2 * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
19 // @ Project : Access Control Engine
20 // @ File Name : PolicyEvaluator.h
21 // @ Date : 2009-05-06
26 #ifndef _POLICY_EVALUATOR_H
27 #define _POLICY_EVALUATOR_H
33 #include <dpl/event/event_listener.h>
34 #include <dpl/log/log.h>
35 #include <dpl/noncopyable.h>
37 #include <dpl/ace/AsyncVerdictResultListener.h>
38 #include <dpl/ace/Attribute.h>
39 #include <dpl/ace/ConfigurationManager.h>
40 #include <dpl/ace/Constants.h>
41 #include <dpl/ace/Effect.h>
42 #include <dpl/ace/Policy.h>
43 #include <dpl/ace/PolicyInformationPoint.h>
44 #include <dpl/ace/PolicyResult.h>
45 #include <dpl/ace/Request.h>
46 #include <dpl/ace/Subject.h>
47 #include <dpl/ace/Verdict.h>
48 #include <dpl/ace/UserDecision.h>
49 #include <dpl/ace/CombinerImpl.h>
52 class PolicyEvaluator : DPL::Noncopyable
57 * Internal method used to initiate policy evaluation. Called after attribute set has been fetched
59 * @param root root of the policies tree to be evaluated
61 virtual Effect evaluatePolicies(const TreeNode * root);
65 POLICY_PARSING_SUCCESS = 0,
66 POLICY_FILE_ERROR = 1,
67 PARSER_CREATION_ERROR,
71 AttributeSet m_attributeSet;
74 Combiner * m_combiner;
75 AsyncVerdictResultListener * m_verdictListener;
76 PolicyInformationPoint * m_pip;
77 // Required by unittests.
78 std::string m_currentPolicyFile;
81 * Method used to extract attributes from subtree defined by PolicySet
82 * @param root original TreeStructure root node
83 * @param newRoot copy of TreeStructure containing only policies that matches current request
86 void extractAttributesFromSubtree(const TreeNode *root);
89 * Method used to extract attributes from Tree Structure
90 * @return pointer to set of attributes needed to evaluate current request
91 * @return if extraction has been successful
92 * TODO return reducte tree structure
93 * TODO change comments
95 bool extractAttributesFromRules(const TreeNode *);
98 * Extracts attributes from target of a given policy that are required to be fetched by PIP
100 void extractTargetAttributes(const Policy *policy);
101 bool extractAttributes();
103 OptionalPolicyResult getPolicyForRequestInternal(bool fromCacheOnly);
104 PolicyResult effectToPolicyResult(Effect effect);
106 PolicyEvaluator(PolicyInformationPoint * pip) :
108 m_combiner(new CombinerImpl()),
109 m_verdictListener(NULL),
114 bool extractAttributesTest()
116 m_attributeSet.clear();
117 if (!extractAttributes()) {
118 LogInfo("Warnign attribute set cannot be extracted. Returning Deny");
122 return extractAttributes();
125 AttributeSet * getAttributeSet()
127 return &m_attributeSet;
130 virtual bool initPDP();
131 virtual ~PolicyEvaluator();
132 virtual PolicyResult getPolicyForRequest(const Request &request);
133 virtual OptionalPolicyResult getPolicyForRequestFromCache(
134 const Request &request);
135 virtual OptionalPolicyResult getPolicyForRequest(const Request &request,
137 bool fillAttributeWithPolicy();
139 virtual int updatePolicy(const char *);
140 // Required by unittests.
141 // It's used to check environment before each unittest.
142 std::string getCurrentPolicy();
145 #endif //_POLICYEVALUATOR_H