};
-
-typedef DPL::Singleton<SecurityController> SecurityControllerSingleton;
-
-#endif // SECURITY_CONTROLLER_H
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/**
- * This class simply redirects the access requests to access control engine.
- * The aim is to hide access control engine specific details from WRT modules.
- * It also implements WRT_INTERFACE.h interfaces, so that ACE could access
- * WRT specific and other information during the decision making.
- *
- * @file security_controller.h
- # @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com)
- * @author Ming Jin(ming79.jin@samsung.com)
- * @author Piotr Kozbial (p.kozbial@samsung.com)
- * @version 1.0
- * @brief Header file for security logic
- */
-
-#include <security_logic.h>
-#include <attribute_facade.h>
-#ifdef WRT_SMACK_ENABLED
-#include <privilege-control.h>
-#endif
-#include <ace-dao-rw/AceDAO.h>
-#include <ace-dao-ro/AceDAOConversions.h>
-#include <ace/PolicyInformationPoint.h>
-#include <ace/PromptDecision.h>
-#include <dpl/log/log.h>
-
-namespace {
-
-Request::ApplicationType getAppType(const Request *request) {
- AceDB::AppTypes appType =
- AceDB::AceDAOReadOnly::getWidgetType(request->getWidgetHandle());
- switch (appType) {
- case AceDB::AppTypes::Tizen:
- LogDebug("==== Found Tizen application. ====");
- return Request::APP_TYPE_TIZEN;
- case AceDB::AppTypes::WAC20:
- LogDebug("==== Found Wac20 application. ====");
- return Request::APP_TYPE_WAC20;
- default:
- LogDebug("==== Unknown application type. ====");
- }
- return Request::APP_TYPE_UNKNOWN;
-}
-
-} // anonymous namespace
-
-void SecurityLogic::initialize() {
- AceDB::AceDAO::attachToThreadRW();
- m_policyEnforcementPoint.initialize(new WebRuntimeImpl(),
- new ResourceInformationImpl(),
- new OperationSystemImpl());
-}
-
-void SecurityLogic::terminate() {
- m_policyEnforcementPoint.terminate();
- AceDB::AceDAO::detachFromThread();
-}
-
-
-void SecurityLogic::grantPlatformAccess(const Request& request)
-{
- (void)request;
-#ifdef WRT_SMACK_ENABLED
- try {
- unsigned long long id =
- static_cast<unsigned long long>(request.getWidgetHandle());
- Request::DeviceCapabilitySet dc = request.getDeviceCapabilitySet();
-
- size_t i,size = dc.size();
- std::unique_ptr<const char*[]> array(new const char*[size+1]);
-
- array[size] = NULL;
- auto it = dc.begin();
-
- for(i=0; (i<size) && (it!=dc.end()); ++i,++it) {
- array[i] = it->c_str();
- }
- int ret = wrt_permissions_add(id, array.get());
- if (PC_OPERATION_SUCCESS != ret) {
- LogError("smack rules couldn't be granted");
- }
- } catch (std::bad_alloc&) {
- LogError("smack rules couldn't be granted: memory allocation failed");
- }
-#endif
-}
-
-PolicyResult SecurityLogic::checkFunctionCall(Request* request)
-{
- Assert(NULL != request);
-
- LogDebug("=== Check widget existance ===");
- Try {
- request->setAppType(getAppType(request));
- } Catch (AceDB::AceDAOReadOnly::Exception::DatabaseError) {
- LogError("==== Couldn't find widget for handle: " <<
- request->getWidgetHandle() << ". Access denied. ====");
- return PolicyEffect::DENY;
- }
-
- PolicyResult aceResult = m_policyEnforcementPoint.check(*request).policyResult;
-
- if (aceResult == PolicyEffect::PERMIT) {
- grantPlatformAccess(*request);
- return PolicyEffect::PERMIT;
- } else if (aceResult == PolicyEffect::PROMPT_ONESHOT ||
- aceResult == PolicyEffect::PROMPT_SESSION ||
- aceResult == PolicyEffect::PROMPT_BLANKET ||
- aceResult == PolicyDecision::NOT_APPLICABLE ||
- aceResult == PolicyResult::UNDETERMINED)
- {
- // TODO: check stored user answers!!!
- // if necessary, grant SMACK rules
- // return appropriately - the following is a dummy:
- return aceResult;
- } else {
- return PolicyEffect::DENY;
- }
-}
-
-PolicyResult SecurityLogic::checkFunctionCall(Request* request, const std::string &sessionId)
-{
- Assert(NULL != request);
- LogDebug("=== Check existance of widget === ");
- Try {
- request->setAppType(getAppType(request));
- } Catch (AceDB::AceDAOReadOnly::Exception::DatabaseError) {
- LogError("==== Couldn't find widget for handle: " <<
- request->getWidgetHandle() << ". Access denied. ====");
- return PolicyEffect::DENY;
- }
-
- ExtendedPolicyResult exAceResult = m_policyEnforcementPoint.check(*request);
- PolicyResult aceResult = exAceResult.policyResult;
-
- LogDebug("Result returned by policy " << aceResult << ". RuleID: " << exAceResult.ruleId);
-
- if (aceResult == PolicyEffect::PERMIT) {
- LogDebug("Grant access.");
- grantPlatformAccess(*request);
- return PolicyEffect::PERMIT;
- }
-
- if (aceResult == PolicyEffect::PROMPT_ONESHOT ||
- aceResult == PolicyEffect::DENY)
- {
- return aceResult;
- }
-
- OptionalCachedPromptDecision decision = AceDB::AceDAOReadOnly::getPromptDecision(
- request->getWidgetHandle(),
- exAceResult.ruleId);
-
- if (decision.IsNull()) {
- LogDebug("No CachedPromptDecision found.");
- return aceResult;
- }
-
- if (aceResult == PolicyEffect::PROMPT_BLANKET) {
- if (decision->decision == PromptDecision::ALLOW_ALWAYS) {
- LogDebug("Found user decision. Result changed to PERMIT. Access granted");
- grantPlatformAccess(*request);
- return PolicyEffect::PERMIT;
- }
- if (decision->decision == PromptDecision::DENY_ALWAYS) {
- LogDebug("Found user decision. Result changed to DENY.");
- return PolicyEffect::DENY;
- }
- if (decision->decision == PromptDecision::ALLOW_FOR_SESSION
- && !(decision->session.IsNull())
- && sessionId == DPL::ToUTF8String(*(decision->session)))
- {
- LogDebug("Result changed to PERMIT. Access granted.");
- grantPlatformAccess(*request);
- return PolicyEffect::PERMIT;
- }
- if (decision->decision == PromptDecision::DENY_FOR_SESSION
- && !(decision->session.IsNull())
- && sessionId == DPL::ToUTF8String(*(decision->session)))
- {
- LogDebug("Found user decision. Result changed to DENY.");
- return PolicyEffect::DENY;
- }
- return aceResult;
- }
-
- if (aceResult == PolicyEffect::PROMPT_SESSION) {
- if (decision->decision == PromptDecision::ALLOW_FOR_SESSION
- && !(decision->session.IsNull())
- && sessionId == DPL::ToUTF8String(*(decision->session)))
- {
- LogDebug("Found user decision. Result changed to PERMIT. Access granted.");
- grantPlatformAccess(*request);
- return PolicyEffect::PERMIT;
- }
- if (decision->decision == PromptDecision::DENY_FOR_SESSION
- && !(decision->session.IsNull())
- && sessionId == DPL::ToUTF8String(*(decision->session)))
- {
- LogDebug("Found user decision. Result changed to DENY.");
- return PolicyEffect::DENY;
- }
- return aceResult;
- }
-
- // This should not happend - all PolicyEffect values were supported before.
- // This mean that someone has modyfied PolicyEffect enum. SPANK SPANK SPANK
- LogError("Unsupported PolicyEffect!");
- return PolicyEffect::DENY;
-}
-
-void SecurityLogic::validatePopupResponse(Request* request,
- bool allowed,
- Prompt::Validity validity,
- const std::string& sessionId,
- bool* retValue)
-{
- Assert(NULL != retValue);
- Assert(NULL != request);
-
- LogDebug("Start");
- LogDebug("User answered: " << allowed << " with validity: " << validity);
- LogDebug("Check widget existance");
- Try {
- request->setAppType(getAppType(request));
- } Catch (AceDB::AceDAOReadOnly::Exception::DatabaseError) {
- LogError("==== Couldn't find widget for handle: " <<
- request->getWidgetHandle() << ". Access denied. ====");
- retValue = false;
- return;
- }
-
- *retValue = false;
- OptionalExtendedPolicyResult extendedAceResult =
- m_policyEnforcementPoint.checkFromCache(*request);
- if (extendedAceResult.IsNull()) {
- LogDebug("No cached policy result - but it should be here");
- LogDebug("returning " << *retValue);
- return;
- }
-
- PolicyResult aceResult = extendedAceResult->policyResult;
- if (aceResult == PolicyEffect::DENY) {
- LogDebug("returning " << *retValue);
- return;
- }
- if (aceResult == PolicyEffect::PERMIT) {
- // TODO we were asked for prompt validation
- // but we got that no prompt should be opened - is this OK?
- // (this is on the diagram in wiki)
- *retValue = true;
- } else if (aceResult == PolicyEffect::PROMPT_ONESHOT ||
- aceResult == PolicyEffect::PROMPT_SESSION ||
- aceResult == PolicyEffect::PROMPT_BLANKET)
- {
- Request::DeviceCapabilitySet devCaps =
- request->getDeviceCapabilitySet();
-
- FOREACH (it, devCaps) {
- Request::DeviceCapability resourceId = *it;
- LogDebug("Recheck: " << *it);
- // 1) check if per-widget settings permit
- AceDB::PreferenceTypes wgtPref =
- AceDB::AceDAOReadOnly::getWidgetDevCapSetting(
- resourceId,
- request->getWidgetHandle());
- if (AceDB::PreferenceTypes::PREFERENCE_DENY == wgtPref) {
- LogDebug("returning " << *retValue);
- return;
- }
- // 2) check if per-dev-cap settings permit
- AceDB::PreferenceTypes resPerf =
- AceDB::AceDAOReadOnly::getDevCapSetting(resourceId);
- if (AceDB::PreferenceTypes::PREFERENCE_DENY == resPerf) {
- LogDebug("returning " << *retValue);
- return;
- }
-
- // 3) check for stored propmt answer - should not be there
- // TODO - is this check necessary?
- AceDB::BaseAttributeSet attributes;
- AceDB::AceDAOReadOnly::getAttributes(&attributes);
- Request req(request->getWidgetHandle(),
- request->getExecutionPhase());
- req.addDeviceCapability(resourceId);
- PolicyInformationPoint *pip =
- m_policyEnforcementPoint.getPip();
-
- Assert(NULL != pip);
-
- pip->getAttributesValues(&req, &attributes);
- auto attrHash = AceDB::AceDaoConversions::convertToHash(attributes);
-
- // 4) validate consistency of answer with policy result
- Prompt::Validity clampedValidity =
- clampPromptValidity(validity, *(aceResult.getEffect()));
-
- // 5) store answer in database if appropriate
- // TODO how about userParam? sessionId?
- DPL::String userParam = DPL::FromUTF8String(sessionId);
- DPL::OptionalString sessionOptional =
- DPL::FromUTF8String(sessionId);
-
- switch (clampedValidity) {
- case Prompt::Validity::ALWAYS: {
- AceDB::AceDAO::setPromptDecision(
- request->getWidgetHandle(),
- extendedAceResult->ruleId,
- sessionOptional,
- allowed ?
- PromptDecision::ALLOW_ALWAYS :
- PromptDecision::DENY_ALWAYS);
- break; }
- case Prompt::Validity::SESSION: {
- AceDB::AceDAO::setPromptDecision(
- request->getWidgetHandle(),
- extendedAceResult->ruleId,
- sessionOptional,
- allowed ?
- PromptDecision::ALLOW_FOR_SESSION :
- PromptDecision::DENY_FOR_SESSION);
- break; }
-
- case Prompt::Validity::ONCE: {
- LogInfo("Validity ONCE, not saving prompt decision to cache");
- break; }
- }
-
- }
- // access granted!
- *retValue = allowed;
- }
- if (*retValue) {
- // 6) grant smack label if not granted yet
- grantPlatformAccess(*request);
- }
- LogDebug("Finish");
- LogDebug("returning " << *retValue);
-}
-
-void SecurityLogic::updatePolicy()
-{
- LogDebug("SecurityLogic::updatePolicy");
- m_policyEnforcementPoint.updatePolicy();
-}
-
-Prompt::Validity SecurityLogic::clampPromptValidity(
- Prompt::Validity validity,
- PolicyEffect effect)
-{
- switch (effect) {
- case PolicyEffect::PROMPT_BLANKET: {
- return validity; }
- case PolicyEffect::PROMPT_SESSION: {
- if (Prompt::Validity::ALWAYS == validity) {
- LogInfo("ALWAYS returned from prompt in PROMPT_SESSION");
- return Prompt::Validity::SESSION;
- }
- return validity; }
- case PolicyEffect::PROMPT_ONESHOT: {
- if (Prompt::Validity::ONCE != validity) {
- LogInfo("Not ONCE returned from prompt in PROMPT_ONESHOT");
- }
- return Prompt::Validity::ONCE; }
- case PolicyEffect::DENY:
- case PolicyEffect::PERMIT:
- default: {// other options - should not happen
- LogError("This kind of policy effect does not deal with prompts");
- return Prompt::Validity::ONCE; }
- }
-}
-
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/**
- * This class simply redirects the access requests to access control engine.
- * The aim is to hide access control engine specific details from WRT modules.
- * It also implements WRT_INTERFACE.h interfaces, so that ACE could access
- * WRT specific and other information during the decision making.
- *
- * @file security_controller.h
- * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com)
- * @author Ming Jin(ming79.jin@samsung.com)
- * @author Piotr Kozbial (p.kozbial@samsung.com)
- * @version 1.0
- * @brief Header file for security logic
- */
-#ifndef SECURITY_LOGIC_H
-#define SECURITY_LOGIC_H
-
-#include <ace/Request.h>
-#include <ace/PolicyResult.h>
-#include <ace/AbstractPolicyEnforcementPoint.h>
-#include <ace/Preference.h>
-#include <ace/PolicyEnforcementPoint.h>
-#include <ace-dao-ro/PromptModel.h>
-
-/* SecurityLogic
- * May only be created and used by SecurityController.
- * There may be only one instance.
- */
-class SecurityLogic {
- public:
- SecurityLogic() {}
- ~SecurityLogic() {}
- // initialize/terminate
- /** */
- void initialize();
- /** */
- void terminate();
-
- /** */
- PolicyResult checkFunctionCall(Request*);
- PolicyResult checkFunctionCall(Request*, const std::string &session);
-
- void validatePopupResponse(Request* request,
- bool allowed,
- Prompt::Validity validity,
- const std::string& sessionId,
- bool* retValue);
-
- /**
- * Updates policy and clears policy cache
- */
- void updatePolicy();
-
- private:
- PolicyEnforcementPoint m_policyEnforcementPoint;
-
- Prompt::Validity clampPromptValidity(Prompt::Validity validity,
- PolicyEffect effect);
- void grantPlatformAccess(const Request& request);
-};
-
-#endif // SECURITY_CONTROLLER_H
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file simple_roaming_agent.cpp
- * @author Pawel Sikorski (p.sikorski@samsung.com)
- * @author Lukasz Marek (l.marek@samsung.com)
- * @author Lukasz Wrzosek (l.wrzosek@samsung.com)
- * @version 1.0
- * @brief roaming agent
- */
-
-#include "simple_roaming_agent.h"
-#include <vconf.h>
-#include <dpl/fast_delegate.h>
-#include <dpl/log/log.h>
-#include <dpl/singleton_impl.h>
-IMPLEMENT_SINGLETON(SimpleRoamingAgent)
-
-SimpleRoamingAgent::SimpleRoamingAgent()
-{
- if (vconf_notify_key_changed(
- VCONFKEY_TELEPHONY_SVC_ROAM,
- vConfChagedCallback, this) < 0)
- {
- LogError("Cannot add vconf callback [" <<
- VCONFKEY_TELEPHONY_SVC_ROAM << "]");
- Assert(false && "Cannot add vconf callback");
- }
-
- int result = 0;
- if (vconf_get_int(VCONFKEY_TELEPHONY_SVC_ROAM, &result) != 0) {
- LogError("Cannot get current roaming status");
- Assert(false && "Cannot get current roaming status");
- } else {
- bool type = (result == VCONFKEY_TELEPHONY_SVC_ROAM_ON);
- m_networkType = type ? ROAMING : HOME;
- LogInfo("Network type is " << (type ? "ROAMING" : "HOME"));
- }
-
-}
-
-SimpleRoamingAgent::~SimpleRoamingAgent()
-{
- if (vconf_ignore_key_changed(
- VCONFKEY_TELEPHONY_SVC_ROAM,
- vConfChagedCallback) < 0)
- {
- LogError("Cannot rm vconf callback [" <<
- VCONFKEY_TELEPHONY_SVC_ROAM << "]");
- Assert(false && "Cannot remove vconf callback");
- }
-
-}
-
-void SimpleRoamingAgent::vConfChagedCallback(keynode_t *keyNode, void *data)
-{
- LogInfo("SimpleRoamingAgent::vConfChagedCallback ");
- char *key = vconf_keynode_get_name(keyNode);
-
- if (NULL == key) {
- LogWarning("vconf key is null.");
- return;
- }
- std::string keyString = key;
- if (VCONFKEY_TELEPHONY_SVC_ROAM != keyString) {
- LogError("Wrong key found");
- Assert(false && "Wrong key found in vconf callback");
- return;
- }
- SimpleRoamingAgent *agent = static_cast<SimpleRoamingAgent *>(data);
- if (NULL == agent) {
- LogError("Bad user arg from vconf lib");
- Assert(false && "Bad user arg from vconf lib");
- return;
- }
- int result = 0;
- if (vconf_get_int(VCONFKEY_TELEPHONY_SVC_ROAM, &result) != 0) {
- LogError("Cannot get current roaming status");
- Assert(false && "Cannot get current roaming status");
- } else {
- bool type = (result == VCONFKEY_TELEPHONY_SVC_ROAM_ON);
- agent->m_networkType = type ? ROAMING : HOME;
- LogInfo("Network type is " << (type ? "ROAMING" : "HOME"));
- }
-}
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/**
- * @file simple_roaming_agent.h
- * @author Pawel Sikorski (p.sikorski@samsung.com)
- * @author Lukasz Wrzosek (l.wrzosek@samsung.com)
- * @version 1.0
- * @brief simple roaming agent
- */
-
-#ifndef WRT_SRC_ACCESS_CONTROL_COMMON_SIMPLE_ROAMING_AGENT_H_
-#define WRT_SRC_ACCESS_CONTROL_COMMON_SIMPLE_ROAMING_AGENT_H_
-
-#include <string>
-#include <dpl/singleton.h>
-#include <dpl/noncopyable.h>
-#include <vconf.h>
-
-class SimpleRoamingAgent : DPL::Noncopyable
-{
- public:
- bool IsRoamingOn() const
- {
- return ROAMING == m_networkType;
- }
-
- private:
- enum NetworkType {ROAMING, HOME};
-
- NetworkType m_networkType;
-
- SimpleRoamingAgent();
- virtual ~SimpleRoamingAgent();
-
- static void vConfChagedCallback(keynode_t *keyNode, void *userParam);
-
- friend class DPL::Singleton<SimpleRoamingAgent>;
-};
-
-typedef DPL::Singleton<SimpleRoamingAgent> SimpleRoamingAgentSingleton;
-
-#endif//WRT_SRC_ACCESS_CONTROL_COMMON_SIMPLE_ROAMING_AGENT_H_
+++ /dev/null
-/*
- * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file ace_service_callbacks.cpp
- * @author Zofia Abramowska (z.abramowska@samsung.com)
- * @version 1.0
- * @brief Implementation of Ace Service callbacks
- */
-#include <string>
-#include <vector>
-#include <dpl/log/log.h>
-#include "ace_service_callbacks.h"
-#include <callback_api.h>
-#include <ace/Request.h>
-#include <ace/PolicyResult.h>
-#include <security_controller.h>
-#include <security_caller.h>
-#include <attribute_facade.h>
-
-namespace RPC {
-
-void AceServiceCallbacks::checkAccess(SocketConnection * connector){
-
- int widgetHandle = 0;
- std::string subject, resource, sessionId;
- std::vector<std::string> paramNames, paramValues;
- Try {
- connector->read(&widgetHandle,
- &subject,
- &resource,
- ¶mNames,
- ¶mValues,
- &sessionId);
- } Catch (SocketConnection::Exception::SocketConnectionException){
- LogError("Socket Connection read error");
- ReThrowMsg(ServiceCallbackApi::Exception::ServiceCallbackException,
- "Socket Connection read error");
- }
-
- if (paramNames.size() != paramValues.size()) {
- ThrowMsg(ServiceCallbackApi::Exception::ServiceCallbackException, "Varying sizes of parameter names and parameter values");
- }
- LogDebug("We got subject: " << subject);
- LogDebug("We got resource: " << resource);
-
- FunctionParamImpl params;
- for (size_t i = 0; i < paramNames.size(); ++i) {
- params.addAttribute(paramNames[i], paramValues[i]);
- }
-
- Request request(widgetHandle,
- WidgetExecutionPhase_Invoke,
- ¶ms);
- request.addDeviceCapability(resource);
-
- PolicyResult result(PolicyEffect::DENY);
- SecurityCallerSingleton::Instance().SendSyncEvent(
- SecurityControllerEvents::CheckRuntimeCallSyncEvent(
- &result,
- &request,
- sessionId));
-
- int response = PolicyResult::serialize(result);
-
- Try{
- connector->write(response);
- } Catch (SocketConnection::Exception::SocketConnectionException){
- LogError("Socket Connection write error");
- ReThrowMsg(ServiceCallbackApi::Exception::ServiceCallbackException,
- "Socket Connection write error");
- }
-}
-
-void AceServiceCallbacks::checkAccessInstall(SocketConnection * connector){
-
- int widgetHandle;
- std::string resource;
-
- Try {
- connector->read(&widgetHandle,
- &resource);
- } Catch (SocketConnection::Exception::SocketConnectionException){
- LogError("Socket Connection read error");
- ReThrowMsg(ServiceCallbackApi::Exception::ServiceCallbackException,
- "Socket Connection read error");
- }
-
- LogDebug("We got handle: " << widgetHandle);
- LogDebug("We got resource: " << resource);
-
- Request request(widgetHandle,
- WidgetExecutionPhase_WidgetInstall);
- request.addDeviceCapability(resource);
-
- PolicyResult result(PolicyEffect::DENY);
- SecurityCallerSingleton::Instance().SendSyncEvent(
- SecurityControllerEvents::CheckFunctionCallSyncEvent(
- &result,
- &request));
-
- int response = PolicyResult::serialize(result);
-
- Try{
- connector->write(response);
- } Catch (SocketConnection::Exception::SocketConnectionException){
- LogError("Socket Connection write error");
- ReThrowMsg(ServiceCallbackApi::Exception::ServiceCallbackException,
- "Socket Connection write error");
- }
-}
-
-void AceServiceCallbacks::updatePolicy(SocketConnection * /*connector*/){
-
-
- LogDebug("Policy update socket message received");
- SecurityCallerSingleton::Instance().SendSyncEvent(
- SecurityControllerEvents::UpdatePolicySyncEvent());
-}
-
-} //namespace RPC
+++ /dev/null
-/*
- * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file ace_service_callbacks.h
- * @author Zofia Abramowska (z.abramowska@samsung.com)
- * @version 1.0
- * @brief Header of Ace Service callbacks
- */
-
-#ifndef ACE_SERVICE_CALLBACKS_H_
-#define ACE_SERVICE_CALLBACKS_H_
-
-#include <memory>
-#include <SocketConnection.h>
-#include <dpl/log/log.h>
-
-namespace RPC {
-
-namespace AceServiceCallbacks {
-
- // IN string subject
- // IN string resource
- // IN vector<string> function param names
- // IN vector<string> function param values
- // OUT int allow, deny, popup type
- void checkAccess(SocketConnection * connector);
-
- // IN string subject
- // IN string resource
- // OUT int allow, deny, popup type
- void checkAccessInstall(SocketConnection * connector);
-
- // Policy update trigger
- void updatePolicy(SocketConnection * connector);
-
-};
-
-} //namespace RPC
-
-#endif /* ACE_SERVICE_CALLBACKS_H_ */
+++ /dev/null
-/*
- * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file ace_service_callbacks_api.h
- * @author Zofia Abramowska (z.abramowska@samsung.com)
- * @version 1.0
- * @brief Header with api of implemented Ace Service callbacks
- */
-#ifndef ACE_SERVICE_CALLBACKS_API_H_
-#define ACE_SERVICE_CALLBACKS_API_H_
-
-#include <string>
-#include <utility>
-#include "ace_server_api.h"
-#include "ace_service_callbacks.h"
-#include "callback_api.h"
-
-namespace WrtSecurity{
-namespace AceServiceCallbacksApi{
-
-inline const std::pair<std::string, socketServerCallback> CHECK_ACCESS_METHOD_CALLBACK() {
- return std::make_pair(WrtSecurity::AceServerApi::CHECK_ACCESS_METHOD(),
- RPC::AceServiceCallbacks::checkAccess);
-}
-
-inline const std::pair<std::string, socketServerCallback> CHECK_ACCESS_INSTALL_METHOD_CALLBACK() {
- return std::make_pair(WrtSecurity::AceServerApi::CHECK_ACCESS_INSTALL_METHOD(),
- RPC::AceServiceCallbacks::checkAccessInstall);
-}
-
-inline const std::pair<std::string, socketServerCallback> UPDATE_POLICY_METHOD_CALLBACK() {
- return std::make_pair(WrtSecurity::AceServerApi::UPDATE_POLICY_METHOD(),
- RPC::AceServiceCallbacks::updatePolicy);
-}
-
-} // namespace AceServiceCallbacksApi
-} // namespace WrtSecurity
-
-
-#endif // ACE_SERVICE_CALLBACKS_API_H_
+++ /dev/null
-/*
- * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file popup_service_callbacks.cpp
- * @author Lukasz Wrzosek (l.wrzosek@samsung.com)
- * @version 1.0
- * @brief Implementation of Security Caller Thread singleton
- */
-
-#include <security_caller.h>
-#include <dpl/singleton_impl.h>
-
-IMPLEMENT_SINGLETON(SecurityCallerThread)
+++ /dev/null
-/*
- * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file popup_service_callbacks.cpp
- * @author Lukasz Wrzosek (l.wrzosek@samsung.com)
- * @version 1.0
- * @brief Header of Security Caller class used by services socket callbacks
- */
-
-#ifndef SECURITY_CALLER_H__
-#define SECURITY_CALLER_H__
-
-#include <dpl/thread.h>
-#include <dpl/assert.h>
-#include <dpl/singleton.h>
-
-#include <security_controller.h>
-
-#include <pthread.h>
-
-class IEventHolder
-{
- public:
- virtual void FinalizeSending() = 0;
- virtual ~IEventHolder() {};
-};
-
-template<class EventType>
-class EventHolderImpl : public IEventHolder
-{
- EventType event;
-
- public:
- EventHolderImpl(const EventType& e) : event(e) {}
- virtual void FinalizeSending()
- {
- LogDebug("sending real sync event");
- CONTROLLER_POST_SYNC_EVENT(SecurityController, event);
- }
-};
-
-/*
- * Because Security Controller is a DPL::Controler class, its events
- * can be send only from a DPL managed thread. SecurityCallerTread class
- * has been implemented as a workaround of that constraint.
- * This class is a DPL managed thread that waits for requests
- * from non DPL managed threads and when receives one it posts event
- * to the Security Controler in charge of the calling thread.
- */
-
-
-class SecurityCallerThread : public DPL::Thread
-{
- private:
- pthread_mutex_t m_mutex2;
- pthread_mutex_t m_mutex;
- pthread_cond_t m_cond;
- pthread_cond_t m_cond2;
- bool m_continue;
- bool m_finished;
- IEventHolder* m_eventHolder;
- pthread_mutex_t m_syncMutex;
-
-
- SecurityCallerThread() :
- Thread(),
- m_mutex2(PTHREAD_MUTEX_INITIALIZER),
- m_mutex(PTHREAD_MUTEX_INITIALIZER),
- m_cond(PTHREAD_COND_INITIALIZER),
- m_cond2(PTHREAD_COND_INITIALIZER),
- m_continue(true),
- m_finished(false),
- m_eventHolder(NULL),
- m_syncMutex(PTHREAD_MUTEX_INITIALIZER)
- {
- LogDebug("constructor");
- }
-
- virtual ~SecurityCallerThread()
- {
- pthread_mutex_unlock(&m_syncMutex);
- pthread_cond_destroy(&m_cond);
- pthread_cond_destroy(&m_cond2);
- pthread_mutex_destroy(&m_mutex2);
- pthread_mutex_destroy(&m_mutex);
- pthread_mutex_destroy(&m_syncMutex);
- }
-
- protected:
- /* main routine of the SecurityCallerThread */
- virtual int ThreadEntry()
- {
- LogDebug("SecurityCallerThread start");
- pthread_mutex_lock(&m_mutex); // lock shared data
-
- while (m_continue) // main loop
- {
- if (m_eventHolder) // if m_eventHolder is set, the request has been received
- {
- m_eventHolder->FinalizeSending(); // send actual event in charge of calling thread
- delete m_eventHolder;
- m_eventHolder = NULL;
- LogDebug("setting finished state");
- pthread_mutex_lock(&m_syncMutex); // lock m_finished
- m_finished = true;
- pthread_mutex_unlock(&m_syncMutex); // unlock m_finished
- LogDebug("finished");
- pthread_cond_signal(&m_cond2); // signal a calling thread that event has been posted.
- }
- LogDebug("waiting for event");
- // atomically:
- // unlock m_mutex, wait on m_cond until signal received, lock m_mutex
- pthread_cond_wait(&m_cond, &m_mutex);
- LogDebug("found an event");
- }
-
- pthread_mutex_unlock(&m_mutex);
-
- return 0;
- }
-
- public:
- void Quit()
- {
- LogDebug("Quit called");
- pthread_mutex_lock(&m_mutex); // lock shared data
- m_continue = false; // main loop condition set to false
- pthread_mutex_unlock(&m_mutex); // unlock shard data
- pthread_cond_signal(&m_cond);
- }
-
- template <class EventType>
- void SendSyncEvent(const EventType& event)
- {
- // prevent SendSyncEvent being called by multiple threads at the same time.
- pthread_mutex_lock(&m_mutex2);
- LogDebug("sending sync event");
- bool correct_thread = false;
- Try {
- LogDebug("Checking if this is unmanaged thread");
- DPL::Thread::GetCurrentThread();
- } Catch (DPL::Thread::Exception::UnmanagedThread) {
- correct_thread = true;
- }
- Assert(correct_thread &&
- "This method may not be called from DPL managed thread or main thread");
- LogDebug("putting an event to be posted");
- pthread_mutex_lock(&m_mutex); // lock shared data
- Assert(m_eventHolder == NULL && "Whooops");
- m_eventHolder = new EventHolderImpl<EventType>(event); // put an event to be posted
- pthread_mutex_unlock(&m_mutex); // unlock shared data
- LogDebug("Signal caller thread that new event has been created");
- pthread_cond_signal(&m_cond); // signal SecurityCallerThread to wake up because new
- // event is waiting to be posted
-
- LogDebug("waiting untill send completes");
- pthread_mutex_lock(&m_syncMutex); /* wait until send completes */
- while (!m_finished)
- {
- pthread_cond_wait(&m_cond2, &m_syncMutex); // wait until event is posted
- }
- LogDebug("done");
- m_finished = false;
- pthread_mutex_unlock(&m_syncMutex);
- pthread_mutex_unlock(&m_mutex2);
- }
-
- private:
- friend class DPL::Singleton<SecurityCallerThread>;
-};
-
-typedef DPL::Singleton<SecurityCallerThread> SecurityCallerSingleton;
-
-
-
-#endif //SECURITY_CALLER_H__
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file ocsp_server_api.h
- * @author
- * @version 1.0
- * @brief This file contains definitions OCSP server interface & methods specifically needed by DBus.
- */
-#ifndef WRT_SRC_RPC_SECURITY_DAEMON_OCSP_SERVER_DBUS_API_H_
-#define WRT_SRC_RPC_SECURITY_DAEMON_OCSP_SERVER_DBUS_API_H_
-
-#include "ocsp_server_api.h"
-#include<string>
-
-namespace WrtSecurity{
-namespace OcspServerApi{
-
-
-// RPC test function
-// IN std::string
-// OUT std::string
-inline const std::string ECHO_METHOD()
-{
- return "echo";
-}
-
-
-
-}
-};
-
-#endif // WRT_SRC_RPC_SECURITY_DAEMON_OCSP_SERVER_DBUS_API_H_
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file ocsp_service_dbus_interface.cpp
- * @author Piotr Marcinkiewicz (p.marcinkiew@samsung.com)
- * @version 1.0
- * @brief Implementation of OCSP server API.
- */
-#include "ocsp_server_dbus_interface.h"
-
-namespace RPC {
-
-using namespace WrtSecurity;
-
-OcspServerDBusInterface::OcspServerDBusInterface():
- DPL::DBus::InterfaceDispatcher(OcspServerApi::INTERFACE_NAME())
-{
- setXmlSignature("<node>"
- " <interface name='" + OcspServerApi::INTERFACE_NAME() + "'>"
- " <method name='" + OcspServerApi::ECHO_METHOD() + "'>"
- " <arg type='s' name='input' direction='in'/>"
- " <arg type='s' name='output' direction='out'/>"
- " </method>"
- " <method name='" + OcspServerApi::CHECK_ACCESS_METHOD() + "'>"
- " <arg type='i' name='input' direction='in'/>"
- " <arg type='i' name='output' direction='out'/>"
- " </method>"
- " </interface>"
- "</node>");
-}
-
-
-void OcspServerDBusInterface::onMethodCall(
- const gchar* argMethodName,
- GVariant* argParameters,
- GDBusMethodInvocation* argInvocation)
-{
- if (OcspServerApi::ECHO_METHOD() == argMethodName){
- // TODO: Deserialization should use
- // DBus::SErverDeserialization::deserialize()
- const gchar* arg = NULL;
- g_variant_get(argParameters, "(&s)", &arg);
- // TODO: Serialization should use
- // DBus::SErverDeserialization::serialize()
- gchar* response = g_strdup_printf(arg);
- g_dbus_method_invocation_return_value(argInvocation,
- g_variant_new ("(s)", response));
- g_free (response);
- } else if (OcspServerApi::CHECK_ACCESS_METHOD() == argMethodName) {
- gint32 value;
- g_variant_get(argParameters, "(i)", &value);
-
- // TODO: this is making OCSP service a stub! this HAS to be moved
- // with proper implementation to cert-svc daemon
- gint32 response = 0; // Certificates are valid for now
-
- GVariant* varResponse = g_variant_new ("(i)", response);
- //This function will unref invocation and it will be freed
- LogDebug("OCSP dbus interface tries to send result");
- g_dbus_method_invocation_return_value(argInvocation, varResponse);
- }
-}
-
-} // namespace RPC
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file ocsp_service_dbus_interface.h
- * @author Piotr Marcinkiewicz (p.marcinkiew@samsung.com)
- * @version 1.0
- * @brief Class that handles OCSP server API.
- */
-#ifndef WRT_SRC_RPC_SECURITY_DAEMON_OCSP_SERVER_DBUS_INTERFACE_H_
-#define WRT_SRC_RPC_SECURITY_DAEMON_OCSP_SERVER_DBUS_INTERFACE_H_
-
-#include <list>
-#include <dpl/dbus/dbus_interface_dispatcher.h>
-#include "api/ocsp_server_dbus_api.h"
-
-namespace RPC {
-
-class OcspServerDBusInterface :
- public DPL::DBus::InterfaceDispatcher
-{
- public:
- OcspServerDBusInterface();
-
- virtual ~OcspServerDBusInterface()
- {}
-
- virtual void onMethodCall(const gchar* method_name,
- GVariant* parameters,
- GDBusMethodInvocation* invocation);
-};
-
-} // namespace RPC
-
-#endif // WRT_SRC_RPC_SECURITY_DAEMON_OCSP_SERVER_DBUS_INTERFACE_H_
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file ocsp_server_api.h
- * @author
- * @version 1.0
- * @brief This file contains definitions OCSP server interface & methods.
- */
-#ifndef WRT_SRC_RPC_SECURITY_DAEMON_OCSP_SERVER_API_H_
-#define WRT_SRC_RPC_SECURITY_DAEMON_OCSP_SERVER_API_H_
-
-#include "ocsp_server_api.h"
-#include<string>
-
-namespace WrtSecurity{
-namespace OcspServerApi{
-
-// DBus interface name
-inline const std::string INTERFACE_NAME()
-{
- return "org.tizen.OcspCheck";
-}
-
-// Function checks WidgetStatus for installed widget.
-// https://106.116.37.24/wiki/WebRuntime/Security/Widget_Signatures
-// IN WidgetHandle Widget ID in Database
-// OUT WidgetStatus GOOD/REVOKED
-inline const std::string CHECK_ACCESS_METHOD()
-{
- return "OcspCheck";
-}
-
-}
-};
-
-#endif // WRT_SRC_RPC_SECURITY_DAEMON_OCSP_SERVER_API_H_
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/**
- * @file ocsp_service.cpp
- * @author Piotr Marcinkiewicz (p.marcinkiew@samsung.com)
- * @version 1.0
- * @brief This is implementation file of Ocsp service
- */
-
-#include "security_daemon.h"
-
-namespace OcspService {
-
-class OcspService : public SecurityDaemon::DaemonService
-{
- private:
- virtual void initialize()
- {
- }
-
- virtual void start()
- {
- }
-
- virtual void stop()
- {
- }
-
- virtual void deinitialize()
- {
- }
-
-};
-
-DAEMON_REGISTER_SERVICE_MODULE(OcspService)
-
-}//namespace OcspService
-
+++ /dev/null
-/*
- * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file ocsp_service_callbacks_api.h
- * @author Zofia Abramowska (z.abramowska@samsung.com)
- * @version 1.0
- * @brief Header with api of implemented Ocsp Service callbacks
- */
-
-#ifndef OCSP_SERVICE_CALLBACKS_API_H_
-#define OCSP_SERVICE_CALLBACKS_API_H_
-
-#include <string>
-#include <utility>
-#include "SocketConnection.h"
-#include "ocsp_server_api.h"
-#include "ocsp_service_callbacks.h"
-#include "callback_api.h"
-
-namespace WrtSecurity{
-namespace OcspServiceCallbacksApi{
-
-inline const std::pair<std::string, socketServerCallback> CHECK_ACCESS_METHOD_CALLBACK(){
- return std::make_pair(WrtSecurity::OcspServerApi::CHECK_ACCESS_METHOD(),
- RPC::OcspServiceCallbacks::checkAccess);
-}
-
-} // namespace OcspServiceCallbacksApi
-} // namespace WrtSecurity
-
-#endif // OCSP_SERVICE_CALLBACKS_API_H_
+++ /dev/null
-/*
- * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file ocsp_service_callbacks.cpp
- * @author Zofia Abramowska (z.abramowska@samsung.com)
- * @version 1.0
- * @brief Implementation of Ocsp Service callbacks
- */
-
-#include "ocsp_service_callbacks.h"
-#include <callback_api.h>
-
-namespace RPC {
-
-void OcspServiceCallbacks::checkAccess(SocketConnection * connector){
- int response = 0;
- Try {
- connector->write(response);
- } Catch (SocketConnection::Exception::SocketConnectionException){
- LogError("Socket Connection write error");
- ReThrowMsg(ServiceCallbackApi::Exception::ServiceCallbackException,
- "Socket Connection write error");
- }
-}
-
-} // namespace RPC
+++ /dev/null
-/*
- * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file ocsp_service_callbacks.h
- * @author Zofia Abramowska (z.abramowska@samsung.com)
- * @version 1.0
- * @brief Header of Ocsp Service callbacks class
- */
-
-#ifndef OCSP_SERVICE_CALLBACKS_H_
-#define OCSP_SERVICE_CALLBACKS_H_
-
-#include <SocketConnection.h>
-
-namespace RPC {
-
-namespace OcspServiceCallbacks {
- void checkAccess(SocketConnection * connector);
-};
-
-} // namespace RPC
-#endif /* OCSP_SERVICE_CALLBACKS_H_ */
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/**
- * @file popup_response_dispatcher.cpp
- * @author Zbigniew Kostrzewa (z.kostrzewa@samsung.com)
- * @version 1.0
- * @brief
- */
-
-#include "popup_response_dbus_interface.h"
-#include <vector>
-#include <string>
-#include <dpl/dbus/dbus_server_deserialization.h>
-#include <dpl/dbus/dbus_server_serialization.h>
-#include <ace/Request.h>
-#include <ace-dao-ro/PromptModel.h>
-#include "popup_ace_data_types.h"
-//#include "access-control/engine/PromptModel.h"
-#include "attribute_facade.h"
-//#include "Request.h"
-#include "security_controller.h"
-
-namespace RPC
-{
-
-void PopupResponseDBusInterface::onMethodCall(const gchar* methodName,
- GVariant* parameters,
- GDBusMethodInvocation* invocation)
-{
- using namespace WrtSecurity;
-#if 1
- if (0 == g_strcmp0(methodName,
- PopupServerApi::VALIDATION_METHOD().c_str()))
- {
- // popup answer data
- bool allowed = false;
- int serializedValidity = 0;
-
- // ACE data
- AceUserdata acedata;
-
- if (!DPL::DBus::ServerDeserialization::deserialize(
- parameters,
- &allowed,
- &serializedValidity,
- &(acedata.handle),
- &(acedata.subject),
- &(acedata.resource),
- &(acedata.paramKeys),
- &(acedata.paramValues),
- &(acedata.sessionId)))
- {
- g_dbus_method_invocation_return_dbus_error(
- invocation,
- "org.tizen.PopupResponse.UnknownError",
- "Error in deserializing input parameters");
- return;
- }
-
- if (acedata.paramKeys.size() != acedata.paramValues.size()) {
- g_dbus_method_invocation_return_dbus_error(
- invocation,
- "org.tizen.PopupResponse.UnknownError",
- "Varying sizes of parameter names and parameter values");
- return;
- }
-
- FunctionParamImpl params;
- for (size_t i = 0; i < acedata.paramKeys.size(); ++i) {
- params.addAttribute(acedata.paramKeys[i], acedata.paramValues[i]);
- }
- Request request(acedata.handle,
- WidgetExecutionPhase_Invoke,
- ¶ms);
- request.addDeviceCapability(acedata.resource);
-
- Prompt::Validity validity = static_cast<Prompt::Validity>(serializedValidity);
-
- bool response = false;
- SecurityControllerEvents::ValidatePopupResponseEvent ev(
- &request,
- allowed,
- validity,
- acedata.sessionId,
- &response);
- CONTROLLER_POST_SYNC_EVENT(SecurityController, ev);
-
- g_dbus_method_invocation_return_value(
- invocation,
- DPL::DBus::ServerSerialization::serialize(response));
- }
-#endif
-}
-
-}
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/**
- * @file popup_response_dbus_interface.h
- * @author Zbigniew Kostrzewa (z.kostrzewa@samsung.com)
- * @author Tomasz Swierczek (t.swierczek@samsung.com)
- * @version 1.0
- * @brief
- */
-
-#ifndef WRT_SRC_RPC_DAEMON_POPUP_RESPONSE_DBUS_INTERFACE_H
-#define WRT_SRC_RPC_DAEMON_POPUP_RESPONSE_DBUS_INTERFACE_H
-
-#include <dpl/dbus/dbus_interface_dispatcher.h>
-#include "popup_response_server_api.h"
-
-namespace RPC {
-
-class PopupResponseDBusInterface : public DPL::DBus::InterfaceDispatcher
-{
-public:
- PopupResponseDBusInterface():
- DPL::DBus::InterfaceDispatcher(
- WrtSecurity::PopupServerApi::INTERFACE_NAME())
- {
- using namespace WrtSecurity;
-
- setXmlSignature("<node>"
- " <interface name='" +
- PopupServerApi::INTERFACE_NAME() + "'>"
- " <method name='" +
- PopupServerApi::VALIDATION_METHOD() + "'>"
- // popup answer data
- " <arg type='b' name='allowed' direction='in'/>"
- " <arg type='i' name='valid' direction='in'/>"
- // this is copied from ace_server_dbus_interface
- " <arg type='i' name='handle' direction='in'/>"
- " <arg type='s' name='subject' direction='in'/>"
- " <arg type='s' name='resource' direction='in'/>"
- " <arg type='as' name='parameter names' direction='in'/>"
- " <arg type='as' name='parameter values' direction='in'/>"
- " <arg type='s' name='sessionId' direction='in'/>"
- " <arg type='b' name='response' direction='out'/>"
- " </method>"
- " </interface>"
- "</node>");
-
- }
-
- virtual ~PopupResponseDBusInterface()
- {}
-
- virtual void onMethodCall(const gchar* methodName,
- GVariant* parameters,
- GDBusMethodInvocation* invocation);
-};
-
-}
-
-#endif // WRT_SRC_RPC_DAEMON_POPUP_RESPONSE_DBUS_INTERFACE_H
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file popup_ace_data_types.h
- * @author Pawel Sikorski (p.sikorski@samsung.com)
- * @version 1.0
- * @brief
- */
-
-#ifndef POPUP_ACE_DATA_TYPES_H_
-#define POPUP_ACE_DATA_TYPES_H_
-
-#include <vector>
-#include <string>
-
-// additional data needed by PolicyEvaluaor to recognize Popup Response
-struct AceUserdata
-{
- //TODO INVALID_WIDGET_HANDLE is defined in wrt_plugin_export.h.
- // I do not want to include that file here...
- AceUserdata(): handle(-1) {}
-
- int handle;
- std::string subject;
- std::string resource;
- std::vector<std::string> paramKeys;
- std::vector<std::string> paramValues;
- std::string sessionId;
-};
-
-typedef bool SecurityStatus;
-
-#endif /* POPUP_ACE_DATA_TYPES_H_ */
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/**
- * @file popup_response_server_api.h
- * @author Zbigniew Kostrzewa (z.kostrzewa@samsung.com)
- * @version 1.0
- * @brief
- */
-
-#ifndef WRT_SRC_RPC_SECURITY_DAEMON_API_POPUP_RESPONSE_SERVER_API_H
-#define WRT_SRC_RPC_SECURITY_DAEMON_API_POPUP_RESPONSE_SERVER_API_H
-
-#include <string>
-
-namespace WrtSecurity{
-namespace PopupServerApi{
-
-inline const std::string INTERFACE_NAME()
-{
- return "org.tizen.PopupResponse";
-}
-
-inline const std::string VALIDATION_METHOD()
-{
- return "validate";
-}
-
-}
-}
-
-#endif // WRT_SRC_RPC_SECURITY_DAEMON_API_POPUP_RESPONSE_SERVER_API_H
-
+++ /dev/null
-/*
- * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file popup_service_callbacks_api.h
- * @author Zofia Abramowska (z.abramowska@samsung.com)
- * @version 1.0
- * @brief Header with api of Popup Service callbacks
- */
-
-#ifndef POPUP_SERVICE_CALLBACKS_API_H_
-#define POPUP_SERVICE_CALLBACKS_API_H_
-
-#include <string>
-#include <utility>
-#include "SocketConnection.h"
-#include "popup_response_server_api.h"
-#include "popup_service_callbacks.h"
-#include <callback_api.h>
-
-namespace WrtSecurity{
-namespace PopupServiceCallbacksApi{
-
-inline std::pair<std::string, socketServerCallback> VALIDATION_METHOD_CALLBACK(){
- return std::make_pair(WrtSecurity::PopupServerApi::VALIDATION_METHOD(), RPC::PopupServiceCallbacks::validate);
-}
-
-} // namespace PopupServiceCallbacksApi
-} // namespace WrtSecurity
-
-#endif /* POPUP_SERVICE_CALLBACKS_API_H_ */
+++ /dev/null
-/*
- * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file popup_service_callbacks.cpp
- * @author Zofia Abramowska (z.abramowska@samsung.com)
- * @version 1.0
- * @brief Implementation of Popup Service callbacks
- */
-
-#include "popup_service_callbacks.h"
-#include <callback_api.h>
-#include <ace/Request.h>
-#include <ace-dao-ro/PromptModel.h>
-#include <dpl/log/log.h>
-#include "attribute_facade.h"
-#include "popup_ace_data_types.h"
-#include "security_controller.h"
-#include <security_caller.h>
-
-namespace RPC {
-
-void PopupServiceCallbacks::validate(SocketConnection * connector){
-
- bool allowed = false;
- int serializedValidity = 0;
-
- AceUserdata acedata;
-
- Try {
- connector->read(&allowed,
- &serializedValidity,
- &(acedata.handle),
- &(acedata.subject),
- &(acedata.resource),
- &(acedata.paramKeys),
- &(acedata.paramValues),
- &(acedata.sessionId));
- } Catch (SocketConnection::Exception::SocketConnectionException){
- LogError("Socket connection read error");
- ReThrowMsg(ServiceCallbackApi::Exception::ServiceCallbackException,
- "Socket connection read error");
- }
-
- if (acedata.paramKeys.size() != acedata.paramValues.size()) {
- ThrowMsg(ServiceCallbackApi::Exception::ServiceCallbackException,
- "Varying sizes of parameter names vector and parameter values vector");
- }
- FunctionParamImpl params;
- for (size_t i = 0; i < acedata.paramKeys.size(); ++i) {
- params.addAttribute(acedata.paramKeys[i], acedata.paramValues[i]);
- }
- Request request(acedata.handle,
- WidgetExecutionPhase_Invoke,
- ¶ms);
- request.addDeviceCapability(acedata.resource);
-
- Prompt::Validity validity = static_cast<Prompt::Validity>(serializedValidity);
-
- bool response = false;
- SecurityControllerEvents::ValidatePopupResponseEvent ev(
- &request,
- allowed,
- validity,
- acedata.sessionId,
- &response);
- SecurityCallerSingleton::Instance().SendSyncEvent(ev);
-
- Try {
- connector->write(response);
- } Catch (SocketConnection::Exception::SocketConnectionException){
- LogError("Socket connection write error");
- ReThrowMsg(ServiceCallbackApi::Exception::ServiceCallbackException,
- "Socket connection write error");
- }
-}
-
-} // namespace RPC
+++ /dev/null
-/*
- * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file popup_service_callbacks.h
- * @author Zofia Abramowska (z.abramowska@samsung.com)
- * @version 1.0
- * @brief Header of Popup Service callbacks
- */
-
-#ifndef POPUP_SERVICE_CALLBACKS_H_
-#define POPUP_SERVICE_CALLBACKS_H_
-
-#include <memory>
-#include <SocketConnection.h>
-
-namespace RPC {
-
-namespace PopupServiceCallbacks {
- void validate(SocketConnection * connector);
-};
-
-} // namespace RPC
-#endif /* POPUP_SERVICE_CALLBACKS_H_ */
{
unsigned char cookie[SECURITY_SERVER_COOKIE_LEN];
int ret;
+ int privileges[] = { 0 }; //only one privilege to check - root
cookie_list *result = NULL;
ret = read(sockfd, cookie, SECURITY_SERVER_COOKIE_LEN);
SEC_SVR_DBG("Received cookie size is too small: %d", ret);
return SECURITY_SERVER_ERROR_RECV_FAILED;
}
- result = search_cookie(list, cookie, 0);
+ result = search_cookie(list, cookie, privileges, 1);
if(result == NULL)
{
ret = send_generic_response(sockfd, SECURITY_SERVER_MSG_TYPE_GET_COOKIEINFO_RESPONSE,
+++ /dev/null
-ADD_SUBDIRECTORY(src)
\ No newline at end of file
+++ /dev/null
-/*
- * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file wrt_oscp_api.h
- * @author Zofia Abramowska (z.abramowska@samsung.com)
- * @version 1.0
- * @brief This is C api for WRT OCSP
- */
-#ifndef WRT_OCSP_API_H
-#define WRT_OCSP_API_H
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-typedef enum{
- WRT_OCSP_OK,
- WRT_OCSP_INVALID_ARGUMENTS,
- WRT_OCSP_INTERNAL_ERROR
-}wrt_ocsp_return_t;
-
-typedef int wrt_ocsp_widget_handle_t;
-typedef enum {
- //The certificate has not been revoked.
- WRT_OCSP_WIDGET_VERIFICATION_STATUS_GOOD,
-
- //The certificate has been revoked.
- WRT_OCSP_WIDGET_VERIFICATION_STATUS_REVOKED
-
-
-}wrt_ocsp_widget_verification_status_t;
-
-//-------------Initialization and shutdown-------------------
-/*
- * Establishes connection to security server. Must be called only once.
- * Returns WRT_OCSP_OK or error
- */
-wrt_ocsp_return_t wrt_ocsp_initialize(void);
-
-/*
- * Deinitializes internal structures. Must be called only once.
- * Returns WRT_OCSP_OK or error
- */
-
-wrt_ocsp_return_t wrt_ocsp_shutdown(void);
-
-//-------------Widget verification------------------------------
-/*
- * Requests verification for widget identified with 'handle'.
- * 'status holds server response.
- * Returns WRT_OCSP_OK or error
- */
-
-wrt_ocsp_return_t wrt_ocsp_verify_widget(wrt_ocsp_widget_handle_t handle,
- wrt_ocsp_widget_verification_status_t* status);
-
-
-#ifdef __cplusplus
-}
-#endif
-#endif //WRT_OCSP_API_H
+++ /dev/null
-include(FindPkgConfig)
-
-PKG_CHECK_MODULES(WRT_OCSP_DEPS
- dpl-efl
- dpl-dbus-efl
- REQUIRED
- )
-
-SET(WRT_OCSP_DIR
- ${PROJECT_SOURCE_DIR}/wrt_ocsp
- )
-
-SET(WRT_OCSP_SRC_DIR
- ${WRT_OCSP_DIR}/src
- )
-
-SET(WRT_OCSP_INCLUDE_DIR
- ${WRT_OCSP_DIR}/include
- )
-
-SET(WRT_OCSP_SOURCES
- ${COMMUNICATION_CLIENT_SOURCES}
- ${WRT_OCSP_SRC_DIR}/wrt_ocsp_api.cpp
- )
-
-SET(WRT_OCSP_INCLUDES
- ${WRT_OCSP_DEPS_INCLUDE_DIRS}
- ${WRT_OCSP_INCLUDE_DIR}
- ${COMMUNICATION_CLIENT_INCLUDES}
- ${PROJECT_SOURCE_DIR}/src/services/ocsp
- ${PROJECT_SOURCE_DIR}/src/services/ocsp/dbus/api
- ${PROJECT_SOURCE_DIR}/src/daemon/dbus
- )
-
-ADD_DEFINITIONS(${WRT_OCSP_DEPS_CFLAGS})
-ADD_DEFINITIONS(${WRT__CFLAGS_OTHER})
-
-INCLUDE_DIRECTORIES(${WRT_OCSP_INCLUDES})
-
-ADD_LIBRARY(${TARGET_WRT_OCSP_LIB} SHARED ${WRT_OCSP_SOURCES})
-
-SET_TARGET_PROPERTIES(${TARGET_WRT_OCSP_LIB} PROPERTIES
- SOVERSION ${API_VERSION}
- VERSION ${VERSION})
-
-SET_TARGET_PROPERTIES(${TARGET_WRT_OCSP_LIB} PROPERTIES
- COMPILE_FLAGS -fPIC)
-
-TARGET_LINK_LIBRARIES(${TARGET_WRT_OCSP_LIB}
- ${WRT_OCSP_DEPS_LIBRARIES}
- ${WRT_OCSP_DEPS_LDFLAGS}
- )
-
-INSTALL(TARGETS ${TARGET_WRT_OCSP_LIB}
- DESTINATION lib)
-
-INSTALL(FILES
- ${WRT_OCSP_INCLUDE_DIR}/wrt_ocsp_api.h
- DESTINATION include/wrt-ocsp
- )
+++ /dev/null
-/*
- * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/**
- * @file wrt_ocsp_api.cpp
- * @author Zofia Abramowska (z.abramowska@samsung.com)
- * @version 1.0
- * @brief This file contains implementation of WRT OCSP api
- */
-
-#include <dpl/log/log.h>
-#include <dpl/dbus/dbus_client.h>
-#include "ocsp_server_api.h"
-#include "SecurityCommunicationClient.h"
-
-#include "wrt_ocsp_api.h"
-
-static WrtSecurity::Communication::Client *communicationClient = NULL;
-
-wrt_ocsp_return_t wrt_ocsp_initialize(void){
- if (NULL != communicationClient) {
- LogError("wrt_ocsp_api already initialized");
- return WRT_OCSP_INTERNAL_ERROR;
- }
-
- Try {
- communicationClient = new WrtSecurity::Communication::Client(WrtSecurity::OcspServerApi::INTERFACE_NAME());
- } Catch (WrtSecurity::Communication::Client::Exception::SecurityCommunicationClientException) {
- LogError("Can't connect to daemon");
- return WRT_OCSP_INTERNAL_ERROR;
- }
- LogInfo("Initialized");
- return WRT_OCSP_OK;
-}
-
-wrt_ocsp_return_t wrt_ocsp_shutdown(void){
- if (NULL == communicationClient) {
- LogError("wrt_ocsp_api not initialized");
- return WRT_OCSP_INTERNAL_ERROR;
- }
- delete communicationClient;
- communicationClient = NULL;
- LogInfo("Shutdown");
- return WRT_OCSP_OK;
-}
-
-wrt_ocsp_return_t wrt_ocsp_verify_widget(wrt_ocsp_widget_handle_t handle,
- wrt_ocsp_widget_verification_status_t* status){
-
- LogInfo("Verifying");
- if (NULL == status) {
- LogError("Invalid arguments");
- return WRT_OCSP_INVALID_ARGUMENTS;
- }
- int intResponse;
-
- Try {
- communicationClient->call(WrtSecurity::OcspServerApi::CHECK_ACCESS_METHOD(),
- handle,
- &intResponse);
- } Catch (WrtSecurity::Communication::Client::Exception::SecurityCommunicationClientException) {
- LogError("Problem with connection to daemon");
- return WRT_OCSP_INTERNAL_ERROR;
- }
- (*status) = static_cast<wrt_ocsp_widget_verification_status_t>(intResponse);
- LogInfo("Widget verified with response " << intResponse);
- return WRT_OCSP_OK;
-}