#SET(SMACK_ENABLE ON)
-OPTION(DPL_LOG "DPL logs status" ON)
-IF(DPL_LOG)
- MESSAGE(STATUS "Logging enabled for DPL")
- ADD_DEFINITIONS("-DDPL_LOGS_ENABLED")
-ELSE(DPL_LOG)
- MESSAGE(STATUS "Logging disabled for DPL")
-ENDIF(DPL_LOG)
+#OPTION(DPL_LOG "DPL logs status" ON)
+#IF(DPL_LOG)
+# MESSAGE(STATUS "Logging enabled for DPL")
+# ADD_DEFINITIONS("-DDPL_LOGS_ENABLED")
+#ELSE(DPL_LOG)
+# MESSAGE(STATUS "Logging disabled for DPL")
+#ENDIF(DPL_LOG)
# If supported for the target machine, emit position-independent code,suitable
# for dynamic linking and avoiding any limit on the size of the global offset
#ADD_DEFINITIONS("-Werror") # Make all warnings into errors.
ADD_DEFINITIONS("-Wall") # Generate all warnings
ADD_DEFINITIONS("-Wextra") # Generate even more extra warnings
-ADD_DEFINITIONS("-Wno-variadic-macros") # Inhibit variadic macros warnings (needed for ORM)
-ADD_DEFINITIONS("-Wno-deprecated") # No warnings about deprecated features
-ADD_DEFINITIONS("-std=c++0x") # No warnings about deprecated features
+#ADD_DEFINITIONS("-Wno-variadic-macros") # Inhibit variadic macros warnings (needed for ORM)
+#ADD_DEFINITIONS("-Wno-deprecated") # No warnings about deprecated features
+#ADD_DEFINITIONS("-std=c++0x") # No warnings about deprecated features
-ADD_DEFINITIONS("-DSOCKET_CONNECTION") #defines sockets as used IPC
+#ADD_DEFINITIONS("-DSOCKET_CONNECTION") #defines sockets as used IPC
#ADD_DEFINITIONS("-DDBUS_CONNECTION") #defines DBus as used IPC
STRING(REGEX MATCH "([^.]*)" API_VERSION "${VERSION}")
ADD_DEFINITIONS("-DAPI_VERSION=\"$(API_VERSION)\"")
-IF(SMACK_ENABLE)
- ADD_DEFINITIONS("-DWRT_SMACK_ENABLED")
-ENDIF(SMACK_ENABLE)
-
-############################# Targets names ###################################
-
-SET(TARGET_DAEMON "security-server")
-SET(TARGET_ACE_DAO_RO_LIB "ace-dao-ro")
-SET(TARGET_ACE_DAO_RW_LIB "ace-dao-rw")
-SET(TARGET_ACE_LIB "ace")
-SET(TARGET_ACE_CLIENT_LIB "ace-client")
-SET(TARGET_ACE_SETTINGS_LIB "ace-settings")
-SET(TARGET_ACE_INSTALL_LIB "ace-install")
-SET(TARGET_ACE_POPUP_VALIDATION_LIB "ace-popup-validation")
-SET(TARGET_COMMUNICATION_CLIENT_LIB "communication-client")
-SET(TARGET_WRT_OCSP_LIB "wrt-ocsp")
-SET(TARGET_SEC_SRV_LIB "sec-srv")
-SET(security-server-client "security-server-client")
-
-############################# Communicatin Client #############################
-
-SET(COMMUNICATION_CLIENT_DIR
- ${PROJECT_SOURCE_DIR}/communication_client
- )
-
-SET(COMMUNICATION_CLIENT_SRC_DIR
- ${COMMUNICATION_CLIENT_DIR}/src
- )
-
-SET(COMMUNICATION_CLIENT_INCLUDE_DIR
- ${COMMUNICATION_CLIENT_DIR}/include
- )
-
-SET(COMMUNICATION_CLIENT_SOURCES
- ${COMMUNICATION_CLIENT_SRC_DIR}/SecurityCommunicationClient.cpp
- ${PROJECT_SOURCE_DIR}/socket_connection/client/SecuritySocketClient.cpp
- ${PROJECT_SOURCE_DIR}/socket_connection/connection/SocketConnection.cpp
- ${PROJECT_SOURCE_DIR}/socket_connection/connection/SocketStream.cpp
- )
-
-SET(COMMUNICATION_CLIENT_INCLUDES
- ${COMMUNICATION_CLIENT_DEPS_INCLUDE_DIRS}
- ${COMMUNICATION_CLIENT_INCLUDE_DIR}
- ${PROJECT_SOURCE_DIR}/src/daemon/sockets
- ${PROJECT_SOURCE_DIR}/src/daemon/dbus
- ${PROJECT_SOURCE_DIR}/src/daemon/socket
- ${PROJECT_SOURCE_DIR}/src/daemon/socket/api
- ${PROJECT_SOURCE_DIR}/socket_connection/client
- ${PROJECT_SOURCE_DIR}/socket_connection/connection
- )
-
-############################# subdirectories ##################################
-
-ADD_SUBDIRECTORY(ace)
-ADD_SUBDIRECTORY(ace_client)
-ADD_SUBDIRECTORY(ace_common)
-ADD_SUBDIRECTORY(ace_install)
-ADD_SUBDIRECTORY(ace_settings)
-ADD_SUBDIRECTORY(ace_popup_validation)
-ADD_SUBDIRECTORY(communication_client)
-ADD_SUBDIRECTORY(wrt_ocsp)
+SET(TARGET_SECURITY_SERVER "security-server")
+SET(TARGET_SECURITY_CLIENT "security-server-client")
+
ADD_SUBDIRECTORY(src)
ADD_SUBDIRECTORY(build)
-ADD_SUBDIRECTORY(etc)
-
+++ /dev/null
-# Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-######################################################################
-
-#DB vcore
-PKG_CHECK_MODULES(ACE_DB_DEP
- dpl-efl
- REQUIRED)
-
-#DB ace
-ADD_CUSTOM_COMMAND(
- OUTPUT ${CMAKE_BINARY_DIR}/ace/database_checksum_ace.h
- COMMAND ${CMAKE_SOURCE_DIR}/ace/orm/gen_db_md5.sh
- ARGS ${CMAKE_BINARY_DIR}/ace/database_checksum_ace.h
- ${CMAKE_SOURCE_DIR}/ace/orm/ace_db
- DEPENDS ${CMAKE_SOURCE_DIR}/ace/orm/ace_db
- ${CMAKE_SOURCE_DIR}/ace/orm/gen_db_md5.sh
- COMMENT "Generating ACE database checksum"
- )
-
-STRING(REPLACE ";" ":" DEPENDENCIES "${ACE_DB_DEP_INCLUDE_DIRS}")
-
-ADD_CUSTOM_COMMAND( OUTPUT .ace.db
- COMMAND rm -f ${CMAKE_CURRENT_BINARY_DIR}/.ace.db
- COMMAND CPATH=${DEPENDENCIES} gcc -Wall -include ${CMAKE_BINARY_DIR}/ace/database_checksum_ace.h -I${PROJECT_SOURCE_DIR}/ace/orm -E ${PROJECT_SOURCE_DIR}/ace/orm/ace_db_sql_generator.h | grep --invert-match "^#" > ${CMAKE_CURRENT_BINARY_DIR}/ace_db.sql
- COMMAND sqlite3 ${CMAKE_CURRENT_BINARY_DIR}/.ace.db ".read ${CMAKE_CURRENT_BINARY_DIR}/ace_db.sql" || rm -f ${CMAKE_CURRENT_BINARY_DIR}/.ace.db
- DEPENDS ${CMAKE_BINARY_DIR}/ace/database_checksum_ace.h ${PROJECT_SOURCE_DIR}/ace/orm/ace_db_sql_generator.h ${PROJECT_SOURCE_DIR}/ace/orm/ace_db
- )
-
-ADD_CUSTOM_COMMAND( OUTPUT .ace.db-journal
- COMMAND touch
- ARGS ${CMAKE_CURRENT_BINARY_DIR}/.ace.db-journal
- )
-
-ADD_CUSTOM_TARGET(Sqlite3DbACE ALL DEPENDS .ace.db .ace.db-journal)
-
-INSTALL(FILES ${CMAKE_CURRENT_BINARY_DIR}/ace_db.sql
- DESTINATION share/wrt-engine/
- )
-
-###########################################################
-
-INCLUDE(FindPkgConfig)
-
-SET(ACE_TEST_PATH "/usr/apps/org.tizen.policy")
-
-INSTALL(FILES
- ${CMAKE_CURRENT_SOURCE_DIR}/configuration/bondixml.xsd
- ${CMAKE_CURRENT_SOURCE_DIR}/configuration/UnrestrictedPolicy.xml
- ${CMAKE_CURRENT_SOURCE_DIR}/configuration/WAC2.0Policy.xml
- ${CMAKE_CURRENT_SOURCE_DIR}/configuration/TizenPolicy.xml
- DESTINATION /usr/etc/ace
- PERMISSIONS OWNER_READ OWNER_WRITE GROUP_READ GROUP_WRITE)
-
-SET(ACE_LIB_DEPS_BASIC
- dpl-efl
- dpl-db-efl
- dpl-event-efl
- ecore
- appcore-efl
- openssl
- sqlite3
- dlog
- vconf
- db-util
- libpcrecpp
- icu-uc
- libxml-2.0
- )
-
-IF(SMACK_ENABLED)
- LIST(APPEND ACE_LIB_DEPS_BASIC libprivilege-control)
-ENDIF(SMACK_ENABLED)
-
-PKG_CHECK_MODULES(ACE_LIB_DEPS ${ACE_LIB_DEPS_BASIC} REQUIRED)
-
-SET(WRT_ACE_DIR ${PROJECT_SOURCE_DIR}/ace)
-
-SET(ACE_SOURCES
- ${WRT_ACE_DIR}/engine/PolicyEvaluator.cpp
- ${WRT_ACE_DIR}/engine/PolicyInformationPoint.cpp
- ${WRT_ACE_DIR}/engine/CombinerImpl.cpp
- ${WRT_ACE_DIR}/engine/parser.cpp
- ${WRT_ACE_DIR}/engine/PolicyEnforcementPoint.cpp
- ${WRT_ACE_DIR}/engine/SettingsLogic.cpp
- ${WRT_ACE_DIR}/engine/Attribute.cpp
- ${WRT_ACE_DIR}/engine/Condition.cpp
- ${WRT_ACE_DIR}/engine/Policy.cpp
- ${WRT_ACE_DIR}/engine/Rule.cpp
- ${WRT_ACE_DIR}/engine/Subject.cpp
- ${WRT_ACE_DIR}/engine/TreeNode.cpp
- ${WRT_ACE_DIR}/engine/ConfigurationManager.cpp
-)
-
-INCLUDE_DIRECTORIES(${ACE_LIB_DEPS_INCLUDE_DIRS})
-INCLUDE_DIRECTORIES(${WRT_ACE_DIR}/include)
-
-SET(WITH_ACE_SETTINGS_SERVER_SOURCES
- ${WITH_ACE_SETTINGS_SERVER_NONE_SOURCES}
- )
-
-ADD_LIBRARY(${TARGET_ACE_LIB} SHARED
- ${ACE_SOURCES}
- ${WITH_ACE_SETTINGS_SERVER_SOURCES}
-)
-
-SET_TARGET_PROPERTIES(${TARGET_ACE_LIB} PROPERTIES
- SOVERSION ${API_VERSION}
- VERSION ${VERSION})
-
-SET_TARGET_PROPERTIES(${TARGET_ACE_LIB} PROPERTIES
- COMPILE_FLAGS -fPIC)
-
-TARGET_LINK_LIBRARIES(${TARGET_ACE_LIB}
- ${TARGET_ACE_DAO_RW_LIB}
- ${ACE_LIB_DEPS_LIBRARIES}
-)
-
-INSTALL(TARGETS ${TARGET_ACE_LIB}
- DESTINATION lib)
-
-INSTALL(FILES
- include/ace/WRT_INTERFACE.h
- DESTINATION
- include/ace
- )
-
-add_subdirectory(dao)
+++ /dev/null
-!!!options!!! stop
-ACE - Access Control Engine - security module for Device APIs
+++ /dev/null
-<policy-set id="Tizen-Policy" combine="first-matching-target">
- <policy id="Tizen-Policy-Partner-API" description="Partner API" combine="permit-overrides">
- <!-- Partner API. This is finger-print of tizen-distributor-root-ca-partner.pem -->
- <target>
- <subject>
- <subject-match attr="distributor-key-root-fingerprint" func="equal">
- sha-1 67:37:DE:B7:B9:9D:D2:DB:A5:2C:42:DE:CB:2F:2C:3E:33:97:E1:85
- </subject-match>
- </subject>
- </target>
-
- <rule effect="permit">
- <condition combine="or">
- <resource-match attr="device-cap" func="equal" match="tizen" />
- </condition>
- </rule>
-
- <!-- access to application -->
- <rule effect="permit">
- <condition combine="or">
- <resource-match attr="device-cap" func="equal" match="application.kill" />
- <resource-match attr="device-cap" func="equal" match="application.launch" />
- <resource-match attr="device-cap" func="equal" match="application.read" />
- </condition>
- </rule>
-
- <!-- access to bluetooth -->
- <rule effect="permit">
- <condition combine="or">
- <resource-match attr="device-cap" func="equal" match="bluetooth.admin" />
- <resource-match attr="device-cap" func="equal" match="bluetooth.gap" />
- <resource-match attr="device-cap" func="equal" match="bluetooth.spp" />
- </condition>
- </rule>
-
- <!-- access to calendar -->
- <rule effect="permit">
- <condition combine="or">
- <resource-match attr="device-cap" func="equal" match="calendar.read" />
- <resource-match attr="device-cap" func="equal" match="calendar.write" />
- </condition>
- </rule>
-
- <!-- access to call history -->
- <rule effect="permit">
- <condition combine="or">
- <resource-match attr="device-cap" func="equal" match="callhistory.read" />
- <resource-match attr="device-cap" func="equal" match="callhistory.write" />
- </condition>
- </rule>
-
- <!-- access to contact -->
- <rule effect="permit">
- <condition combine="or">
- <resource-match attr="device-cap" func="equal" match="contact.read" />
- <resource-match attr="device-cap" func="equal" match="contact.write" />
- </condition>
- </rule>
-
- <!-- access to content -->
- <rule effect="permit">
- <condition combine="or">
- <resource-match attr="device-cap" func="equal" match="content.read" />
- <resource-match attr="device-cap" func="equal" match="content.write" />
- </condition>
- </rule>
-
- <!-- access to NFC -->
- <rule effect="permit">
- <condition combine="or">
- <resource-match attr="device-cap" func="equal" match="nfc.admin" />
- <resource-match attr="device-cap" func="equal" match="nfc.tag" />
- <resource-match attr="device-cap" func="equal" match="nfc.p2p" />
- <resource-match attr="device-cap" func="equal" match="nfc.cardemulation" />
- <resource-match attr="device-cap" func="equal" match="nfc.common" />
- </condition>
- </rule>
-
- <!-- access to systeminfo -->
- <rule effect="permit">
- <condition combine="or">
- <resource-match attr="device-cap" func="equal" match="systeminfo" />
- </condition>
- </rule>
-
- <!-- access to system setting -->
- <rule effect="permit">
- <condition combine="or">
- <resource-match attr="device-cap" func="equal" match="setting" />
- </condition>
- </rule>
-
- <!-- access to download feature -->
- <rule effect="permit">
- <condition combine="or">
- <resource-match attr="device-cap" func="equal" match="download" />
- </condition>
- </rule>
-
- <!-- access to power feature -->
- <rule effect="permit">
- <condition combine="or">
- <resource-match attr="device-cap" func="equal" match="power" />
- </condition>
- </rule>
-
- <!-- access to push feature -->
- <rule effect="permit">
- <condition combine="or">
- <resource-match attr="device-cap" func="equal" match="push" />
- </condition>
- </rule>
-
- <!-- access to timeutil -->
- <rule effect="permit">
- <condition combine="or">
- <resource-match attr="device-cap" func="equal" match="time" />
- </condition>
- </rule>
-
- <!-- access to external network -->
- <!-- XMLHttpRequestTizen and externalNetworkAccessTizen defined for Tizen Webapp -->
- <!-- Function of two capabilities are same to XMLHttpRequest and externalNetworkAccess of WAC -->
- <rule effect="permit">
- <condition combine="or">
- <resource-match attr="device-cap" func="equal" match="XMLHttpRequest" />
- <resource-match attr="device-cap" func="equal" match="externalNetworkAccess" />
- </condition>
- </rule>
-
- <!-- access to external network on roaming status -->
- <rule effect="permit">
- <condition combine="and">
- <condition combine="or">
- <resource-match attr="device-cap" func="equal" match="XMLHttpRequest" />
- <resource-match attr="device-cap" func="equal" match="externalNetworkAccess" />
- </condition>
- <environment-match attr="roaming" match="true" />
- </condition>
- </rule>
-
- <rule effect="permit">
- <condition combine="or">
- <resource-match attr="device-cap" func="equal" match="alarm" />
- </condition>
- </rule>
-
- <rule effect="permit">
- <condition combine="or">
- <resource-match attr="device-cap" func="equal" match="log" />
- </condition>
- </rule>
-
- <rule effect="permit">
- <condition combine="or">
- <resource-match attr="device-cap" func="equal" match="messaging.read" />
- <resource-match attr="device-cap" func="equal" match="messaging.write" />
- <resource-match attr="device-cap" func="equal" match="messaging.send" />
- </condition>
- </rule>
-
- <rule effect="permit">
- <condition combine="or">
- <resource-match attr="device-cap" func="equal" match="filesystem.read" />
- <resource-match attr="device-cap" func="equal" match="filesystem.write" />
- </condition>
- </rule>
-
- <rule effect="permit">
- <condition combine="or">
- <resource-match attr="device-cap" func="equal" match="notification.read" />
- <resource-match attr="device-cap" func="equal" match="notification.write" />
- </condition>
- </rule>
-
- <rule effect="permit">
- <condition combine="or">
- <resource-match attr="device-cap" func="equal" match="networkbearerselection" />
- </condition>
- </rule>
-
- <rule effect="permit">
- <condition combine="or">
- <resource-match attr="device-cap" func="equal" match="datacontrol.consumer" />
- </condition>
- </rule>
-
- <rule effect="permit">
- <condition combine="or">
- <resource-match attr="device-cap" func="equal" match="se" />
- </condition>
- </rule>
-
- <rule effect="permit">
- <condition combine="or">
- <resource-match attr="device-cap" func="equal" match="account.read" />
- <resource-match attr="device-cap" func="equal" match="account.write" />
- </condition>
- </rule>
-
- <rule effect="deny" />
- </policy>
- <policy id="Tizen-Policy-Trusted" description="Tizen's policy for trusted domain" combine="permit-overrides">
- <!-- This is finger-print of certificate for TIZEN SDK (tizen.root.preproduction.cert.pem) -->
- <target>
- <subject>
- <subject-match attr="distributor-key-root-fingerprint" func="equal">
- sha-1 AD:A1:44:89:6A:35:6D:17:01:E9:6F:46:C6:00:7B:78:BE:2E:D9:4E
- </subject-match>
- </subject>
- </target>
-
- <rule effect="permit">
- <condition combine="or">
- <resource-match attr="device-cap" func="equal" match="tizen" />
- </condition>
- </rule>
-
- <!-- access to application -->
- <rule effect="permit">
- <condition combine="or">
- <resource-match attr="device-cap" func="equal" match="application.launch" />
- <resource-match attr="device-cap" func="equal" match="application.read" />
- </condition>
- </rule>
-
- <!-- access to bluetooth -->
- <rule effect="permit">
- <condition combine="or">
- <resource-match attr="device-cap" func="equal" match="bluetooth.admin" />
- <resource-match attr="device-cap" func="equal" match="bluetooth.gap" />
- <resource-match attr="device-cap" func="equal" match="bluetooth.spp" />
- </condition>
- </rule>
-
- <!-- access to calendar -->
- <rule effect="permit">
- <condition combine="or">
- <resource-match attr="device-cap" func="equal" match="calendar.read" />
- <resource-match attr="device-cap" func="equal" match="calendar.write" />
- </condition>
- </rule>
-
- <!-- access to call history -->
- <rule effect="permit">
- <condition combine="or">
- <resource-match attr="device-cap" func="equal" match="callhistory.read" />
- <resource-match attr="device-cap" func="equal" match="callhistory.write" />
- </condition>
- </rule>
-
- <!-- access to contact -->
- <rule effect="permit">
- <condition combine="or">
- <resource-match attr="device-cap" func="equal" match="contact.read" />
- <resource-match attr="device-cap" func="equal" match="contact.write" />
- </condition>
- </rule>
-
- <!-- access to content -->
- <rule effect="permit">
- <condition combine="or">
- <resource-match attr="device-cap" func="equal" match="content.read" />
- <resource-match attr="device-cap" func="equal" match="content.write" />
- </condition>
- </rule>
-
- <!-- access to NFC -->
- <rule effect="permit">
- <condition combine="or">
- <resource-match attr="device-cap" func="equal" match="nfc.admin" />
- <resource-match attr="device-cap" func="equal" match="nfc.tag" />
- <resource-match attr="device-cap" func="equal" match="nfc.p2p" />
- <resource-match attr="device-cap" func="equal" match="nfc.cardemulation" />
- <resource-match attr="device-cap" func="equal" match="nfc.common" />
- </condition>
- </rule>
-
- <!-- access to systeminfo -->
- <rule effect="permit">
- <condition combine="or">
- <resource-match attr="device-cap" func="equal" match="systeminfo" />
- </condition>
- </rule>
-
- <!-- access to system setting -->
- <rule effect="permit">
- <condition combine="or">
- <resource-match attr="device-cap" func="equal" match="setting" />
- </condition>
- </rule>
-
- <!-- access to download feature -->
- <rule effect="permit">
- <condition combine="or">
- <resource-match attr="device-cap" func="equal" match="download" />
- </condition>
- </rule>
-
- <!-- access to power feature -->
- <rule effect="permit">
- <condition combine="or">
- <resource-match attr="device-cap" func="equal" match="power" />
- </condition>
- </rule>
-
- <!-- access to push feature -->
- <rule effect="permit">
- <condition combine="or">
- <resource-match attr="device-cap" func="equal" match="push" />
- </condition>
- </rule>
-
- <!-- access to timeutil -->
- <rule effect="permit">
- <condition combine="or">
- <resource-match attr="device-cap" func="equal" match="time" />
- </condition>
- </rule>
-
- <!-- access to external network -->
- <!-- XMLHttpRequestTizen and externalNetworkAccessTizen defined for Tizen Webapp -->
- <!-- Function of two capabilities are same to XMLHttpRequest and externalNetworkAccess of WAC -->
- <rule effect="permit">
- <condition combine="or">
- <resource-match attr="device-cap" func="equal" match="XMLHttpRequest" />
- <resource-match attr="device-cap" func="equal" match="externalNetworkAccess" />
- </condition>
- </rule>
-
- <!-- access to external network on roaming status -->
- <rule effect="permit">
- <condition combine="and">
- <condition combine="or">
- <resource-match attr="device-cap" func="equal" match="XMLHttpRequest" />
- <resource-match attr="device-cap" func="equal" match="externalNetworkAccess" />
- </condition>
- <environment-match attr="roaming" match="true" />
- </condition>
- </rule>
-
- <rule effect="permit">
- <condition combine="or">
- <resource-match attr="device-cap" func="equal" match="alarm" />
- </condition>
- </rule>
-
- <rule effect="permit">
- <condition combine="or">
- <resource-match attr="device-cap" func="equal" match="log" />
- </condition>
- </rule>
-
- <rule effect="permit">
- <condition combine="or">
- <resource-match attr="device-cap" func="equal" match="messaging.read" />
- <resource-match attr="device-cap" func="equal" match="messaging.write" />
- <resource-match attr="device-cap" func="equal" match="messaging.send" />
- </condition>
- </rule>
-
- <rule effect="permit">
- <condition combine="or">
- <resource-match attr="device-cap" func="equal" match="filesystem.read" />
- <resource-match attr="device-cap" func="equal" match="filesystem.write" />
- </condition>
- </rule>
-
- <rule effect="permit">
- <condition combine="or">
- <resource-match attr="device-cap" func="equal" match="notification.read" />
- <resource-match attr="device-cap" func="equal" match="notification.write" />
- </condition>
- </rule>
-
- <rule effect="deny" />
- </policy>
-
- <policy id="Tizen-Policy-Untrusted" description="Tizen's policy for untrusted domain" combine="permit-overrides">
- <!-- Specific Untrusted Policy for Tizen -->
-
- <rule effect="permit">
- <condition combine="or">
- <resource-match attr="device-cap" func="equal" match="tizen" />
- </condition>
- </rule>
-
- <!-- access to application -->
- <rule effect="permit">
- <condition combine="or">
- <resource-match attr="device-cap" func="equal" match="application.launch" />
- <resource-match attr="device-cap" func="equal" match="application.read" />
- </condition>
- </rule>
-
- <!-- access to bluetooth -->
- <rule effect="permit">
- <condition combine="or">
- <resource-match attr="device-cap" func="equal" match="bluetooth.admin" />
- <resource-match attr="device-cap" func="equal" match="bluetooth.gap" />
- <resource-match attr="device-cap" func="equal" match="bluetooth.spp" />
- </condition>
- </rule>
-
- <!-- access to calendar -->
- <rule effect="permit">
- <condition combine="or">
- <resource-match attr="device-cap" func="equal" match="calendar.read" />
- <resource-match attr="device-cap" func="equal" match="calendar.write" />
- </condition>
- </rule>
-
- <!-- access to call history -->
- <rule effect="permit">
- <condition combine="or">
- <resource-match attr="device-cap" func="equal" match="callhistory.read" />
- <resource-match attr="device-cap" func="equal" match="callhistory.write" />
- </condition>
- </rule>
-
- <!-- access to contact -->
- <rule effect="permit">
- <condition combine="or">
- <resource-match attr="device-cap" func="equal" match="contact.read" />
- <resource-match attr="device-cap" func="equal" match="contact.write" />
- </condition>
- </rule>
-
- <!-- access to content -->
- <rule effect="permit">
- <condition combine="or">
- <resource-match attr="device-cap" func="equal" match="content.read" />
- <resource-match attr="device-cap" func="equal" match="content.write" />
- </condition>
- </rule>
-
- <!-- access to NFC -->
- <rule effect="permit">
- <condition combine="or">
- <resource-match attr="device-cap" func="equal" match="nfc.admin" />
- <resource-match attr="device-cap" func="equal" match="nfc.tag" />
- <resource-match attr="device-cap" func="equal" match="nfc.p2p" />
- <resource-match attr="device-cap" func="equal" match="nfc.cardemulation" />
- <resource-match attr="device-cap" func="equal" match="nfc.common" />
- </condition>
- </rule>
-
- <!-- access to systeminfo -->
- <rule effect="permit">
- <condition combine="or">
- <resource-match attr="device-cap" func="equal" match="systeminfo" />
- </condition>
- </rule>
-
- <!-- access to system setting -->
- <rule effect="permit">
- <condition combine="or">
- <resource-match attr="device-cap" func="equal" match="setting" />
- </condition>
- </rule>
-
- <!-- access to download feature -->
- <rule effect="permit">
- <condition combine="or">
- <resource-match attr="device-cap" func="equal" match="download" />
- </condition>
- </rule>
-
- <!-- access to power feature -->
- <rule effect="permit">
- <condition combine="or">
- <resource-match attr="device-cap" func="equal" match="power" />
- </condition>
- </rule>
-
- <!-- access to push feature -->
- <rule effect="permit">
- <condition combine="or">
- <resource-match attr="device-cap" func="equal" match="push" />
- </condition>
- </rule>
-
- <!-- access to timeutil -->
- <rule effect="permit">
- <condition combine="or">
- <resource-match attr="device-cap" func="equal" match="time" />
- </condition>
- </rule>
-
- <!-- access to external network -->
- <!-- XMLHttpRequestTizen and externalNetworkAccessTizen defined for Tizen Webapp -->
- <!-- Function of two capabilities are same to XMLHttpRequest and externalNetworkAccess of WAC -->
- <rule effect="permit">
- <condition combine="or">
- <resource-match attr="device-cap" func="equal" match="XMLHttpRequest" />
- <resource-match attr="device-cap" func="equal" match="externalNetworkAccess" />
- </condition>
- </rule>
-
- <!-- access to external network on roaming status -->
- <rule effect="permit">
- <condition combine="and">
- <condition combine="or">
- <resource-match attr="device-cap" func="equal" match="XMLHttpRequest" />
- <resource-match attr="device-cap" func="equal" match="externalNetworkAccess" />
- </condition>
- <environment-match attr="roaming" match="true" />
- </condition>
- </rule>
-
- <rule effect="permit">
- <condition combine="or">
- <resource-match attr="device-cap" func="equal" match="alarm" />
- </condition>
- </rule>
-
- <rule effect="permit">
- <condition combine="or">
- <resource-match attr="device-cap" func="equal" match="log" />
- </condition>
- </rule>
-
- <rule effect="permit">
- <condition combine="or">
- <resource-match attr="device-cap" func="equal" match="messaging.read" />
- <resource-match attr="device-cap" func="equal" match="messaging.write" />
- <resource-match attr="device-cap" func="equal" match="messaging.send" />
- </condition>
- </rule>
-
- <rule effect="permit">
- <condition combine="or">
- <resource-match attr="device-cap" func="equal" match="filesystem.read" />
- <resource-match attr="device-cap" func="equal" match="filesystem.write" />
- </condition>
- </rule>
-
- <rule effect="permit">
- <condition combine="or">
- <resource-match attr="device-cap" func="equal" match="notification.read" />
- <resource-match attr="device-cap" func="equal" match="notification.write" />
- </condition>
- </rule>
-
- <rule effect="deny" />
- </policy>
-</policy-set>
+++ /dev/null
-<policy-set id="Policy-1" combine="first-matching-target">
- <policy>
- <rule effect="permit" />
- </policy>
-</policy-set>
+++ /dev/null
-<policy-set id="WAC-Policy" combine="first-matching-target">
- <policy id="WAC-Policy-Trusted" description="WAC's policy for trusted domain" combine="permit-overrides">
- <target>
- <subject>
- <!-- This is finger-print of certificate for WAC Test Widget (operator.root.cert.pem) -->
- <subject-match attr="distributor-key-root-fingerprint" func="equal">
- sha-1 4A:9D:7A:4B:3B:29:D4:69:0A:70:B3:80:EC:A9:44:6B:03:7C:9A:38
- </subject-match>
- </subject>
- <subject>
- <!-- This is finger-print of certificate for WAC Publish ID (wac.publisher.pem) -->
- <subject-match attr="author-key-root-fingerprint" func="equal">
- sha-1 A6:00:BC:53:AC:37:5B:6A:03:C3:7A:8A:E0:1B:87:8B:82:94:9B:C2
- </subject-match>
- </subject>
- <subject>
- <!-- This is finger-print of certificate for WAC Production (wac.root.production.pem) -->
- <subject-match attr="distributor-key-root-fingerprint" func="equal">
- sha-1 A0:59:D3:37:E8:C8:2E:7F:38:84:7D:21:A9:9E:19:A9:8E:EC:EB:E1
- </subject-match>
- </subject>
- <subject>
- <!-- This is finger-print of certificate for WAC Preproduction (wac.root.preproduction.pem) -->
- <subject-match attr="distributor-key-root-fingerprint" func="equal">
- sha-1 8D:1F:CB:31:68:11:DA:22:59:26:58:13:6C:C6:72:C9:F0:DE:84:2A
- </subject-match>
- </subject>
- </target>
-
- <!-- access to external network -->
- <rule effect="permit">
- <condition combine="and">
- <condition combine="or">
- <resource-match attr="device-cap" func="equal" match="XMLHttpRequest" />
- <resource-match attr="device-cap" func="equal" match="externalNetworkAccess" />
- <resource-match attr="device-cap" func="equal" match="messaging.send" />
- </condition>
- <environment-match attr="roaming" match="true" />
- </condition>
- </rule>
- <rule effect="permit" />
- </policy>
-
- <policy id="WAC-Policy-Untrusted" description="WAC's policy for untrusted domain" combine="deny-overrides">
- <!-- Specific Untrusted Policy for WAC -->
- <!-- access to accelerometer -->
- <rule effect="permit">
- <condition combine="or">
- <resource-match attr="device-cap" func="equal" match="accelerometer" />
- </condition>
- </rule>
-
- <!-- access to calendar -->
- <rule effect="permit">
- <condition combine="or">
- <resource-match attr="device-cap" func="equal" match="pim.calendar.read" />
- <resource-match attr="device-cap" func="equal" match="pim.calendar.write" />
- </condition>
- </rule>
-
- <!-- access to camera -->
- <rule effect="permit">
- <condition combine="or">
- <resource-match attr="device-cap" func="equal" match="camera.show" />
- </condition>
- </rule>
- <rule effect="permit">
- <condition combine="or">
- <resource-match attr="device-cap" func="equal" match="camera.capture" />
- </condition>
- </rule>
-
- <!-- access to contact -->
- <rule effect="permit">
- <condition combine="or">
- <resource-match attr="device-cap" func="equal" match="pim.contact.read" />
- <resource-match attr="device-cap" func="equal" match="pim.contact.write" />
- </condition>
- </rule>
-
- <!-- access to device-interaction -->
- <rule effect="permit">
- <condition combine="or">
- <resource-match attr="device-cap" func="equal" match="deviceinteraction" />
- </condition>
- </rule>
-
- <!-- access to device-status -->
- <rule effect="permit">
- <condition combine="or">
- <resource-match attr="device-cap" func="equal" match="devicestatus.deviceinfo" />
- <resource-match attr="device-cap" func="equal" match="devicestatus.networkinfo" />
- </condition>
- </rule>
-
- <!-- access to filesystem -->
- <rule effect="permit">
- <condition combine="and">
- <condition combine="or">
- <resource-match attr="device-cap" func="equal" match="filesystem.read" />
- <resource-match attr="device-cap" func="equal" match="filesystem.write" />
- </condition>
- <condition combine="or">
- <resource-match attr="param:location" func="equal">wgt-private</resource-match>
- <resource-match attr="param:location" func="equal">wgt-private-tmp</resource-match>
- <resource-match attr="param:location" func="equal">wgt-package</resource-match>
- </condition>
- </condition>
- </rule>
-
- <!-- access to messaging -->
- <rule effect="permit">
- <condition combine="or">
- <resource-match attr="device-cap" func="equal" match="messaging.find" />
- <resource-match attr="device-cap" func="equal" match="messaging.subscribe" />
- <resource-match attr="device-cap" func="equal" match="messaging.write" />
- </condition>
- </rule>
-
- <!-- access to message send on roaming status -->
- <rule effect="deny">
- <condition combine="and">
- <resource-match attr="device-cap" func="equal" match="messaging.send" />
- <environment-match attr="roaming" match="true" />
- </condition>
- </rule>
-
- <!-- access to geolocation -->
- <rule effect="permit">
- <condition combine="or">
- <resource-match attr="device-cap" func="equal" match="geolocation" />
- </condition>
- </rule>
-
- <!-- access to orientation -->
- <rule effect="permit">
- <condition combine="or">
- <resource-match attr="device-cap" func="equal" match="orientation" />
- </condition>
- </rule>
-
- <!-- access to task -->
- <rule effect="permit">
- <condition combine="or">
- <resource-match attr="device-cap" func="equal" match="pim.task.read" />
- <resource-match attr="device-cap" func="equal" match="pim.task.write" />
- </condition>
- </rule>
- <!-- access to external network -->
- <rule effect="permit">
- <condition combine="or">
- <resource-match attr="device-cap" func="equal" match="XMLHttpRequest" />
- <resource-match attr="device-cap" func="equal" match="externalNetworkAccess" />
- </condition>
- </rule>
-
- <!-- access to external network on roaming status -->
- <rule effect="permit">
- <condition combine="and">
- <condition combine="or">
- <resource-match attr="device-cap" func="equal" match="XMLHttpRequest" />
- <resource-match attr="device-cap" func="equal" match="externalNetworkAccess" />
- </condition>
- <environment-match attr="roaming" match="true" />
- </condition>
- </rule>
-
- </policy>
-</policy-set>
+++ /dev/null
-<?xml version="1.0" encoding="UTF-8"?>
-<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" elementFormDefault="qualified">
- <xs:element name="policy-set">
- <xs:complexType>
- <xs:sequence>
- <xs:element minOccurs="0" ref="target"/>
- <xs:choice minOccurs="0" maxOccurs="unbounded">
- <xs:element ref="policy-set"/>
- <xs:element ref="policy"/>
- </xs:choice>
- </xs:sequence>
- <xs:attributeGroup ref="policy-set.attlist"/>
- </xs:complexType>
- </xs:element>
- <xs:attributeGroup name="policy-set.attlist">
- <xs:attribute name="combine" default="deny-overrides">
- <xs:simpleType>
- <xs:restriction base="xs:token">
- <xs:enumeration value="deny-overrides"/>
- <xs:enumeration value="permit-overrides"/>
- <xs:enumeration value="first-matching-target"/>
- </xs:restriction>
- </xs:simpleType>
- </xs:attribute>
- <xs:attribute name="id"/>
- </xs:attributeGroup>
- <xs:element name="policy">
- <xs:complexType>
- <xs:sequence>
- <xs:element minOccurs="0" ref="target"/>
- <xs:element minOccurs="0" maxOccurs="unbounded" ref="rule"/>
- </xs:sequence>
- <xs:attributeGroup ref="policy.attlist"/>
- </xs:complexType>
- </xs:element>
- <xs:attributeGroup name="policy.attlist">
- <xs:attribute name="combine" default="deny-overrides">
- <xs:simpleType>
- <xs:restriction base="xs:token">
- <xs:enumeration value="deny-overrides"/>
- <xs:enumeration value="permit-overrides"/>
- <xs:enumeration value="first-applicable"/>
- </xs:restriction>
- </xs:simpleType>
- </xs:attribute>
- <xs:attribute name="description"/>
- <xs:attribute name="id"/>
- </xs:attributeGroup>
- <xs:element name="rule">
- <xs:complexType>
- <xs:sequence>
- <xs:element minOccurs="0" ref="condition"/>
- </xs:sequence>
- <xs:attributeGroup ref="rule.attlist"/>
- </xs:complexType>
- </xs:element>
- <xs:attributeGroup name="rule.attlist">
- <xs:attribute name="effect" default="permit">
- <xs:simpleType>
- <xs:restriction base="xs:token">
- <xs:enumeration value="permit"/>
- <xs:enumeration value="prompt-blanket"/>
- <xs:enumeration value="prompt-session"/>
- <xs:enumeration value="prompt-oneshot"/>
- <xs:enumeration value="deny"/>
- </xs:restriction>
- </xs:simpleType>
- </xs:attribute>
- </xs:attributeGroup>
- <xs:element name="target">
- <xs:complexType>
- <xs:sequence>
- <xs:element maxOccurs="unbounded" ref="subject"/>
- </xs:sequence>
- </xs:complexType>
- </xs:element>
- <xs:element name="subject">
- <xs:complexType>
- <xs:sequence>
- <xs:element maxOccurs="unbounded" ref="subject-match"/>
- </xs:sequence>
- </xs:complexType>
- </xs:element>
- <xs:element name="condition">
- <xs:complexType>
- <xs:choice maxOccurs="unbounded">
- <xs:element ref="condition"/>
- <xs:element ref="subject-match"/>
- <xs:element ref="resource-match"/>
- <xs:element ref="environment-match"/>
- </xs:choice>
- <xs:attributeGroup ref="condition.attlist"/>
- </xs:complexType>
- </xs:element>
- <xs:attributeGroup name="condition.attlist">
- <xs:attribute name="combine" default="and">
- <xs:simpleType>
- <xs:restriction base="xs:token">
- <xs:enumeration value="and"/>
- <xs:enumeration value="or"/>
- </xs:restriction>
- </xs:simpleType>
- </xs:attribute>
- </xs:attributeGroup>
- <xs:attributeGroup name="match-attrs">
- <xs:attribute name="attr" use="required"/>
- <xs:attribute name="match"/>
- <xs:attribute name="func" default="glob">
- <xs:simpleType>
- <xs:restriction base="xs:token">
- <xs:enumeration value="equal"/>
- <xs:enumeration value="glob"/>
- <xs:enumeration value="regexp"/>
- </xs:restriction>
- </xs:simpleType>
- </xs:attribute>
- </xs:attributeGroup>
- <xs:element name="subject-match">
- <xs:complexType mixed="true">
- <xs:attributeGroup ref="subject-match.attlist"/>
- </xs:complexType>
- </xs:element>
- <xs:attributeGroup name="subject-match.attlist">
- <xs:attributeGroup ref="match-attrs"/>
- </xs:attributeGroup>
- <xs:complexType name="match-model" mixed="true">
- <xs:choice minOccurs="0" maxOccurs="unbounded">
- <xs:element ref="subject-attr"/>
- <xs:element ref="resource-attr"/>
- <xs:element ref="environment-attr"/>
- </xs:choice>
- </xs:complexType>
- <xs:element name="resource-match">
- <xs:complexType>
- <xs:complexContent>
- <xs:extension base="match-model">
- <xs:attributeGroup ref="resource-match.attlist"/>
- </xs:extension>
- </xs:complexContent>
- </xs:complexType>
- </xs:element>
- <xs:attributeGroup name="resource-match.attlist">
- <xs:attributeGroup ref="match-attrs"/>
- </xs:attributeGroup>
- <xs:element name="environment-match">
- <xs:complexType>
- <xs:complexContent>
- <xs:extension base="match-model">
- <xs:attributeGroup ref="environment-match.attlist"/>
- </xs:extension>
- </xs:complexContent>
- </xs:complexType>
- </xs:element>
- <xs:attributeGroup name="environment-match.attlist">
- <xs:attributeGroup ref="match-attrs"/>
- </xs:attributeGroup>
- <xs:attributeGroup name="attr-attrs">
- <xs:attribute name="attr" use="required"/>
- </xs:attributeGroup>
- <xs:element name="subject-attr">
- <xs:complexType>
- <xs:attributeGroup ref="subject-attr.attlist"/>
- </xs:complexType>
- </xs:element>
- <xs:attributeGroup name="subject-attr.attlist">
- <xs:attributeGroup ref="attr-attrs"/>
- </xs:attributeGroup>
- <xs:element name="resource-attr">
- <xs:complexType>
- <xs:attributeGroup ref="resource-attr.attlist"/>
- </xs:complexType>
- </xs:element>
- <xs:attributeGroup name="resource-attr.attlist">
- <xs:attributeGroup ref="attr-attrs"/>
- </xs:attributeGroup>
- <xs:element name="environment-attr">
- <xs:complexType>
- <xs:attributeGroup ref="environment-attr.attlist"/>
- </xs:complexType>
- </xs:element>
- <xs:attributeGroup name="environment-attr.attlist">
- <xs:attributeGroup ref="attr-attrs"/>
- </xs:attributeGroup>
-</xs:schema>
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/**
- *
- *
- * @file AceDAO.cpp
- * @author Krzysztof Jackiewicz (k.jackiewicz@samsung.com)
- * @version 0.1
- * @brief
- */
-
-#include <ace-dao-rw/AceDAO.h>
-
-#include <openssl/md5.h>
-#include <dpl/foreach.h>
-#include <dpl/string.h>
-#include <dpl/log/log.h>
-#include <dpl/db/orm.h>
-#include <ace-dao-ro/AceDAOUtilities.h>
-#include <ace-dao-ro/AceDAOConversions.h>
-#include <ace-dao-ro/AceDatabase.h>
-
-using namespace DPL::DB::ORM;
-using namespace DPL::DB::ORM::ace;
-using namespace AceDB::AceDaoUtilities;
-using namespace AceDB::AceDaoConversions;
-
-namespace {
-char const * const EMPTY_SESSION = "";
-} // namespace
-
-namespace AceDB{
-
-void AceDAO::setPromptDecision(
- WidgetHandle widgetHandle,
- int ruleId,
- const DPL::OptionalString &session,
- PromptDecision decision)
-{
- Try {
- ScopedTransaction transaction(&AceDaoUtilities::m_databaseInterface);
-
- ACE_DB_DELETE(del, AcePromptDecision, &AceDaoUtilities::m_databaseInterface);
- del->Where(
- And(
- Equals<AcePromptDecision::app_id>(widgetHandle),
- Equals<AcePromptDecision::rule_id>(ruleId)));
- del->Execute();
-
- AcePromptDecision::Row row;
- row.Set_rule_id(ruleId);
- row.Set_decision(promptDecisionToInt(decision));
- row.Set_app_id(widgetHandle);
- row.Set_session(session);
- ACE_DB_INSERT(insert, AcePromptDecision, &AceDaoUtilities::m_databaseInterface);
- insert->Values(row);
- insert->Execute();
-
- transaction.Commit();
- }
- Catch(DPL::DB::SqlConnection::Exception::Base) {
- ReThrowMsg(Exception::DatabaseError, "Failed to setUserSetting");
- }
-}
-
-void AceDAO::removePolicyResult(
- const BaseAttributeSet &attributes)
-{
- Try {
- ScopedTransaction transaction(&AceDaoUtilities::m_databaseInterface);
-
- auto attrHash = convertToHash(attributes);
-
- ACE_DB_DELETE(del,
- AcePolicyResult,
- &AceDaoUtilities::m_databaseInterface);
- del->Where(Equals<AcePolicyResult::hash>(attrHash));
- del->Execute();
- transaction.Commit();
- }
- Catch(DPL::DB::SqlConnection::Exception::Base) {
- ReThrowMsg(Exception::DatabaseError, "Failed to removeVerdict");
- }
-}
-
-void AceDAO::clearAllSettings(void)
-{
- clearWidgetDevCapSettings();
- clearDevCapSettings();
-}
-
-void AceDAO::setDevCapSetting(const std::string &resource,
- PreferenceTypes preference)
-{
- Try {
- ACE_DB_UPDATE(update, AceDevCap, &AceDaoUtilities::m_databaseInterface);
- AceDevCap::Row row;
- row.Set_general_setting(preferenceToInt(preference));
- update->Values(row);
- update->Where(
- Equals<AceDevCap::id_uri>(DPL::FromUTF8String(resource)));
- update->Execute();
- }
- Catch(DPL::DB::SqlConnection::Exception::Base) {
- ReThrowMsg(Exception::DatabaseError, "Failed to SetResourceSetting");
- }
-}
-
-void AceDAO::removeDevCapSetting(const std::string &resource)
-{
- Try {
- ACE_DB_UPDATE(update, AceDevCap, &AceDaoUtilities::m_databaseInterface);
- AceDevCap::Row row;
- row.Set_general_setting(preferenceToInt(PreferenceTypes::PREFERENCE_DEFAULT));
- update->Values(row);
- update->Where(
- Equals<AceDevCap::id_uri>(DPL::FromUTF8String(resource)));
- update->Execute();
- }
- Catch(DPL::DB::SqlConnection::Exception::Base) {
- ReThrowMsg(Exception::DatabaseError, "Failed to removeResourceSetting");
- }
-}
-
-
-void AceDAO::setWidgetDevCapSetting(const std::string &resource,
- WidgetHandle handler,
- PreferenceTypes preference)
-{
- Try {
- ScopedTransaction transaction(&AceDaoUtilities::m_databaseInterface);
- // TODO JOIN
- AceDevCap::Row rrow;
- if (!getResourceByUri(resource, rrow)) {
- ThrowMsg(Exception::DatabaseError, "Resource not found");
- }
-
- ACE_DB_INSERT(insert,
- AceWidgetDevCapSetting,
- &AceDaoUtilities::m_databaseInterface);
-
- AceWidgetDevCapSetting::Row row;
- row.Set_app_id(handler);
- int rid = rrow.Get_resource_id();
- row.Set_resource_id(rid);
- row.Set_access_value(preferenceToInt(preference));
- insert->Values(row);
- insert->Execute();
-
- transaction.Commit();
- }
- Catch(DPL::DB::SqlConnection::Exception::Base) {
- ReThrowMsg(Exception::DatabaseError, "Failed to setUserSetting");
- }
-}
-
-void AceDAO::removeWidgetDevCapSetting(const std::string &resource,
- WidgetHandle handler)
-{
- Try {
- ScopedTransaction transaction(&AceDaoUtilities::m_databaseInterface);
- AceDevCap::Row rrow;
- if (!getResourceByUri(resource, rrow)) {
- ThrowMsg(Exception::DatabaseError, "resource not found");
- }
-
- ACE_DB_DELETE(del,
- AceWidgetDevCapSetting,
- &AceDaoUtilities::m_databaseInterface);
-
- Equals<AceWidgetDevCapSetting::app_id> e1(handler);
- Equals<AceWidgetDevCapSetting::resource_id> e2(rrow.Get_resource_id());
- del->Where(And(e1, e2));
- del->Execute();
- transaction.Commit();
- }
- Catch(DPL::DB::SqlConnection::Exception::Base) {
- ReThrowMsg(Exception::DatabaseError, "Failed to clearUserSettings");
- }
-}
-
-
-void AceDAO::setPolicyResult(const BaseAttributeSet &attributes,
- const ExtendedPolicyResult &exResult)
-{
- Try {
- ScopedTransaction transaction(&AceDaoUtilities::m_databaseInterface);
-
- // TODO: this call is connected with logic.
- // It should be moved to PolicyEvaluator
- addAttributes(attributes);
-
- auto attrHash = convertToHash(attributes);
-
- ACE_DB_DELETE(del, AcePolicyResult, &AceDaoUtilities::m_databaseInterface)
- del->Where(Equals<AcePolicyResult::hash>(attrHash));
- del->Execute();
-
- ACE_DB_INSERT(insert, AcePolicyResult, &AceDaoUtilities::m_databaseInterface);
- AcePolicyResult::Row row;
- row.Set_decision(PolicyResult::serialize(exResult.policyResult));
- row.Set_hash(attrHash);
- row.Set_rule_id(exResult.ruleId);
- insert->Values(row);
- insert->Execute();
-
- transaction.Commit();
- }
- Catch(DPL::DB::SqlConnection::Exception::Base) {
- ReThrowMsg(Exception::DatabaseError, "Failed to addVerdict");
- }
-}
-
-void AceDAO::resetDatabase(void)
-{
- Try {
- ScopedTransaction transaction(&AceDaoUtilities::m_databaseInterface);
- ACE_DB_DELETE(del1, AcePolicyResult, &AceDaoUtilities::m_databaseInterface);
- del1->Execute();
- ACE_DB_DELETE(del2, AceWidgetDevCapSetting, &AceDaoUtilities::m_databaseInterface);
- del2->Execute();
- ACE_DB_DELETE(del3, AceDevCap, &AceDaoUtilities::m_databaseInterface);
- del3->Execute();
- ACE_DB_DELETE(del4, AceSubject, &AceDaoUtilities::m_databaseInterface);
- del4->Execute();
- ACE_DB_DELETE(del5, AceAttribute, &AceDaoUtilities::m_databaseInterface);
- del5->Execute();
- ACE_DB_DELETE(del6, AcePromptDecision, &AceDaoUtilities::m_databaseInterface);
- del6->Execute();
-
- transaction.Commit();
-
- // TODO there is no such query yet in ORM.
- // GlobalConnection::DataCommandAutoPtr command =
- // GlobalConnectionSingleton::Instance().PrepareDataCommand(
- // "VACUUM");
- // command->Step();
- }
- Catch(DPL::DB::SqlConnection::Exception::Base) {
- ReThrowMsg(Exception::DatabaseError, "Failed to resetDatabase");
- }
-}
-
-void AceDAO::clearPolicyCache(void)
-{
- Try {
- ScopedTransaction transaction(&AceDaoUtilities::m_databaseInterface);
- ACE_DB_DELETE(del1, AcePolicyResult, &AceDaoUtilities::m_databaseInterface);
- del1->Execute();
- ACE_DB_DELETE(del2, AceAttribute, &AceDaoUtilities::m_databaseInterface);
- del2->Execute();
- ACE_DB_DELETE(del3, AcePromptDecision, &AceDaoUtilities::m_databaseInterface);
- del3->Execute();
-
- transaction.Commit();
- }
- Catch(DPL::DB::SqlConnection::Exception::Base) {
- ReThrowMsg(Exception::DatabaseError, "Failed to clearPolicyCache");
- }
-}
-
-void AceDAO::clearDevCapSettings()
-{
- Try {
- ACE_DB_UPDATE(update, AceDevCap, &AceDaoUtilities::m_databaseInterface);
- AceDevCap::Row row;
- row.Set_general_setting(-1);
- update->Values(row);
- update->Execute();
- }
- Catch(DPL::DB::SqlConnection::Exception::Base) {
- ReThrowMsg(Exception::DatabaseError, "Failed to clearResourceSettings");
- }
-}
-
-void AceDAO::clearWidgetDevCapSettings()
-{
- Try {
- ACE_DB_DELETE(del, AceWidgetDevCapSetting, &AceDaoUtilities::m_databaseInterface);
- del->Execute();
- }
- Catch(DPL::DB::SqlConnection::Exception::Base) {
- ReThrowMsg(Exception::DatabaseError, "Failed to clearUserSettings");
- }
-}
-
-int AceDAO::addResource(const std::string &request)
-{
- LogDebug("addResource: " << request);
- Try {
- ScopedTransaction transaction(&AceDaoUtilities::m_databaseInterface);
- AceDevCap::Row rrow;
- if (getResourceByUri(request, rrow)) {
- transaction.Commit();
- return rrow.Get_resource_id();
- }
-
- ACE_DB_INSERT(insert, AceDevCap, &AceDaoUtilities::m_databaseInterface);
- AceDevCap::Row row;
- row.Set_id_uri(DPL::FromUTF8String(request));
- row.Set_general_setting(-1);
- insert->Values(row);
- int id = insert->Execute();
- transaction.Commit();
- return id;
- }
- Catch(DPL::DB::SqlConnection::Exception::Base) {
- ReThrowMsg(Exception::DatabaseError, "Failed in addResource");
- }
-}
-
-void AceDAO::addAttributes(const BaseAttributeSet &attributes)
-{
- Try {
- BaseAttributeSet::const_iterator iter;
-
- for (iter = attributes.begin(); iter != attributes.end(); ++iter) {
- ACE_DB_SELECT(select, AceAttribute, &AceDaoUtilities::m_databaseInterface);
- select->Where(Equals<AceAttribute::name>(DPL::FromUTF8String(
- *(*iter)->getName())));
- std::list<AceAttribute::Row> rows = select->GetRowList();
- if (!rows.empty()) {
- continue;
- }
-
- ACE_DB_INSERT(insert, AceAttribute, &AceDaoUtilities::m_databaseInterface);
- AceAttribute::Row row;
- row.Set_name(DPL::FromUTF8String(*(*iter)->getName()));
- row.Set_type(attributeTypeToInt((*iter)->getType()));
- insert->Values(row);
- insert->Execute();
- }
- }
- Catch(DPL::DB::SqlConnection::Exception::Base) {
- ReThrowMsg(Exception::DatabaseError, "Failed in addAttributes");
- }
-}
-
-void AceDAO::setRequestedDevCaps(
- WidgetHandle widgetHandle,
- const RequestedDevCapsMap &permissions)
-{
- Try {
- FOREACH(it, permissions) {
- ACE_DB_INSERT(insert, AceRequestedDevCaps,
- &AceDaoUtilities::m_databaseInterface);
- AceRequestedDevCaps::Row row;
- row.Set_app_id(widgetHandle);
- row.Set_dev_cap(it->first);
- row.Set_grant_smack(it->second ? 1 : 0);
- insert->Values(row);
- insert->Execute();
- }
- } Catch(DPL::DB::SqlConnection::Exception::Base) {
- ReThrowMsg(Exception::DatabaseError, "Failed in setStaticDevCapPermissions");
- }
-}
-
-void AceDAO::setAcceptedFeature(
- WidgetHandle widgetHandle,
- const FeatureNameVector &vector)
-{
- Try {
- ScopedTransaction transaction(&AceDaoUtilities::m_databaseInterface);
- FOREACH(it, vector) {
- ACE_DB_INSERT(insert, AceAcceptedFeature,
- &AceDaoUtilities::m_databaseInterface);
- AceAcceptedFeature::Row row;
- row.Set_app_id(widgetHandle);
- row.Set_feature(*it);
- insert->Values(row);
- insert->Execute();
- }
- transaction.Commit();
- } Catch(DPL::DB::SqlConnection::Exception::Base) {
- ReThrowMsg(Exception::DatabaseError, "Failed in setAcceptedFeature");
- }
-}
-
-void AceDAO::removeAcceptedFeature(
- WidgetHandle widgetHandle)
-{
- Try
- {
- ACE_DB_DELETE(del, AceAcceptedFeature,
- &AceDaoUtilities::m_databaseInterface);
- del->Where(Equals<AceAcceptedFeature::app_id>(widgetHandle));
- del->Execute();
- } Catch(DPL::DB::SqlConnection::Exception::Base) {
- ReThrowMsg(Exception::DatabaseError, "Failed in removeAcceptedFeature");
- }
-}
-
-void AceDAO::registerWidgetInfo(WidgetHandle handle,
- const WidgetRegisterInfo& info,
- const WidgetCertificateDataList& dataList)
-{
- Try
- {
- ScopedTransaction transaction(&AceDaoUtilities::m_databaseInterface);
-
- ACE_DB_INSERT(insert, WidgetInfo, &AceDaoUtilities::m_databaseInterface);
- WidgetInfo::Row wi;
- wi.Set_app_id(handle);
- wi.Set_widget_type(static_cast<int>(info.type));
- wi.Set_widget_id(info.widget_id);
- wi.Set_widget_version(info.version);
- wi.Set_author_name(info.authorName);
- wi.Set_share_href(info.shareHref);
- insert->Values(wi);
- insert->Execute();
-
- WidgetCertificateDataList::const_iterator it;
- for (it = dataList.begin(); it != dataList.end(); ++it)
- {
- WidgetCertificateFingerprint::Row wcf;
- wcf.Set_app_id(handle);
- wcf.Set_owner(it->owner);
- wcf.Set_chainid(it->chainId);
- wcf.Set_type(it->type);
- wcf.Set_md5_fingerprint(DPL::FromUTF8String(it->strMD5Fingerprint));
- wcf.Set_sha1_fingerprint(DPL::FromUTF8String(it->strSHA1Fingerprint));
- wcf.Set_common_name(it->strCommonName);
- ACE_DB_INSERT(insert, WidgetCertificateFingerprint, &AceDaoUtilities::m_databaseInterface);
- insert->Values(wcf);
- insert->Execute();
- }
- transaction.Commit();
- } Catch(DPL::DB::SqlConnection::Exception::Base) {
- ReThrowMsg(Exception::DatabaseError, "Failed in registerWidgetInfo");
- }
-}
-
-void AceDAO::unregisterWidgetInfo(WidgetHandle handle)
-{
- if(AceDAO::isWidgetInstalled(handle)) {
- Try
- {
- ACE_DB_DELETE(del, WidgetInfo, &AceDaoUtilities::m_databaseInterface);
- del->Where(Equals<WidgetInfo::app_id>(handle));
- del->Execute();
- } Catch(DPL::DB::SqlConnection::Exception::Base) {
- ReThrowMsg(Exception::DatabaseError, "Failed in unregisterWidgetInfo");
- }
- }
-}
-
-}
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/**
- *
- *
- * @file AceDaoConversions.h
- * @author Krzysztof Jackiewicz (k.jackiewicz@samsung.com)
- * @author Grzegorz Krawczyk (g.krawczyk@samsung.com)
- * @version 0.1
- * @brief
- */
-
-#include <openssl/md5.h>
-#include <dpl/foreach.h>
-
-#include <ace-dao-ro/AceDAOConversions.h>
-
-namespace AceDB {
-
-DPL::String AceDaoConversions::convertToHash(const BaseAttributeSet &attributes)
-{
- unsigned char attrHash[MD5_DIGEST_LENGTH];
- std::string attrString;
- FOREACH(it, attributes) {
- // [CR] implementation of it->toString() is not secure, 24.03.2010
- attrString.append((*it)->toString());
- }
-
- MD5((unsigned char *) attrString.c_str(), attrString.length(), attrHash);
-
- char attrHashCoded[MD5_DIGEST_LENGTH*2 + 1];
- for (int i = 0; i < MD5_DIGEST_LENGTH; ++i) {
- sprintf(&attrHashCoded[i << 1],
- "%02X",
- static_cast<int>(attrHash[i]));
- }
- return DPL::FromASCIIString(attrHashCoded);
-}
-
-
-}
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/**
- *
- *
- * @file AceDAOReadOnlyReadOnly.cpp
- * @author Krzysztof Jackiewicz (k.jackiewicz@samsung.com)
- * @author Grzegorz Krawczyk (g.krawczyk@samsung.com)
- * @version 0.1
- * @brief
- */
-
-#include <list>
-#include <utility>
-
-#include <ace-dao-ro/AceDAOReadOnly.h>
-#include <ace-dao-ro/AceDAOUtilities.h>
-#include <ace-dao-ro/AceDAOConversions.h>
-#include <ace-dao-ro/AceDatabase.h>
-#include <dpl/foreach.h>
-
-using namespace DPL::DB::ORM;
-using namespace DPL::DB::ORM::ace;
-using namespace AceDB::AceDaoUtilities;
-using namespace AceDB::AceDaoConversions;
-
-namespace AceDB {
-
-static const int DB_ALLOW_ALWAYS = 0;
-static const int DB_ALLOW_FOR_SESSION = 1;
-static const int DB_ALLOW_THIS_TIME = 2;
-static const int DB_DENY_ALWAYS = 3;
-static const int DB_DENY_FOR_SESSION = 4;
-static const int DB_DENY_THIS_TIME = 5;
-
-static const int DB_APP_UNKNOWN = 0;
-static const int DB_APP_WAC20 = 1;
-static const int DB_APP_TIZEN = 2;
-
-int AceDAOReadOnly::promptDecisionToInt(PromptDecision decision)
-{
- if (PromptDecision::ALLOW_ALWAYS == decision) {
- return DB_ALLOW_ALWAYS;
- } else if (PromptDecision::DENY_ALWAYS == decision) {
- return DB_DENY_ALWAYS;
- } else if (PromptDecision::ALLOW_THIS_TIME == decision) {
- return DB_ALLOW_THIS_TIME;
- } else if (PromptDecision::DENY_THIS_TIME == decision) {
- return DB_DENY_THIS_TIME;
- } else if (PromptDecision::ALLOW_FOR_SESSION == decision) {
- return DB_ALLOW_FOR_SESSION;
- }
- // DENY_FOR_SESSION
- return DB_DENY_FOR_SESSION;
-}
-
-PromptDecision AceDAOReadOnly::intToPromptDecision(int dec) {
- if (dec == DB_ALLOW_ALWAYS) {
- return PromptDecision::ALLOW_ALWAYS;
- } else if (dec == DB_DENY_ALWAYS) {
- return PromptDecision::DENY_ALWAYS;
- } else if (dec == DB_ALLOW_THIS_TIME) {
- return PromptDecision::ALLOW_THIS_TIME;
- } else if (dec == DB_DENY_THIS_TIME) {
- return PromptDecision::DENY_THIS_TIME;
- } else if (dec == DB_ALLOW_FOR_SESSION) {
- return PromptDecision::ALLOW_FOR_SESSION;
- }
- // DB_DENY_FOR_SESSION
- return PromptDecision::DENY_FOR_SESSION;
-}
-
-int AceDAOReadOnly::appTypeToInt(AppTypes app_type)
-{
- switch (app_type) {
- case AppTypes::Unknown:
- return DB_APP_UNKNOWN;
- case AppTypes::WAC20:
- return DB_APP_WAC20;
- case AppTypes::Tizen:
- return DB_APP_TIZEN;
- default:
- return DB_APP_UNKNOWN;
- }
-
-}
-
-AppTypes AceDAOReadOnly::intToAppType(int app_type)
-{
- switch (app_type) {
- case DB_APP_UNKNOWN:
- return AppTypes::Unknown;
- case DB_APP_WAC20:
- return AppTypes::WAC20;
- case DB_APP_TIZEN:
- return AppTypes::Tizen;
- default:
- return AppTypes::Unknown;
- }
-}
-
-void AceDAOReadOnly::attachToThreadRO()
-{
- AceDaoUtilities::m_databaseInterface.AttachToThread(
- DPL::DB::SqlConnection::Flag::RO);
-}
-
-void AceDAOReadOnly::attachToThreadRW()
-{
- AceDaoUtilities::m_databaseInterface.AttachToThread(
- DPL::DB::SqlConnection::Flag::RW);
-}
-
-void AceDAOReadOnly::detachFromThread()
-{
- AceDaoUtilities::m_databaseInterface.DetachFromThread();
-}
-
-OptionalCachedPromptDecision AceDAOReadOnly::getPromptDecision(
- WidgetHandle widgetHandle,
- int ruleId)
-{
- Try {
- // get matching subject verdict
- ACE_DB_SELECT(select, AcePromptDecision, &AceDaoUtilities::m_databaseInterface);
-
- select->Where(
- And(
- Equals<AcePromptDecision::rule_id>(ruleId),
- Equals<AcePromptDecision::app_id>(widgetHandle)));
-
- std::list<AcePromptDecision::Row> rows = select->GetRowList();
- if (rows.empty()) {
- return OptionalCachedPromptDecision();
- }
-
- AcePromptDecision::Row row = rows.front();
- CachedPromptDecision decision;
- decision.decision = intToPromptDecision(row.Get_decision());
- decision.session = row.Get_session();
-
- return OptionalCachedPromptDecision(decision);
- }
- Catch(DPL::DB::SqlConnection::Exception::Base) {
- ReThrowMsg(Exception::DatabaseError, "Failed to getPromptDecision");
- }
-}
-
-void AceDAOReadOnly::getAttributes(BaseAttributeSet *attributes)
-{
- if (NULL == attributes) {
- LogError("NULL pointer");
- return;
- }
- attributes->clear();
- std::string aname;
- int type;
- Try {
- ACE_DB_SELECT(select, AceAttribute, &AceDaoUtilities::m_databaseInterface);
- typedef std::list<AceAttribute::Row> RowList;
- RowList list = select->GetRowList();
-
- FOREACH(i, list) {
- BaseAttributePtr attribute(new BaseAttribute());
- DPL::String name = i->Get_name();
- aname = DPL::ToUTF8String(name);
- type = i->Get_type();
-
- attribute->setName(&aname);
- attribute->setType(intToAttributeType(type));
- attributes->insert(attribute);
- }
- }
- Catch(DPL::DB::SqlConnection::Exception::Base) {
- ReThrowMsg(Exception::DatabaseError, "Failed to getAttributes");
- }
-}
-
-OptionalExtendedPolicyResult AceDAOReadOnly::getPolicyResult(
- const BaseAttributeSet &attributes)
-{
-
- auto attrHash = convertToHash(attributes);
- return getPolicyResult(attrHash);
-}
-
-OptionalExtendedPolicyResult AceDAOReadOnly::getPolicyResult(
- const DPL::String &attrHash)
-{
- Try {
- // get matching subject verdict
- ACE_DB_SELECT(select, AcePolicyResult, &AceDaoUtilities::m_databaseInterface);
- Equals<AcePolicyResult::hash> e1(attrHash);
- select->Where(e1);
-
- std::list<AcePolicyResult::Row> rows = select->GetRowList();
- if (rows.empty()) {
- return OptionalExtendedPolicyResult();
- }
-
- AcePolicyResult::Row row = rows.front();
- int decision = row.Get_decision();
- ExtendedPolicyResult res;
- res.policyResult = PolicyResult::deserialize(decision);
- res.ruleId = row.Get_rule_id();
- return OptionalExtendedPolicyResult(res);
- }
- Catch(DPL::DB::SqlConnection::Exception::Base) {
- ReThrowMsg(Exception::DatabaseError, "Failed to getVerdict");
- }
-}
-
-PreferenceTypes AceDAOReadOnly::getDevCapSetting(const std::string &resource)
-{
- Try {
- AceDevCap::Row row;
- if (!getResourceByUri(resource, row)) {
- return PreferenceTypes::PREFERENCE_DEFAULT;
- }
- return intToPreference(row.Get_general_setting());
- }
- Catch(DPL::DB::SqlConnection::Exception::Base) {
- ReThrowMsg(Exception::DatabaseError, "Failed to getResourceSetting");
- }
-}
-
-void AceDAOReadOnly::getDevCapSettings(PreferenceTypesMap *globalSettingsMap)
-{
- if (NULL == globalSettingsMap) {
- LogError("Null pointer");
- return;
- }
- globalSettingsMap->clear();
- Try {
- ACE_DB_SELECT(select, AceDevCap, &AceDaoUtilities::m_databaseInterface);
- typedef std::list<AceDevCap::Row> RowList;
- RowList list = select->GetRowList();
-
- FOREACH(i, list) {
- PreferenceTypes p = intToPreference(i->Get_general_setting());
- globalSettingsMap->insert(make_pair(DPL::ToUTF8String(
- i->Get_id_uri()), p));
- }
- }
- Catch(DPL::DB::SqlConnection::Exception::Base) {
- ReThrowMsg(Exception::DatabaseError, "Failed to getResourceSettings");
- }
-}
-
-void AceDAOReadOnly::getWidgetDevCapSettings(BasePermissionList *outputList)
-{
- if (NULL == outputList) {
- LogError("NULL pointer");
- return;
- }
- outputList->clear();
- Try {
- std::string resourceName;
- PreferenceTypes allowAccess;
-
- ACE_DB_SELECT(select,
- AceWidgetDevCapSetting,
- &AceDaoUtilities::m_databaseInterface);
-
- typedef std::list<AceWidgetDevCapSetting::Row> RowList;
- RowList list = select->GetRowList();
-
- // TODO JOIN
- FOREACH(i, list) {
- int app_id = i->Get_app_id();
- int res_id = i->Get_resource_id();
-
- ACE_DB_SELECT(resourceSelect, AceDevCap, &AceDaoUtilities::m_databaseInterface);
- resourceSelect->Where(Equals<AceDevCap::resource_id>(res_id));
- AceDevCap::Row rrow = resourceSelect->GetSingleRow();
-
- resourceName = DPL::ToUTF8String(rrow.Get_id_uri());
-
- if (!resourceName.empty()) {
- allowAccess = intToPreference(i->Get_access_value());
- outputList->push_back(
- BasePermission(app_id,
- resourceName,
- allowAccess));
- }
- }
- }
- Catch(DPL::DB::SqlConnection::Exception::Base) {
- ReThrowMsg(Exception::DatabaseError, "Failed to findUserSettings");
- }
-}
-
-PreferenceTypes AceDAOReadOnly::getWidgetDevCapSetting(
- const std::string &resource,
- WidgetHandle handler)
-{
- Try {
- AceDevCap::Row rrow;
- if (!getResourceByUri(resource, rrow)) {
- return PreferenceTypes::PREFERENCE_DEFAULT;
- }
- int resourceId = rrow.Get_resource_id();
-
- // get matching user setting
- ACE_DB_SELECT(select, AceWidgetDevCapSetting, &AceDaoUtilities::m_databaseInterface);
-
- select->Where(And(Equals<AceWidgetDevCapSetting::resource_id>(resourceId),
- Equals<AceWidgetDevCapSetting::app_id>(handler)));
-
- std::list<int> values =
- select->GetValueList<AceWidgetDevCapSetting::access_value>();
- if (values.empty()) {
- return PreferenceTypes::PREFERENCE_DEFAULT;
- }
- return intToPreference(values.front());
- }
- Catch(DPL::DB::SqlConnection::Exception::Base) {
- ReThrowMsg(Exception::DatabaseError, "Failed in getUserSetting");
- }
-}
-
-void AceDAOReadOnly::getRequestedDevCaps(
- WidgetHandle widgetHandle,
- RequestedDevCapsMap *permissions)
-{
- if (NULL == permissions) {
- LogError("NULL pointer");
- return;
- }
- permissions->clear();
- Try {
- ACE_DB_SELECT(select, AceRequestedDevCaps,
- &AceDaoUtilities::m_databaseInterface);
- select->Where(
- Equals<AceRequestedDevCaps::app_id>(widgetHandle));
- std::list<AceRequestedDevCaps::Row> list = select->GetRowList();
-
- FOREACH(i, list) {
- permissions->insert(std::make_pair(i->Get_dev_cap(),
- i->Get_grant_smack() == 1));
- }
- } Catch(DPL::DB::SqlConnection::Exception::Base) {
- ReThrowMsg(Exception::DatabaseError, "Failed to getRequestedDevCaps");
- }
-}
-
-void AceDAOReadOnly::getAcceptedFeature(
- WidgetHandle widgetHandle,
- FeatureNameVector *fvector)
-{
- if (NULL == fvector) {
- LogError("NULL pointer");
- return;
- }
-
- fvector->clear();
- Try {
- ACE_DB_SELECT(select, AceAcceptedFeature,
- &AceDaoUtilities::m_databaseInterface);
- select->Where(
- Equals<AceAcceptedFeature::app_id>(widgetHandle));
- std::list<AceAcceptedFeature::Row> list = select->GetRowList();
-
- FOREACH(i, list) {
- fvector->push_back(i->Get_feature());
- }
- } Catch(DPL::DB::SqlConnection::Exception::Base) {
- ReThrowMsg(Exception::DatabaseError, "Failed to getRequestedDevCaps");
- }
-}
-
-AppTypes AceDAOReadOnly::getWidgetType(WidgetHandle handle)
-{
- Try {
- ACE_DB_SELECT(select, WidgetInfo, &AceDaoUtilities::m_databaseInterface);
- select->Where(Equals<WidgetInfo::app_id>(handle));
- WidgetInfo::Select::RowList rows = select->GetRowList();
- DPL::OptionalInt res;
- if (!rows.empty()) {
- res = rows.front().Get_widget_type();
- AppTypes retType = (res.IsNull() ? AppTypes::Unknown : static_cast<AppTypes>(*res));
- return retType;
- } else {
- LogDebug("Can not find widget type");
- return AppTypes::Unknown;
- }
- }
- Catch(DPL::DB::SqlConnection::Exception::Base) {
- ReThrowMsg(Exception::DatabaseError, "Failed to getWidgetType");
- }
-}
-
-std::string AceDAOReadOnly::getVersion(WidgetHandle widgetHandle)
-{
- Try
- {
- ACE_DB_SELECT(select, WidgetInfo, &AceDaoUtilities::m_databaseInterface);
- select->Where(Equals<WidgetInfo::app_id>(widgetHandle));
- WidgetInfo::Select::RowList rows = select->GetRowList();
- DPL::OptionalString res;
- if(!rows.empty()) {
- res = rows.front().Get_widget_version();
- return (res.IsNull() ? "" : DPL::ToUTF8String(*res));
- } else {
- LogDebug("Widget not installed");
- return "";
- }
- } Catch(DPL::DB::SqlConnection::Exception::Base) {
- ReThrowMsg(Exception::DatabaseError, "Failed to getVersion");
- }
-}
-
-std::string AceDAOReadOnly::getAuthorName(WidgetHandle widgetHandle)
-{
- Try
- {
- ACE_DB_SELECT(select, WidgetInfo, &AceDaoUtilities::m_databaseInterface);
- select->Where(Equals<WidgetInfo::app_id>(widgetHandle));
- WidgetInfo::Select::RowList rows = select->GetRowList();
- DPL::OptionalString res;
- if(!rows.empty()) {
- res = rows.front().Get_author_name();
- return (res.IsNull() ? "" : DPL::ToUTF8String(*res));
- } else {
- LogDebug("Widget not installed");
- return "";
- }
- } Catch(DPL::DB::SqlConnection::Exception::Base) {
- ReThrowMsg(Exception::DatabaseError, "Failed to getAuthorName");
- }
-}
-
-std::string AceDAOReadOnly::getGUID(WidgetHandle widgetHandle)
-{
- Try
- {
- ACE_DB_SELECT(select, WidgetInfo, &AceDaoUtilities::m_databaseInterface);
- select->Where(Equals<WidgetInfo::app_id>(widgetHandle));
- WidgetInfo::Select::RowList rows = select->GetRowList();
- DPL::OptionalString res;
- if(!rows.empty()) {
- res = rows.front().Get_widget_id();
- return (res.IsNull() ? "" : DPL::ToUTF8String(*res));
- } else {
- LogDebug("Widget not installed");
- return "";
- }
- } Catch(DPL::DB::SqlConnection::Exception::Base) {
- ReThrowMsg(Exception::DatabaseError, "Failed to getGUID");
- }
-}
-
-WidgetCertificateCNList AceDAOReadOnly::getKeyCommonNameList(
- WidgetHandle widgetHandle,
- WidgetCertificateData::Owner owner,
- WidgetCertificateData::Type type)
-{
- Try {
- ACE_DB_SELECT(select, WidgetCertificateFingerprint, &AceDaoUtilities::m_databaseInterface);
- select->Where(And(And(
- Equals<WidgetCertificateFingerprint::app_id>(widgetHandle),
- Equals<WidgetCertificateFingerprint::owner>(owner)),
- Equals<WidgetCertificateFingerprint::type>(type)));
- WidgetCertificateFingerprint::Select::RowList rows = select->GetRowList();
-
- WidgetCertificateCNList out;
- FOREACH(it, rows)
- {
- DPL::Optional<DPL::String> cn = it->Get_common_name();
- out.push_back(cn.IsNull() ? "" : DPL::ToUTF8String(*cn));
- }
- return out;
- }
- Catch(DPL::DB::SqlConnection::Exception::Base) {
- ReThrowMsg(Exception::DatabaseError, "Failed to getKeyCommonNameList");
- }
-}
-
-FingerPrintList AceDAOReadOnly::getKeyFingerprints(
- WidgetHandle widgetHandle,
- WidgetCertificateData::Owner owner,
- WidgetCertificateData::Type type)
-{
- Try
- {
- ACE_DB_SELECT(select, WidgetCertificateFingerprint, &AceDaoUtilities::m_databaseInterface);
- select->Where(And(And(
- Equals<WidgetCertificateFingerprint::app_id>(widgetHandle),
- Equals<WidgetCertificateFingerprint::owner>(owner)),
- Equals<WidgetCertificateFingerprint::type>(type)));
- WidgetCertificateFingerprint::Select::RowList rows = select->GetRowList();
-
- FingerPrintList keys;
- FOREACH(it, rows)
- {
- DPL::Optional<DPL::String> sha1 = it->Get_sha1_fingerprint();
- if (!sha1.IsNull())
- keys.push_back(DPL::ToUTF8String(*sha1));
- DPL::Optional<DPL::String> md5 = it->Get_md5_fingerprint();
- if (!md5.IsNull())
- keys.push_back(DPL::ToUTF8String(*md5));
- }
- return keys;
- }
- Catch(DPL::DB::SqlConnection::Exception::Base) {
- ReThrowMsg(Exception::DatabaseError, "Failed to getKeyFingerprints");
- }
-}
-
-std::string AceDAOReadOnly::getShareHref(WidgetHandle widgetHandle)
-{
- Try
- {
- ACE_DB_SELECT(select, WidgetInfo, &AceDaoUtilities::m_databaseInterface);
- select->Where(Equals<WidgetInfo::app_id>(widgetHandle));
- WidgetInfo::Select::RowList rows = select->GetRowList();
-
- if(rows.empty())
- ThrowMsg(Exception::DatabaseError, "Cannot find widget. Handle: " << widgetHandle);
-
- DPL::Optional<DPL::String> value = rows.front().Get_share_href();
- std::string ret = "";
- if(!value.IsNull())
- ret = DPL::ToUTF8String(*value);
- return ret;
- }
- Catch(DPL::DB::SqlConnection::Exception::Base) {
- ReThrowMsg(Exception::DatabaseError, "Failed to getShareHref");
- }
-}
-
-WidgetHandleList AceDAOReadOnly::getHandleList()
-{
- LogDebug("Getting DbWidgetHandle List");
- Try
- {
- ACE_DB_SELECT(select, WidgetInfo, &AceDaoUtilities::m_databaseInterface);
- return select->GetValueList<WidgetInfo::app_id>();
- }
- Catch(DPL::DB::SqlConnection::Exception::Base) {
- ReThrowMsg(Exception::DatabaseError, "Failed to list of widget handles");
- }
-}
-
-bool AceDAOReadOnly::isWidgetInstalled(WidgetHandle handle)
-{
- Try {
- ACE_DB_SELECT(select, WidgetInfo, &AceDaoUtilities::m_databaseInterface);
- select->Where(Equals<WidgetInfo::app_id>(handle));
- WidgetInfo::Select::RowList rows = select->GetRowList();
- return !rows.empty() ? true : false;
- } Catch(DPL::DB::SqlConnection::Exception::Base) {
- ReThrowMsg(Exception::DatabaseError, "Failed in isWidgetInstalled");
- }
-}
-
-}
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/**
- *
- *
- * @file AceDaoReadOnly.h
- * @author Krzysztof Jackiewicz (k.jackiewicz@samsung.com)
- * @author Grzegorz Krawczyk (g.krawczyk@samsung.com)
- * @version 0.1
- * @brief
- */
-
-#include <openssl/md5.h>
-#include <dpl/assert.h>
-#include <dpl/foreach.h>
-
-#include <ace-dao-ro/AceDatabase.h>
-#include <ace-dao-ro/AceDAOUtilities.h>
-#include <ace-dao-ro/AceDAOReadOnly.h>
-
-namespace AceDB {
-
-namespace {
-const char* ACE_DB_DATABASE = "/opt/dbspace/.ace.db";
-DPL::DB::SqlConnection::Flag::Type ACE_DB_FLAGS =
- DPL::DB::SqlConnection::Flag::UseLucene;
-}
-
-DPL::DB::ThreadDatabaseSupport AceDaoUtilities::m_databaseInterface(
- ACE_DB_DATABASE, ACE_DB_FLAGS);
-
-BaseAttribute::Type AceDaoUtilities::intToAttributeType(int val)
-{
- switch (val) {
- case 0:
- return BaseAttribute::Type::Subject;
- case 1:
- return BaseAttribute::Type::Environment;
- case 2:
- return BaseAttribute::Type::Resource;
- case 3:
- return BaseAttribute::Type::FunctionParam;
- case 4:
- return BaseAttribute::Type::WidgetParam;
-
- default:
- Assert(0 && "Unknown Attribute type value");
- return BaseAttribute::Type::Subject; //remove compilation warrning
- }
-}
-
-int AceDaoUtilities::attributeTypeToInt(BaseAttribute::Type type)
-{
- // we cannot cast enum -> int because this cast will be removed from next c++ standard
- switch (type) {
- case BaseAttribute::Type::Subject:
- return 0;
- case BaseAttribute::Type::Environment:
- return 1;
- case BaseAttribute::Type::Resource:
- return 2;
- case BaseAttribute::Type::FunctionParam:
- return 3;
- case BaseAttribute::Type::WidgetParam:
- return 4;
-
- default:
- Assert(0 && "Unknown Attribute type!");
- return 0; //remove compilation warrning
- }
-}
-
-int AceDaoUtilities::preferenceToInt(PreferenceTypes p)
-{
- switch (p) {
- case PreferenceTypes::PREFERENCE_PERMIT:
- return 1;
- case PreferenceTypes::PREFERENCE_DENY:
- return 0;
- case PreferenceTypes::PREFERENCE_BLANKET_PROMPT:
- return 2;
- case PreferenceTypes::PREFERENCE_SESSION_PROMPT:
- return 3;
- case PreferenceTypes::PREFERENCE_ONE_SHOT_PROMPT:
- return 4;
-
- default:
- return -1;
- }
-}
-
-PreferenceTypes AceDaoUtilities::intToPreference(int p)
-{
- switch (p) {
- case 1:
- return PreferenceTypes::PREFERENCE_PERMIT;
- case 0:
- return PreferenceTypes::PREFERENCE_DENY;
- case 2:
- return PreferenceTypes::PREFERENCE_BLANKET_PROMPT;
- case 3:
- return PreferenceTypes::PREFERENCE_SESSION_PROMPT;
- case 4:
- return PreferenceTypes::PREFERENCE_ONE_SHOT_PROMPT;
-
- default:
- return PreferenceTypes::PREFERENCE_DEFAULT;
- }
-}
-
-VerdictTypes AceDaoUtilities::intToVerdict(int v)
-{
- switch (v) {
- case -1:
- return VerdictTypes::VERDICT_UNKNOWN;
- case 0:
- return VerdictTypes::VERDICT_DENY;
- case 1:
- return VerdictTypes::VERDICT_PERMIT;
- case 2:
- return VerdictTypes::VERDICT_INAPPLICABLE;
-
- default:
- Assert(0 && "Cannot convert int to verdict");
- return VerdictTypes::VERDICT_UNKNOWN; // remove compile warrning
- }
-}
-
-int AceDaoUtilities::verdictToInt(VerdictTypes v)
-{
- switch (v) {
- case VerdictTypes::VERDICT_UNKNOWN:
- return -1;
- case VerdictTypes::VERDICT_DENY:
- return 0;
- case VerdictTypes::VERDICT_PERMIT:
- return 1;
- case VerdictTypes::VERDICT_INAPPLICABLE:
- return 2;
-
- default:
- Assert(0 && "Unknown Verdict value");
- return -1; // remove compile warrning
- }
-}
-
-bool AceDaoUtilities::getSubjectByUri(const std::string &uri,
- DPL::DB::ORM::ace::AceSubject::Row &row)
-{
- using namespace DPL::DB::ORM;
- using namespace DPL::DB::ORM::ace;
- ACE_DB_SELECT(select, AceSubject, &m_databaseInterface);
- select->Where(Equals<AceSubject::id_uri>(DPL::FromUTF8String(uri)));
- std::list<AceSubject::Row> rows = select->GetRowList();
- if (rows.empty()) {
- return false;
- }
-
- row = rows.front();
- return true;
-}
-
-bool AceDaoUtilities::getResourceByUri(const std::string &uri,
- DPL::DB::ORM::ace::AceDevCap::Row &row)
-{
- using namespace DPL::DB::ORM;
- using namespace DPL::DB::ORM::ace;
- ACE_DB_SELECT(select, AceDevCap, &m_databaseInterface);
- select->Where(Equals<AceDevCap::id_uri>(DPL::FromUTF8String(uri)));
- std::list<AceDevCap::Row> rows = select->GetRowList();
- if (rows.empty()) {
- return false;
- }
-
- row = rows.front();
- return true;
-}
-
-
-}
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file AceDatabase.cpp
- * @author Lukasz Marek (l.marek@samsung.com)
- * @version 1.0
- * @brief This file contains the declaration of ace database
- */
-
-#include <ace-dao-ro/AceDatabase.h>
-
-DPL::Mutex g_aceDbQueriesMutex;
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/**
- *
- *
- * @file BaseAttribute.cpp
- * @author Lukasz Marek (l.marek@samsung.com)
- * @version 0.1
- * @brief
- */
-
-#include <sstream>
-#include <string>
-
-#include <ace-dao-ro/BaseAttribute.h>
-
-namespace AceDB {
-
-const char* BaseAttribute::typeToString(Type type)
-{
- const char * ret = NULL;
- switch (type) {
- case Type::Resource:
- ret = "resource";
- break;
- case Type::Subject:
- ret = "subject";
- break;
- case Type::Environment:
- ret = "environment";
- break;
- default:
- ret = "unknown type";
- break;
- }
-
- return ret;
-}
-
-std::string BaseAttribute::toString() const
-{
- std::string ret;
- const char * SEPARATOR = ";";
-
- ret.append(m_name);
- ret.append(SEPARATOR);
- ret.append(typeToString(m_typeId));
- ret.append(SEPARATOR);
- if (m_undetermindState) {
- ret.append("true");
- } else {
- ret.append("false");
- }
- ret.append(SEPARATOR);
- for (std::list<std::string>::const_iterator it = value.begin();
- it != value.end();
- ++it) {
- std::stringstream num;
- num << it->size();
- ret.append(num.str());
- ret.append(SEPARATOR);
- ret.append(*it);
- ret.append(SEPARATOR);
- }
-
- return ret;
-}
-
-}
+++ /dev/null
-
-SET(ACE_DAO_DEPS_LIST
- dpl-efl
- dpl-db-efl
- ecore
- appcore-efl
- openssl
- vconf
- db-util
- libpcrecpp
- icu-uc
- libxml-2.0
- )
-
-PKG_CHECK_MODULES(ACE_DAO_DEPS ${ACE_DAO_DEPS_LIST} REQUIRED)
-
-set(ACE_SRC_DIR ${PROJECT_SOURCE_DIR}/ace/dao)
-
-set(ACE_DAO_RO_SOURCES
- ${ACE_SRC_DIR}/AceDAOReadOnly.cpp
- ${ACE_SRC_DIR}/AceDAOUtilities.cpp
- ${ACE_SRC_DIR}/AceDAOConversions.cpp
- ${ACE_SRC_DIR}/BaseAttribute.cpp
- ${ACE_SRC_DIR}/AceDatabase.cpp
- ${ACE_SRC_DIR}/PromptModel.cpp
-)
-
-set(ACE_DAO_RW_SOURCES
- ${ACE_SRC_DIR}/AceDAO.cpp
-)
-
-INCLUDE_DIRECTORIES(${ACE_SRC_DIR})
-INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/ace/include)
-INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/ace/orm)
-INCLUDE_DIRECTORIES(${ACE_DAO_DEPS_INCLUDE_DIRS})
-
-ADD_LIBRARY(${TARGET_ACE_DAO_RO_LIB} SHARED
- ${ACE_DAO_RO_SOURCES}
-)
-
-SET_TARGET_PROPERTIES(${TARGET_ACE_DAO_RO_LIB} PROPERTIES
- SOVERSION ${API_VERSION}
- VERSION ${VERSION})
-
-SET_TARGET_PROPERTIES(${TARGET_ACE_DAO_RO_LIB} PROPERTIES
- COMPILE_FLAGS -fPIC)
-
-SET_TARGET_PROPERTIES(${TARGET_ACE_DAO_RO_LIB} PROPERTIES
- COMPILE_FLAGS "-include ${CMAKE_BINARY_DIR}/ace/database_checksum_ace.h")
-
-target_link_libraries(${TARGET_ACE_DAO_RO_LIB}
- ${TARGET_DPL_EFL}
- ${TARGET_DPL_DB_EFL}
- ${ACE_DAO_DEPS_LIBRARY}
- ${ACE_DAO_DEPS_LDFLAGS}
-)
-
-ADD_LIBRARY(${TARGET_ACE_DAO_RW_LIB} SHARED
- ${ACE_DAO_RW_SOURCES}
-)
-
-SET_TARGET_PROPERTIES(${TARGET_ACE_DAO_RW_LIB} PROPERTIES
- SOVERSION ${API_VERSION}
- VERSION ${VERSION})
-
-SET_TARGET_PROPERTIES(${TARGET_ACE_DAO_RW_LIB} PROPERTIES
- COMPILE_FLAGS -fPIC)
-
-SET_TARGET_PROPERTIES(${TARGET_ACE_DAO_RW_LIB} PROPERTIES
- COMPILE_FLAGS "-include ${CMAKE_BINARY_DIR}/ace/database_checksum_ace.h")
-
-target_link_libraries(${TARGET_ACE_DAO_RW_LIB}
- ${ACE_DAO_DEPS_LIST_LIBRARIES}
- ${TARGET_ACE_DAO_RO_LIB}
-)
-
-INSTALL(TARGETS ${TARGET_ACE_DAO_RO_LIB}
- DESTINATION lib)
-
-INSTALL(TARGETS ${TARGET_ACE_DAO_RW_LIB}
- DESTINATION lib)
-
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/* @file PromptModel.cpp
- * @author Justyna Mejzner (j.kwiatkowsk@samsung.com)
- * @author Jaroslaw Osmanski (j.osmanski@samsung.com)
- * @version 1.0
- *
- */
-
-#include <ace-dao-ro/PromptModel.h>
-
-#include <algorithm>
-#include <dpl/log/log.h>
-#include <dpl/assert.h>
-
-namespace {
-
-const char INFO[] = "Widget requires access to:";
-const char DENY[] = "Deny";
-const char ALLOW[] = "Permit";
-
-const char BLANKET_CHECKBOX_LABEL[] = "Keep setting as permanent";
-const char SESSION_CHECKBOX_LABEL[] = "Remember for one run";
-
-Prompt::ButtonLabels aceQuestionLabel = {DENY, ALLOW};
-
-static Prompt::PromptLabels* getModel(
- Prompt::PromptModel::PromptType promptType,
- const std::string& resourceId)
-{
- std::string strLabel;
- strLabel = INFO;
- strLabel += "<br>";
- strLabel += resourceId;
-
- return new Prompt::PromptLabels(promptType, aceQuestionLabel, strLabel);
-}
-
-Prompt::Validity fromPromptTypeToValidity(int aPromptType, bool checkClicked)
-{
- using namespace Prompt;
- PromptModel::PromptType promptTypeEnum =
- static_cast<PromptModel::PromptType>(aPromptType);
- switch (promptTypeEnum) {
- case PromptModel::PROMPT_ONESHOT:
- return Validity::ONCE;
- case PromptModel::PROMPT_SESSION:
- if (checkClicked)
- {
- return Validity::SESSION;
- }
- else
- {
- return Validity::ONCE;
- }
- case PromptModel::PROMPT_BLANKET:
- if (checkClicked)
- {
- return Validity::ALWAYS;
- }
- else
- {
- return Validity::ONCE;
- }
- default:
- Assert(0);
- return Validity::ONCE;
- }
-}
-} // namespace anonymous
-
-namespace Prompt {
-
-
-PromptLabels::PromptLabels(int promptType,
- const Prompt::ButtonLabels& questionLabel,
- const std::string& mainLabel) :
- m_promptType(promptType),
- m_buttonLabels(questionLabel),
- m_mainLabel(mainLabel)
-{
-
-}
-
-int PromptLabels::getPromptType() const
-{
- return m_promptType;
-}
-const ButtonLabels& PromptLabels::getButtonLabels() const
-{
- return m_buttonLabels;
-}
-const std::string& PromptLabels::getMainLabel() const
-{
- return m_mainLabel;
-}
-
-DPL::OptionalString PromptLabels::getCheckLabel() const
-{
- if (PromptModel::PROMPT_BLANKET == m_promptType)
- {
- return DPL::OptionalString(
- DPL::FromUTF8String(BLANKET_CHECKBOX_LABEL));
- }
- else if (PromptModel::PROMPT_SESSION == m_promptType)
- {
- return DPL::OptionalString(
- DPL::FromUTF8String(SESSION_CHECKBOX_LABEL));
- }
-
- return DPL::OptionalString::Null;
-}
-
-bool PromptLabels::isAllowed(const size_t buttonClicked) const
-{
- Assert(buttonClicked < aceQuestionLabel.size() &&
- "Button Clicked number is not in range of questionLabel");
-
- return aceQuestionLabel[buttonClicked] == ALLOW;
-}
-
-PromptAnswer::PromptAnswer(bool isAccessAllowed, Validity validity) :
- m_isAccessAllowed(isAccessAllowed),
- m_validity(validity)
-{
-
-}
-
-PromptAnswer::PromptAnswer(
- int aPromptType, unsigned int buttonAns, bool checkAns)
-{
- Assert(buttonAns < aceQuestionLabel.size() &&
- "Button Clicked number is not in range of questionLabel");
-
- m_isAccessAllowed = aceQuestionLabel[buttonAns] == ALLOW;
- m_validity = fromPromptTypeToValidity(aPromptType, checkAns);
-}
-
-bool PromptAnswer::isAccessAllowed() const
-{
- return m_isAccessAllowed;
-}
-
-Validity PromptAnswer::getValidity() const
-{
- return m_validity;
-}
-
-PromptLabels* PromptModel::getOneShotModel(const std::string& resourceId)
-{
- return getModel(PROMPT_ONESHOT, resourceId);
-}
-
-PromptLabels* PromptModel::getSessionModel(const std::string& resourceId)
-{
- return getModel(PROMPT_SESSION, resourceId);
-}
-
-PromptLabels* PromptModel::getBlanketModel(const std::string& resourceId)
-{
- return getModel(PROMPT_BLANKET, resourceId);
-}
-
-
-} // Prompt
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#include <fnmatch.h>
-#include <pcrecpp.h>
-#include <sstream>
-#include <dpl/foreach.h>
-#include <dpl/log/log.h>
-#include <ace/Attribute.h>
-
-const bool Attribute::alpha[256] = {
- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
- 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 0, 0, 0, 0,
- 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
- 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 0, 0, 0, 0
-};
-const bool Attribute::digit[256] = {
- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
- 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 0, 0, 0, 0, 0
-};
-
-const bool Attribute::mark[256] = {
- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 1, 0, 0, 0, 0, 0, 1, 1, 1, 1, 0, 0, 1, 1, 0,
- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1,
- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0
-};
-
-bool Attribute::searchAndCut(const char *str)
-{
- //TODO
- size_t pos = m_name.rfind(str);
- if (pos == std::string::npos) {
- return false;
- }
- if ((strlen(str) + pos) == m_name.size()) {
- m_name.erase(pos, std::string::npos);
- return true;
- }
- return false;
-}
-
-Attribute::Attribute(const std::string *name,
- const Match matchFunc,
- const Type type_) :
- matchFunction(matchFunc)
-{
- m_name = *name;
- m_typeId = type_;
- m_undetermindState = false;
- if (matchFunction != Match::Equal
- && matchFunction != Match::Glob
- && matchFunction != Match::Regexp)
- {
- //LogDebug("MID: " << matchFunction);
- Assert(0 && "Match function problem");
- }
-
- if (searchAndCut(".scheme")) {
- modifierFunction = Modifier::Scheme;
- } else if (searchAndCut(".authority")) {
- modifierFunction = Modifier::Authority;
- } else if (searchAndCut(".scheme-authority")) {
- modifierFunction = Modifier::SchemeAuthority;
- } else if (searchAndCut(".host")) {
- modifierFunction = Modifier::Host;
- } else if (searchAndCut(".path")) {
- modifierFunction = Modifier::Path;
- } else {
- modifierFunction = Modifier::Non;
- }
-}
-
-static Attribute::MatchResult equal_comparator(const std::string *first,
- const std::string *second)
-{
- if((*first) == (*second)) {
- return Attribute::MatchResult::MRTrue;
- }
- return Attribute::MatchResult::MRFalse;
-}
-
-static Attribute::MatchResult glob_comparator(const std::string *first,
- const std::string *second)
-{
- // order is important
- if (!fnmatch(first->c_str(), second->c_str(), 0)) {
- return Attribute::MatchResult::MRTrue;
- }
- return Attribute::MatchResult::MRFalse;
-}
-
-static Attribute::MatchResult regexp_comparator(const std::string *first,
- const std::string *second)
-{
- // order is important
- pcrecpp::RE re(first->c_str());
- if (re.FullMatch(second->c_str())) {
- return Attribute::MatchResult::MRTrue;
- }
- return Attribute::MatchResult::MRFalse;
-}
-
-Attribute::MatchResult Attribute::lists_comparator(
- const std::list<std::string> *first,
- const std::list<std::string> *second,
- Attribute::MatchResult (*comparator)(const std::string *,
- const std::string *)) const
-{
- //NOTE: BONDI defines all availabe matching function as: if some string from first input bag
- //matches some input string from second input bag, so it's required to find only one matching string
- MatchResult result = MatchResult::MRFalse;
-
- for (std::list<std::string>::const_iterator second_iter = second->begin();
- (second_iter != second->end()) && (result != MatchResult::MRTrue);
- ++second_iter)
- {
- std::string *modified_value = applyModifierFunction(&(*second_iter));
- //Value was not an URI, it will be removed from the string bag (ignored)
- if (modified_value == NULL) {
- continue;
- }
-
- for (std::list<std::string>::const_iterator first_iter = first->begin();
- first_iter != first->end();
- ++first_iter) {
- //Compare attributes
- if ((*comparator)(&(*first_iter), modified_value) == MatchResult::MRTrue) {
- result = MatchResult::MRTrue;
- break; //Only one match is enough
- }
- }
- if (modified_value) {
- delete modified_value;
- modified_value = NULL;
- }
- }
-
- if (result == MatchResult::MRTrue) {
- LogDebug("Returning TRUE");
- } else if (result == MatchResult::MRFalse) {
- LogDebug("Returning FALSE");
- } else if (result == MatchResult::MRUndetermined) {
- LogDebug("Returning UNDETERMINED");
- }
- return result;
-}
-
-std::string * Attribute::applyModifierFunction(const std::string * val) const
-{
- std::string * result = NULL;
- switch (modifierFunction) {
- case Modifier::Scheme:
- result = uriScheme(val);
- break;
- case Modifier::Authority:
- result = uriAuthority(val);
- break;
- case Modifier::SchemeAuthority:
- result = uriSchemeAuthority(val);
- break;
- case Modifier::Host:
- result = uriHost(val);
- break;
- case Modifier::Path:
- result = uriPath(val);
- break;
- default:
- result = new std::string(*val);
- }
-
- return result;
-}
-
-/**
- * this - attribute obtained from xmlPolicy tree
- * attribute - attribute obtained from PIP
- */
-Attribute::MatchResult Attribute::matchAttributes(
- const BaseAttribute *attribute) const
-{
- std::string tempNam = *(attribute->getName());
- std::string tempVal;
- std::string myVal;
-
- if (!(attribute->getValue()->empty())) {
- tempVal = attribute->getValue()->front();
- }
-
- if (!(this->value.empty())) {
- myVal = this->value.front();
- }
-
- LogDebug("Comparing attribute: " << this->m_name << "(" <<
- myVal << ") with: " << tempNam <<
- "(" << tempVal << ")");
-
- Assert(
- (this->m_name == *(attribute->getName())) &&
- "Two completely different attributes are being compared!");
- Assert(
- (this->m_typeId == attribute->getType()) &&
- "Two completely different attributes are being compared!");
-
- if (attribute->isUndetermind()) {
- LogDebug("Attribute match undetermined");
- return MatchResult::MRUndetermined;
- }
-
- //Regardles the algorithm used, if we have empty
- //bag the result is always false
- if (this->isValueEmpty() || attribute->isValueEmpty()) {
- if (this->isValueEmpty()) {
- LogDebug("empty bag in condition comparing");
- }
- if (attribute->isValueEmpty()) {
- LogDebug("empty bag in attribute comparing");
- }
- return MatchResult::MRFalse;
- }
-
- if (this->matchFunction == Match::Equal) {
- return lists_comparator(&(this->value),
- attribute->getValue(),
- equal_comparator);
- } else if (this->matchFunction == Match::Glob) {
- return lists_comparator(&(this->value),
- attribute->getValue(),
- glob_comparator);
- } else if (this->matchFunction == Match::Regexp) {
- return lists_comparator(&(this->value),
- attribute->getValue(),
- regexp_comparator);
- } //[CR] Change to Assert
- Assert(false && " ** Critical :: no match function selected!");
- return MatchResult::MRFalse; // to remove compilator warning
-}
-
-void Attribute::addValue(const std::string *val)
-{
- this->getValue()->push_back(*val);
-}
-
-std::ostream & operator<<(std::ostream & out,
- const Attribute & attr)
-{
- out << "attr: m_name: " << *(attr.getName())
- << " type: " << Attribute::typeToString(attr.getType())
- << " value: ";
- if (attr.m_undetermindState) {
- out << "Undetermined";
- } else if (attr.getValue()->empty()) {
- out << "Empty string bag";
- } else {
- FOREACH (it, *attr.getValue()) {
- out << *it;
- }
- }
- return out;
-}
-
-bool
-Attribute::parse(const std::string *input,
- std::string *val) const
-{
- static const char *pattern =
- "^(([^:/?#]+):)?(//([^/?#]*))?([^?#]*)(\\?([^#]*))?(#(.*))?";
- pcrecpp::RE re(pattern);
- re.FullMatch(input->c_str(), &val[0], &val[1],
- &val[2], &val[3], &val[4],
- &val[5], &val[6], &val[7], &val[8]);
-
-#ifdef ALL_LOGS
- for (int i = 0; i < 9; i++) {
- LogDebug("val " << i << " :" << val[i]);
- }
-#endif
-
- if (find_error(val)) {
- LogDebug("Input is not an URI " << *input);
- for (int i = 0; i < 9; ++i) {
- val[i].clear();
- }
- return false;
- }
-
- return true;
-}
-
-Attribute::~Attribute()
-{
-}
-
-std::string * Attribute::uriScheme(const std::string *input) const
-{
- std::string part[9];
- if (!parse(input, part)) {
- return NULL;
- }
- return new string(part[1]);
-}
-
-std::string *
-Attribute::uriAuthority(const std::string *input) const
-{
- std::string part[9];
- if (!parse(input, part)) {
- return NULL;
- }
- return new string(part[3]);
-}
-
-std::string *
-Attribute::uriSchemeAuthority(const std::string *input) const
-{
- std::string part[9];
- if (!parse(input, part)) {
- return NULL;
- }
-
- if (part[0].size() == 0 || part[2].size() == 0) {
- return new std::string();
- }
- return new string(part[0] + part[2]);
-}
-
-std::string *
-Attribute::uriHost(const std::string *input) const
-{
- std::string part[9];
- if (!parse(input, part)) {
- return NULL;
- }
- return getHost(&(part[3]));
-}
-
-std::string *
-Attribute::uriPath(const std::string *input) const
-{
- //TODO right now uriPath leaves leading '/' in uri, this slash is removed from the string
- //it's not clear if leading '/' is a part of path component or only the separator
- std::string part[9];
- if (!parse(input, part)) {
- return NULL;
- }
-
- std::string * temp = NULL;
-
- if (part[4].at(0) == '/') {
- temp = new string(part[4].substr(1, part[4].length() - 1));
- } else {
- temp = new string(part[4]);
- }
-
- return temp;
-}
-
-bool Attribute::find_error(const std::string *tab) const
-{
- //We are checking tab[1] which contains scheme without ':' at the end
- if (!checkScheme(&(tab[1]))) {
- LogDebug("Check scheme failed, URI is invalid");
- return true; //error found
- }
- if (!checkAuthority(&(tab[3]))) {
- LogDebug("Check authority failed, URI is invalid");
- return true; //error found
- }
-
- if (!checkPath(&(tab[4]))) {
- LogDebug("Check path failed, URI is invalid");
- return true; //error found
- }
-
- return false;
-}
-
-bool Attribute::checkScheme(const std::string *part) const
-{
- Assert(part != NULL && "Checking NULLable string. This should never happen");
-
- bool result = true;
-
- //TODO change part->at to data=part->c_str()
- //TODO can scheme be empty? In absolute URI no, in relative URI yes
- if (part->empty()) {
- //Empty string is a correct schema
- result = true;
- } else if (alpha[(int) (part->at(0))] == 0) {
- result = false; // First scheme character must be alpha
- } else {
- // rest must be alpha or digit or '+' or '-' or '.'
- for (unsigned int i = 1; i < part->size(); ++i) {
- int c = static_cast<int>(part->at(i));
- if (!isSchemeAllowedCharacter(c)) {
- result = false;
- break;
- }
- }
- }
- return result;
-}
-
-bool Attribute::checkAuthority(const std::string *part) const
-{
- Assert(part != NULL && "Checking NULLable string. This should never happen");
-
- //Server is a subset of reg_m_names so here we only check if authority matches reg_m_name
- //Additional check if authority is a valid 'server' component is done in getHost
- if (part->empty()) {
- return true; //empty authority is valid uri
- }
- bool result = true;
-
- const char * data = part->c_str();
- for (size_t i = 0; i < part->length(); ++i) {
- int c = (int) data[i];
- if (isUnreserved(c)) {
- continue;
- }
- if (c == '$') {
- continue;
- }
- if (c == ',') {
- continue;
- }
- if (c == ';') {
- continue;
- }
- if (c == ':') {
- continue;
- }
- if (c == '@') {
- continue;
- }
- if (c == '&') {
- continue;
- }
- if (c == '=') {
- continue;
- }
- if (c == '+') {
- continue;
- }
- if (c == '%') {
- if (isEscaped(data + i)) {
- i += 2; //rewind the two escaped characters
- continue;
- }
- }
- result = false;
- break;
- }
-
- return result;
-}
-
-std::string * Attribute::getHost(const std::string *part) const
-{
- if (part->empty()) {
- return new std::string("");
- }
-
- //Check userinfo
- size_t userInfoPos = part->find("@");
- if (userInfoPos != std::string::npos) {
- std::string data = part->substr(0, userInfoPos);
- if (!isUserInfoAllowedString(&data)) {
- return new string(""); //the authority is not composed of 'server' part
- }
- }
-
- std::string host;
- //If we use host modifier then authority is composed of 'server' part so
- //the port must contain only digits
- size_t portPos = part->find(":");
- if (portPos != std::string::npos) {
- for (unsigned int i = portPos + 1; i < part->size(); ++i) {
- if (!digit[(int) part->at(i)]) {
- return new string(""); //the authority is not composed of 'server' part
- }
- }
- host = part->substr(userInfoPos + 1, portPos - (userInfoPos + 1));
- } else {
- host = part->substr(userInfoPos + 1, part->length() - (userInfoPos + 1));
- }
-
- if (!isHostAllowedString(&host)) {
- //Even if the string is not allowed for host this can still be a valid uri
- return new string("");
- }
-
- return new std::string(host);
-}
-
-bool Attribute::checkPath(const std::string *part) const
-{
- bool result = true;
-
- const char * data = part->c_str();
-
- for (unsigned int i = 0; i < part->size(); ++i) {
- int c = data[i];
- if (c == '/') {
- //If we found slash then the next character must be a part of segment
- //It cannot be '/' so we have to check it immediately
- i++;
- c = data[i];
- if (!isSegmentAllowedCharacter(c)) {
- result = false;
- break;
- }
- } else if (c == ';') {
- //Start param part of segment
- i++; //Param can be empty so we don't have to check what's right after semicolon
- continue;
- } else if (c == '%') {
- //We have to handle escaped characters differently than other segment allowed characters
- //because we need an array
- if (isEscaped(data + i)) {
- i += 2;
- } else {
- result = false;
- break;
- }
- } else {
- if (!isSegmentAllowedCharacter(c)) {
- result = false;
- break;
- }
- }
- }
-
- return result;
-}
-
-bool Attribute::isSchemeAllowedCharacter(int c) const
-{
- bool result = false;
- if (isAlphanum(c)) {
- result = true;
- } else if (c == '+') {
- result = true;
- } else if (c == '-') {
- result = true;
- } else if (c == '.') {
- result = true;
- }
-
- return result;
-}
-
-bool Attribute::isSegmentAllowedCharacter(int c) const
-{
- bool result = true;
-
- // LogDebug("Checking is segment allowed for char "<<(char)c);
-
- if (isUnreserved(c)) { //do nothing, result = true
- } else if (c == ':') { //do nothing, result = true
- } else if (c == '@') { //do nothing, result = true
- } else if (c == '&') { //do nothing, result = true
- } else if (c == '=') { //do nothing, result = true
- } else if (c == '+') { //do nothing, result = true
- } else if (c == '$') { //do nothing, result = true
- } else if (c == ',') { //do nothing, result = true
- } else {
- result = false;
- }
-
- return result;
-}
-
-bool Attribute::isUserInfoAllowedString(const std::string * str) const
-{
- bool result = false;
-
- const char * data = str->c_str();
-
- for (unsigned int i = 0; i < str->length(); ++i) {
- int c = data[i];
- if (isUnreserved(c)) {
- result = true;
- } else if (c == '%') {
- //isEsacped method checks if we don't cross array bounds, so we can
- //safely give data[i] here
- result = isEscaped((data + i));
- if (result == false) {
- break;
- }
- i += 2; //rewind the next two characters sEsacped method checks if we don't cross array bounds, so we can safely rewind
- } else if (c == ',') {
- result = true;
- } else if (c == '$') {
- result = true;
- } else if (c == '+') {
- result = true;
- } else if (c == '=') {
- result = true;
- } else if (c == '&') {
- result = true;
- } else if (c == '@') {
- result = true;
- } else if (c == ':') {
- result = true;
- }
- }
- return result;
-}
-
-bool Attribute::isUnreserved(int c) const
-{
- return isAlphanum(c) || mark[c];
-}
-
-bool Attribute::isAlphanum(int c) const
-{
- return alpha[c] || digit[c];
-}
-
-bool Attribute::isHex(int c) const
-{
- bool result = false;
-
- if (digit[c]) {
- result = true;
- } else if (c == 'A') {
- result = true;
- } else if (c == 'B') {
- result = true;
- } else if (c == 'C') {
- result = true;
- } else if (c == 'D') {
- result = true;
- } else if (c == 'E') {
- result = true;
- } else if (c == 'F') {
- result = true;
- } else if (c == 'a') {
- result = true;
- } else if (c == 'b') {
- result = true;
- } else if (c == 'c') {
- result = true;
- } else if (c == 'd') {
- result = true;
- } else if (c == 'e') {
- result = true;
- } else if (c == 'f') {
- result = true;
- }
-
- return result;
-}
-
-bool Attribute::isEscaped(const char esc[3]) const
-{
- if (esc == NULL) {
- return false;
- }
-
- if ((esc[0] == 0) || (esc[1] == 0) || (esc[2] == 0)) {
- //We get an array that seems to be out of bounds.
- //To be on the safe side return here
- LogDebug("HEX NULLS");
- return false;
- }
-
- if (esc[0] != '%') {
- LogDebug(
- "Error: first character of escaped value must be a precent but is "
- <<
- esc[0]);
- return false;
- }
-
-#ifdef ALL_LOGS
- for (int i = 0; i < 3; i++) {
- LogDebug("HEX " << esc[i]);
- }
-#endif
- return isHex((int) esc[1]) && isHex((int) esc[2]);
-}
-
-bool Attribute::isHostAllowedString(const std::string * str) const
-{
- bool result = true;
-
- if (digit[(int) str->at(0)]) {
- //IPv4 address
- result = isIPv4AllowedString(str);
- } else {
- //Hostname
- result = isHostNameAllowedString(str);
- }
-
- return result;
-}
-
-bool Attribute::isIPv4AllowedString(const std::string * str) const
-{
- LogDebug("Is hostIPv4 allowed String for " << *str);
-
- const char * data = str->c_str();
- bool result = true;
- int digitCounter = 0;
- int dotCounter = 0;
-
- for (unsigned int i = 0; i < str->length(); ++i) {
- if (data[i] == '.') {
- dotCounter++;
- digitCounter = 0;
- } else if (digit[(int) data[i]]) {
- digitCounter++;
- if ((digitCounter > 3) || !digitCounter) {
- result = false;
- break;
- }
- } else {
- result = false;
- break;
- }
- }
- if (dotCounter != 3) {
- result = false;
- }
- return result;
-}
-
-bool Attribute::isHostNameAllowedString(const std::string * str) const
-{
- LogDebug("Is hostname allowed String for " << *str);
-
- int lastPosition = 0; //the position of last dot + 1
- const char * data = str->c_str();
- bool finalDot = false;
- size_t end = str->length();
- bool result = false;
-
- for (size_t i = 0; i < end; ++i) {
- if (data[i] == '.') {
- if (i == str->length() - 1) { //ending dot
- //There can be a leading '.' int the hostm_name
- finalDot = true;
- break;
- } else {
- //we found domain label
- if (!isDomainLabelAllowedString(data + lastPosition, i -
- lastPosition)) {
- result = false;
- goto end;
- }
- lastPosition = i + 1; //Set position to position of last dot + 1
- }
- }
- }
-
- if (finalDot) {
- //we have to rewind one position to check the rightmost string
- //but only in case we find final dot
- end--;
- }
- //Compare only the rightmost string aaa.bbbb.rightmostString.
- result = isTopLabelAllowedString(data + lastPosition, end - lastPosition);
-
-end:
-
- if (result) {
- LogInfo("Hostname is allowed");
- } else {
- LogInfo("Hostname is NOT allowed");
- }
-
- return result;
-}
-
-bool Attribute::isDomainLabelAllowedString(const char * data,
- int length) const
-{
- LogDebug(
- "Is domain allowed String for " << data << " taking first " <<
- length <<
- " chars");
-
- if (!isAlphanum((int) data[0]) || !isAlphanum((int) data[length - 1])) {
- return false;
- }
-
- for (int i = 0; i < length; i++) {
- if ((!isAlphanum(data[i])) && !(data[i] == '-')) {
- return false;
- }
- }
- return true;
-}
-
-bool Attribute::isTopLabelAllowedString(const char * data,
- int length) const
-{
- if ((!alpha[(int) data[0]]) || (!isAlphanum((int) data[length - 1]))) {
- return false;
- }
-
- for (int i = 1; i < length - 1; i++) {
- if ((!isAlphanum(data[i])) && !(data[i] == '-')) {
- return false;
- }
- }
- return true;
-}
-
-void printAttributes(const AttributeSet& attrs)
-{
- if (attrs.empty()) {
- LogWarning("Empty attribute set");
- } else {
- LogDebug("PRINT ATTRIBUTES:");
- for (AttributeSet::const_iterator it = attrs.begin();
- it != attrs.end();
- ++it)
- {
- LogDebug("name: " << *(*it)->getName());
- }
- }
-}
-
-void printAttributes(const std::list<Attribute> & attrs)
-{
- if (attrs.empty()) {
- LogWarning("Empty attribute set");
- } else {
- LogDebug("PRINT ATTRIBUTES:");
- for (std::list<Attribute>::const_iterator it = attrs.begin();
- it != attrs.end();
- ++it
- ) {
- LogDebug(*it);
- }
- }
-}
-
-//KW const char * matchResultToString(Attribute::MatchResult result){
-//KW
-//KW const char * ret = NULL;
-//KW
-//KW switch(result){
-//KW
-//KW case Attribute::MRTrue:
-//KW ret = "true";
-//KW break;
-//KW case Attribute::MRFalse:
-//KW ret = "false";
-//KW break;
-//KW case Attribute::MRUndetermined:
-//KW ret = "undetermined";
-//KW break;
-//KW default:
-//KW ret = "Wrong match result";
-//KW }
-//KW
-//KW return ret;
-//KW
-//KW }
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-//
-//
-//
-// @ Project : Access Control Engine
-// @ File Name : CombinerImpl.cpp
-// @ Date : 2009-05-06
-// @ Author : Samsung
-//
-//
-
-#include <dpl/log/log.h>
-#include <dpl/assert.h>
-#include <dpl/foreach.h>
-
-#include <ace/CombinerImpl.h>
-#include <ace/Rule.h>
-#include <ace/Policy.h>
-
-namespace {
-
-bool denyOverridesPredecessor(
- const ExtendedEffect &first,
- const ExtendedEffect &second)
-{
- if (first.getEffect() == second.getEffect())
- return first.getRuleId() < second.getRuleId();
- return first.getEffect() < second.getEffect();
-}
-
-bool permitOverridePredecessor(
- const ExtendedEffect &first,
- const ExtendedEffect &second)
-{
- if (first.getEffect() == second.getEffect())
- return first.getRuleId() < second.getRuleId();
- return first.getEffect() > second.getEffect();
-}
-
-} //anonymous namespace
-
-ExtendedEffect CombinerImpl::denyOverrides(const ExtendedEffectList &effects)
-{
- if (isError(effects)) {
- return Error;
- }
-
- ExtendedEffect result(Inapplicable);
-
- FOREACH(it, effects) {
- if (denyOverridesPredecessor(*it, result)) {
- result = *it;
- }
- }
- return result;
-}
-
-ExtendedEffect CombinerImpl::permitOverrides(const ExtendedEffectList &effects)
-{
- if (isError(effects)) {
- return Error;
- }
-
- // This magic number must be bigger that the bigest ruleId number from policy file.
- ExtendedEffect result(Deny, 999999);
-
- //Flag used to indicate that any of Deny,prompt-*,permit options appear
- //Consequently if flag is true then result should be return, otherwise inapplicable should be returned
- bool flag = false;
- bool flagUndetermined = false;
-
- FOREACH(it,effects) {
- ExtendedEffect effect = *it;
-
- if (effect.getEffect() == Permit) {
- return effect;
- } // no need for further check if "permit" found
- if (effect.getEffect() == Undetermined) {
- flagUndetermined = true;
- } //check for undetermined
-
- //Set the flag and the result even if effect is equal to result
- //It is done to mark if any "Deny" effect occured
- if (permitOverridePredecessor(effect, result)
- && effect.getEffect() != Inapplicable
- && effect.getEffect() != Undetermined)
- {
- result = effect;
- flag = true;
- }
- }
-
- if (flagUndetermined) {
- return ExtendedEffect(Undetermined);
- }
-
- if (!flag) {
- return ExtendedEffect(Inapplicable);
- }
- return result;
-}
-
-ExtendedEffect CombinerImpl::firstApplicable(
- const ExtendedEffectList & effects)
-{
- if (isError(effects)) {
- return Error;
- }
-
- FOREACH(it,effects) {
- if (it->getEffect() != Inapplicable) {
- return *it;
- }
- }
- return Inapplicable;
-}
-
-ExtendedEffect CombinerImpl::firstMatchingTarget(
- const ExtendedEffectList &effects)
-{
- if (isError(effects)) {
- return Error;
- }
- // effect list constains result of policies which target has been matched.
- //
- // If target does not match policy result is NotMatchingTarget
- // NotMatchingTarget values are not stored on the effects list
- // (you can check it in combinePolicies function).
- //
- // So we are intrested in first value on the list.
- return effects.empty() ? Inapplicable : effects.front();
-}
-
-bool CombinerImpl::isError(const ExtendedEffectList &effects)
-{
- FOREACH(it, effects)
- {
- if (Error == it->getEffect()) {
- return true;
- }
- }
- return false;
-}
-
-ExtendedEffect CombinerImpl::combineRules(const TreeNode * policy)
-{
- const Policy * policyObj = dynamic_cast<const Policy *>(policy->getElement());
- if (!policyObj) {
- LogError("dynamic_cast failed. PolicyObj is null.");
- return Error;
- }
-
- Policy::CombineAlgorithm algorithm = policyObj->getCombineAlgorithm();
-
- Assert(
- algorithm != Policy::FirstTargetMatching &&
- "Policy cannot have algorithm first target matching");
-
- bool isUndetermined = false;
-
- if (!checkIfTargetMatches(policyObj->getSubjects(), isUndetermined)) {
- if (isUndetermined) {
- //TODO Target is undetermined what should we do now ??
- //Right now simply return NotMatchingTarget
- }
- //Target doesn't match
- return NotMatchingTarget;
- }
- //Get all rules
- const ChildrenSet & children = policy->getChildrenSet();
- ChildrenConstIterator it = children.begin();
- ExtendedEffectList effects;
-
- while (it != children.end()) {
- const Rule * rule = dynamic_cast<const Rule *>((*it)->getElement());
-
- if (!rule) {
- LogError("Error in dynamic_cast. rule is null");
- return ExtendedEffect(Error);
- }
-
- ExtendedEffect effect = rule->evaluateRule(this->getAttributeSet());
- effects.push_back(effect);
- if (algorithm == Policy::FirstApplicable && effect.getEffect() != Inapplicable) {
- //For first applicable algorithm we may stop after evaluating first policy
- //which has effect other than inapplicable
- break;
- }
- ++it;
- } //end policy children iteration
-
- //Use combining algorithm
- ExtendedEffect ef = combine(policyObj->getCombineAlgorithm(), effects);
- return ef;
-}
-
-//WARNING this method makes an assumption that Policy target is a policy child
-ExtendedEffect CombinerImpl::combinePolicies(const TreeNode * policy)
-{
- const Policy * policySet = dynamic_cast<const Policy *>(policy->getElement());
-
- if (!policySet) {
- LogError("dynamic_cast failed. Policy set is null.");
- return Error;
- }
-
- bool isUndetermined = false;
- Policy::CombineAlgorithm algorithm = policySet->getCombineAlgorithm();
-
- if (!checkIfTargetMatches(policySet->getSubjects(), isUndetermined)) {
- /* I can't explain this...
- if (isUndetermined) {
- if (algorithm == Policy::FirstTargetMatching) {
- return Undetermined;
- }
- }
- */
- //Target doesn't match
- return NotMatchingTarget;
- }
-
- const ChildrenSet & children = policy->getChildrenSet();
-
- ExtendedEffectList effects;
-
- FOREACH(it, children) {
- ExtendedEffect effect;
-
- if ((*it)->getTypeID() == TreeNode::PolicySet) {
- effect = combinePolicies(*it);
- if (effect.getEffect() != NotMatchingTarget) {
- effects.push_back(effect);
- }
- } else if ((*it)->getTypeID() == TreeNode::Policy) {
- effect = combineRules(*it);
- if (effect.getEffect() != NotMatchingTarget) {
- effects.push_back(effect);
- }
- } else {
- // [CR] fix it
- LogError("effect value is not initialized!");
- return ExtendedEffect(Error);
- }
-
- if (algorithm == Policy::FirstTargetMatching
- && effect.getEffect() != NotMatchingTarget)
- {
- //In First matching target algorithm we may return when first result is found
- break;
- }
- }
-
- //Use combining algorithm
- return combine(policySet->getCombineAlgorithm(), effects);
-}
-
-ExtendedEffect CombinerImpl::combine(
- Policy::CombineAlgorithm algorithm,
- ExtendedEffectList &effects)
-{
- LogDebug("Effects to be combined with algorithm: " << ::toString(algorithm));
- showEffectList(effects);
-
- switch (algorithm) {
- case Policy::DenyOverride:
- return denyOverrides(effects);
- break;
- case Policy::PermitOverride:
- return permitOverrides(effects);
- break;
- case Policy::FirstApplicable:
- return firstApplicable(effects);
- break;
- case Policy::FirstTargetMatching:
- return firstMatchingTarget(effects);
- break;
- default:
- Assert(false && "Wrong combining algorithm used");
- return Error;
- }
-}
-
-/**
- *
- * @param attrSet set of Subject attributes in policy that identifies target
- * @return true if target is determined and matches, false and isUndertmined is set to true if the target is undetermined
- * false and isUndetermined set to false if target is determined but doesn't match
- */
-bool CombinerImpl::checkIfTargetMatches(
- const std::list<const Subject *> * subjectsList,
- bool &isUndetermined)
-{
- if (subjectsList->empty()) {
- return true;
- }
-
- std::list<const Subject *>::const_iterator it = subjectsList->begin();
- bool match = false;
- //According to BONDI 1.0 at least one target must match
- while (it != subjectsList->end()) {
- match = (*it)->matchSubject(this->getAttributeSet(), isUndetermined);
- if (match) { //at least one match
- break;
- }
- ++it;
- }
-
- #ifdef _DEBUG
- if (match == Attribute::MRTrue) {
- LogDebug("Target matches ");
- } else if (match == Attribute::MRUndetermined) {
- LogDebug("Target match undetermined ");
- } else {
- LogDebug("Target doesn't match");
- }
- #endif
- return match;
-}
-
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-//
-// File: Condition.cpp
-// Author: notroot
-//
-// Created on June 3, 2009, 9:00 AM
-//
-
-#include <iostream>
-#include <dpl/log/log.h>
-#include <dpl/foreach.h>
-#include <ace/Condition.h>
-
-/**
- * Check if attribute in condition matches the values obtained from PIP
- * attrSet - attributes from PIP
- */
-
-Attribute::MatchResult Condition::evaluateCondition(
- const AttributeSet * attrSet) const
-{
- //Condition may include either matches of attributes or other conditions
- //in this method all attributes are matched at first and if possible the
- //condition is evaluated. If evaluation is not possible based solely on
- //attributes then we start recursion into child conditions.
-
- Attribute::MatchResult match;
- bool undeterminedMatchFound = false;
- bool isFinalMatch = false;
-
- LogDebug("Attributes to be matched");
- printAttributes(*attrSet);
- LogDebug("Condition attributes values");
- printAttributes(attributes);
-
- if (this->isEmpty()) {
- LogDebug("Condition is empty, returning true");
- //Condition is empty, it means it evaluates to TRUE
- return Attribute::MatchResult::MRTrue;
- }
-
- match = evaluateAttributes(attrSet, isFinalMatch, undeterminedMatchFound);
- if (isFinalMatch) {
- LogDebug("Evaluate attributes returning verdict" ) ; //<< match);
- return match;
- }
-
- match = evaluateChildConditions(attrSet,
- isFinalMatch,
- undeterminedMatchFound);
- if (isFinalMatch) {
- LogDebug("Evaluate child conditions returning verdict" ); // << match);
- return match;
- }
-
- if (undeterminedMatchFound) {
- //If any child condition/attribute-match was undetermined and
- //so far we couldn't make a decision then we must return undetermined
- LogDebug("Evaluate condition returning MRUndetermined");
- return Attribute::MatchResult::MRUndetermined;
- }
-
- if (this->isAndCondition()) {
- match = Attribute::MatchResult::MRTrue;
- } else if (this->isOrCondition()) {
- match = Attribute::MatchResult::MRFalse;
- } else {
- Assert(false && "Condition has to be either AND or OR");
- }
- return match;
-}
-
-// KW Attribute::MatchResult Condition::performORalgorithm(const std::set<Attribute>* attrSet) const{
-// KW
-// KW Attribute::MatchResult match;
-// KW bool undeterminedMatchFound = false;
-// KW bool isFinalMatch = false;
-// KW
-// KW LogDebug("Performing OR algorithm");
-// KW
-// KW match = evaluateAttributes(attrSet, isFinalMatch, undeterminedMatchFound);
-// KW if(isFinalMatch){
-// KW LogDebug("OR algorithm evaluate attributes returning verdict" << match);
-// KW return match;
-// KW }
-// KW
-// KW match = evaluateChildConditions(attrSet, isFinalMatch, undeterminedMatchFound);
-// KW if(isFinalMatch){
-// KW return match;
-// KW }
-// KW
-// KW if(undeterminedMatchFound){
-// KW //If any child condition/attribute-match was undetermined and
-// KW //so far we couldn't make a decision then we must return undetermined
-// KW LogDebug("OR algorithm returning MRUndetermined");
-// KW return Attribute::MRUndetermined;
-// KW }
-// KW
-// KW LogDebug("OR algorithm returning MRFalse");
-// KW return Attribute::MRFalse;
-// KW }
-
-// KW Attribute::MatchResult Condition::performANDalgorithm(const std::set<Attribute>* attrSet) const{
-// KW
-// KW
-// KW Attribute::MatchResult match;
-// KW bool undeterminedMatchFound = false;
-// KW bool isFinalMatch = false;
-// KW
-// KW LogDebug("Performing AND algorithm");
-// KW match = evaluateAttributes(attrSet, isFinalMatch, undeterminedMatchFound);
-// KW if(isFinalMatch){
-// KW LogDebug("AND algorithm evaluate attributes returning verdict" << match);
-// KW return match;
-// KW }
-// KW match = evaluateChildConditions(attrSet, isFinalMatch, undeterminedMatchFound);
-// KW if(isFinalMatch){
-// KW LogDebug("AND algorithm evaluate child returning verdict " << match);
-// KW return match;
-// KW }
-// KW if(undeterminedMatchFound){
-// KW //If any child condition/attribute-match was undetermined and
-// KW //so far we couldn't make a decision then we must return undetermined
-// KW LogDebug("AND algorithm returning Undetermined");
-// KW return Attribute::MRUndetermined;
-// KW }
-// KW
-// KW LogDebug("AND algorithm returning MRTrue");
-// KW return Attribute::MRTrue;
-// KW
-// KW }
-
-Attribute::MatchResult Condition::evaluateAttributes(
- const AttributeSet * attrSet,
- bool& isFinalMatch,
- bool & undeterminedMatchFound) const
-{
- Attribute::MatchResult match = Attribute::MatchResult::MRUndetermined;
-
- std::list<Attribute>::const_iterator condIt = this->attributes.begin();
- while (condIt != this->attributes.end()) {
- //Find the value of needed attribute, based on attribute name
- AttributeSet::const_iterator attr =
- std::find_if(attrSet->begin(),
- attrSet->end(),
- AceDB::BaseAttribute::UnaryPredicate(&(*condIt)));
- if (attr == attrSet->end()) {
- LogError("Couldn't find required attribute. This should not happen");
- Assert(
- false &&
- "Couldn't find attribute required in condition. This should not happen"
- "This means that some attributes has not been obtained from PIP");
- //Return undetermined here because it seems one of the attributes is unknown/undetermined
- isFinalMatch = true;
- match = Attribute::MatchResult::MRUndetermined;
- break;
- }
-
- match = condIt->matchAttributes(&(*(*attr)));
- if ((match == Attribute::MatchResult::MRFalse) && isAndCondition()) {
- //FALSE match found in AND condition
- isFinalMatch = true;
- break;
- } else if ((match == Attribute::MatchResult::MRTrue) && isOrCondition()) {
- //TRUE match found in OR condition
- isFinalMatch = true;
- break;
- } else if (match == Attribute::MatchResult::MRUndetermined) {
- //Just mark that there was undetermined value found
- undeterminedMatchFound = true;
- }
- ++condIt;
- }
-
- return match;
-}
-
-Attribute::MatchResult Condition::evaluateChildConditions(
- const AttributeSet * attrSet,
- bool& isFinalMatch,
- bool & undefinedMatchFound) const
-{
- Attribute::MatchResult match = Attribute::MatchResult::MRUndetermined;
-
- std::list<Condition>::const_iterator it = conditions.begin();
- while (it != conditions.end()) {
- match = it->evaluateCondition(attrSet);
-
- if ((match == Attribute::MatchResult::MRFalse) && isAndCondition()) {
- //FALSE match found in AND condition
- LogDebug("Child conditions results MRFalse)");
- isFinalMatch = true;
- break;
- } else if ((match == Attribute::MatchResult::MRTrue) && isOrCondition()) {
- //TRUE match found in OR condition
- LogDebug("Child conditions result MRTrue");
- isFinalMatch = true;
- break;
- } else if (match == Attribute::MatchResult::MRUndetermined) {
- undefinedMatchFound = true;
- }
- ++it;
- }
-
- return match;
-}
-
-void Condition::getAttributes(AttributeSet * attrSet)
-{
- //Get attributes from current condition
- FOREACH (it, attributes)
- {
- AceDB::BaseAttributePtr attr(new Attribute(it->getName(), it->getMatchFunction(), it->getType()));
- attrSet->insert(attr);
- }
- //Get attributes from any child conditions
- FOREACH (it, conditions)
- {
- it->getAttributes(attrSet);
- }
-}
-
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-#include <dpl/assert.h>
-#include <dpl/log/log.h>
-#include <fcntl.h>
-#include <errno.h>
-#include <error.h>
-#include <malloc.h>
-#include <sys/stat.h>
-#include <ace/ConfigurationManager.h>
-
-using namespace std;
-
-namespace {
-const string currentXMLSchema("bondixml.xsd");
-}
-
-ConfigurationManager * ConfigurationManager::instance = NULL;
-
-
-string ConfigurationManager::getCurrentPolicyFile(void) const
-{
- LogError("ConfigurationManager::getCurrentPolicyFile is DEPRECATED");
- return "";
-}
-
-string ConfigurationManager::getFullPathToCurrentPolicyFile(void) const
-{
- LogError("ConfigurationManager::getFullPathToCurrentPolicyFile"
- "is DEPRECATED");
- return "";
-}
-
-string ConfigurationManager::getFullPathToCurrentPolicyXMLSchema(void) const
-{
- LogError("ConfigurationManager::getFullPathToCurrentPolicyXMLSchema"
- "is DEPRECATED");
- return "";
-}
-
-int ConfigurationManager::addPolicyFile(const string &)
-{
- LogError("ConfigurationManager::addPolicyFile is DEPRECATED");
- return CM_GENERAL_ERROR;
-}
-
-int ConfigurationManager::removePolicyFile(const string&)
-{
- LogError("ConfigurationManager::removePolicyFile is DEPRECATED");
- return CM_GENERAL_ERROR;
-}
-
-int ConfigurationManager::changeCurrentPolicyFile(const string&)
-{
- LogError("ConfigurationManager::changeCurrentPolicyFile is DEPRECATED");
- return CM_GENERAL_ERROR;
-}
-
-string ConfigurationManager::extractFilename(const string&) const
-{
- LogError("ConfigurationManager::extractFilename is DEPRECATED");
- return "";
-}
-
-
-int ConfigurationManager::parse(const string&)
-{
- LogError("ConfigurationManager::parse is DEPRECATED");
- return CM_GENERAL_ERROR;
-}
-
-bool ConfigurationManager::copyFile(FILE*, FILE*, int) const
-{
- LogError("ConfigurationManager::copyFile is DEPRECATED");
- return false;
-}
-
-bool ConfigurationManager::checkIfFileExistst(const string&) const
-{
- LogError("ConfigurationManager::checkIfFileExistst is DEPRECATED");
- return false;
-}
-
-const list<string> & ConfigurationManager::getPolicyFiles() const
-{
- LogError("ConfigurationManager::getPolicyFiles is DEPRECATED");
- static list<string> aList;
- return aList;
-}
-
-const string & ConfigurationManager::getConfigFile() const
-{
- LogError("ConfigurationManager::getConfigFile is DEPRECATED");
- static string returnString("");
- return returnString;
-}
-
-string ConfigurationManager::getFullPathToPolicyFile(PolicyType policy) const
-{
- string storagePath = getStoragePath();
- string fileName;
-
- switch (policy) {
- case PolicyType::WAC2_0: {
- fileName = ACE_WAC_POLICY_FILE_NAME;
- break; }
- case PolicyType::Tizen: {
- fileName = ACE_TIZEN_POLICY_FILE_NAME;
- break; }
- default: {
- LogError("Invalid policy file requested");
- return ""; }
- }
-
- return storagePath + fileName;
-}
-
-string ConfigurationManager::getFullPathToPolicyXMLSchema() const
-{
- string storagePath = getStoragePath();
- if (*(storagePath.rbegin()) == '/')
- {
- return storagePath + currentXMLSchema;
- }
- return storagePath + "/" + currentXMLSchema;
-}
-
-string ConfigurationManager::getStoragePath(void) const
-{
- return ACE_MAIN_STORAGE;
-}
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-//
-//
-//
-// @ Project : Access Control Engine
-// @ File Name : Policy.cpp
-// @ Date : 2009-05-06
-// @ Author : Samsung
-//
-//
-
-#include <ace/Policy.h>
-
-Policy::~Policy()
-{
- for (std::list<const Subject *>::iterator it = subjects->begin();
- it != subjects->end();
- ++it) {
- delete *it;
- }
- delete subjects;
-}
-
-void Policy::printData()
-{
- std::string subject;
- if (subjects != NULL && subjects->size()) {
- subject = (subjects->front())->getSubjectId();
- }
- std::string algorithm = printCombineAlgorithm(this->combineAlgorithm);
-
- std::cout << "subject: " << subject << " algorithm: " << algorithm <<
- std::endl;
-}
-
-std::string Policy::printCombineAlgorithm(CombineAlgorithm algorithm)
-{
- switch (algorithm) {
- case DenyOverride:
- return "DenyOverride";
- case PermitOverride:
- return "PermitOverride";
- case FirstApplicable:
- return "FirstApplicable";
- case FirstTargetMatching:
- return "FirstTargetMatching";
- default:
- return "ERROR: Wrong Algorithm";
- }
-}
-
-const char * toString(Policy::CombineAlgorithm algorithm)
-{
- switch (algorithm) {
- case Policy::DenyOverride:
- return "DenyOverride";
- case Policy::PermitOverride:
- return "PermitOverride";
- case Policy::FirstApplicable:
- return "FirstApplicable";
- case Policy::FirstTargetMatching:
- return "FirstTargetMatching";
- default:
- return "ERROR: Wrong Algorithm";
- }
-}
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/**
- * @file security_logic.cpp
- * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com)
- * @author Ming Jin(ming79.jin@samsung.com)
- * @version 1.0
- * @brief Implementation file for security logic
- */
-#include <ace/PolicyEnforcementPoint.h>
-
-#include <sstream>
-#include <algorithm>
-#include <list>
-#include <string>
-#include <sstream>
-#include <stdexcept>
-#include <cstdlib>
-#include <map>
-
-#include <dpl/assert.h>
-#include <dpl/exception.h>
-#include <dpl/log/log.h>
-
-#include <ace/PolicyEvaluatorFactory.h>
-#include <ace/PolicyResult.h>
-#include <ace/Request.h>
-
-PolicyEnforcementPoint::PolicyEnforcementPoint() :
- m_wrt(0),
- m_res(0),
- m_sys(0),
- m_pdp(0),
- m_pip(0)
-{}
-
-void PolicyEnforcementPoint::terminate()
-{
- LogInfo("PolicyEnforcementPoint is being deinitialized.");
-
- delete m_sys;
- delete m_res;
- delete m_wrt;
- delete m_pdp;
- delete m_pip;
- m_sys = 0;
- m_res = 0;
- m_wrt = 0;
- m_pdp = 0;
- m_pip = 0;
-}
-
-PolicyEnforcementPoint::~PolicyEnforcementPoint()
-{
- Assert((m_sys == 0) && "You must run "
- "PolicyEnforcementPoint::Deinitialize before exit program!");
-}
-
-void PolicyEnforcementPoint::initialize(
- IWebRuntime *wrt,
- IResourceInformation *resource,
- IOperationSystem *operation)
-{
- if (m_wrt) {
- ThrowMsg(PEPException::AlreadyInitialized,
- "Policy Enforcement Point is already initialzed");
- }
-
- m_wrt = wrt;
- m_res = resource;
- m_sys = operation;
-
- if (this->m_pip != NULL) {
- this->m_pip->update(m_wrt, m_res, m_sys);
- return;
- }
-
- this->m_pip = new PolicyInformationPoint(wrt, m_res, m_sys);
- this->m_pdp = new PolicyEvaluator(m_pip);
-
- if (!this->m_pdp->initPDP()) {
- Assert(0);
- }
-}
-
-ExtendedPolicyResult PolicyEnforcementPoint::check(Request &request)
-{
- return m_pdp->getPolicyForRequest(request);
-}
-
-void PolicyEnforcementPoint::updatePolicy(const std::string &policy)
-{
- LogDebug("ACE updatePolicy: " << policy);
- int errorCode = 0;
-
- if (m_pdp == NULL) {
- LogError("Evaluator not set. Ignoring message.");
- Assert(false && "UpdateClient error on receiving event");
- } else {
- LogDebug("Emitting update signal.");
- errorCode = m_pdp->updatePolicy(policy.c_str());
- }
-
- LogDebug("Sending reponse: " << errorCode);
-}
-
-void PolicyEnforcementPoint::updatePolicy()
-{
- LogDebug("ACE updatePolicy");
- if (m_pdp == NULL) {
- LogError("Evaluator not set. Ignoring message.");
- } else {
- m_pdp->updatePolicy();
- }
-}
-
-OptionalExtendedPolicyResult PolicyEnforcementPoint::checkFromCache(Request &request)
-{
- return m_pdp->getPolicyForRequestFromCache(request);
-}
-
-OptionalExtendedPolicyResult PolicyEnforcementPoint::check(Request &request,
- bool fromCacheOnly)
-{
- return m_pdp->getPolicyForRequest(request, fromCacheOnly);
-}
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-//
-//
-//
-// @ Project : Access Control Engine
-// @ File Name : PolicyEvaluator.cpp
-// @ Date : 2009-05-06
-// @ Author : Samsung
-//
-//
-#include <dpl/assert.h>
-#include <dpl/foreach.h>
-
-#include <ace/Attribute.h>
-#include <ace/PolicyEvaluator.h>
-#include <ace/TreeNode.h>
-#include <ace/Policy.h>
-#include <ace/Rule.h>
-#include <ace/Attribute.h>
-#include <ace/SettingsLogic.h>
-#include <ace-dao-rw/AceDAO.h>
-#include <ace-dao-ro/PreferenceTypes.h>
-#include <ace/parser.h>
-
-using namespace AceDB;
-
-PolicyEvaluator::~PolicyEvaluator()
-{
- delete m_combiner;
-}
-
-PolicyEvaluator::PolicyEvaluator(PolicyInformationPoint * pip) :
- m_uniform_policy(NULL),
- m_wac_policy(NULL),
- m_tizen_policy(NULL),
- m_policy_to_use(PolicyType::WAC2_0),
- m_combiner(new CombinerImpl()),
- m_verdictListener(NULL),
- m_pip(pip)
-{}
-
-bool PolicyEvaluator::initPDP()
-{
- updatePolicy();
- // TODO change return value someday to void?
- return true;
-}
-
-bool PolicyEvaluator::fillAttributeWithPolicy()
-{
- if (m_attributeSet.empty()) {
- if (!extractAttributes(m_uniform_policy)) {
- LogInfo("Warning attribute set cannot be extracted. "
- "Returning Deny");
- return false;
- }
- // Adding widget type attribute to distinguish WAC/Tizen widgets
- /**
- * This special attribute of WidgetParam type is handled
- * in PolicyInformationPoint, it is based on WidgetType
- * fron WRT database.
- *
- * It is needed to distinguish cached policy results and cached prompt
- * responses for different policies (WAC/Tizen/any possible
- * other in the future).
- */
- AceDB::BaseAttributePtr attribute(new AceDB::BaseAttribute());
- attribute->setName(POLICY_WIDGET_TYPE_ATTRIBUTE_NAME);
- attribute->setType(AceDB::BaseAttribute::Type::WidgetParam);
- m_attributeSet.insert(attribute);
- AceDAO::addAttributes(m_attributeSet);
- } else {
- LogDebug("Required attribute set already loaded");
- }
- return true;
-}
-
-PolicyResult PolicyEvaluator::effectToPolicyResult(Effect effect)
-{
- if (Effect::Deny == effect) {
- return PolicyEffect::DENY;
- }
- if (Effect::Undetermined == effect) {
- return PolicyResult::Value::UNDETERMINED;
- }
- if (Effect::PromptOneShot == effect) {
- return PolicyEffect::PROMPT_ONESHOT;
- }
- if (Effect::PromptSession == effect) {
- return PolicyEffect::PROMPT_SESSION;
- }
- if (Effect::PromptBlanket == effect) {
- return PolicyEffect::PROMPT_BLANKET;
- }
- if (Effect::Permit == effect) {
- return PolicyEffect::PERMIT;
- }
- if (Effect::Inapplicable == effect) {
- return PolicyDecision::Value::NOT_APPLICABLE;
- }
- return PolicyEffect::DENY;
-}
-
-OptionalExtendedPolicyResult PolicyEvaluator::getPolicyForRequestInternal(
- bool fromCacheOnly)
-{
- //ADD_PROFILING_POINT("Search cached verdict in database", "start");
-
- OptionalExtendedPolicyResult result = AceDAO::getPolicyResult(m_attributeSet);
-
- //ADD_PROFILING_POINT("Search cached verdict in database", "stop");
-
- if (fromCacheOnly || !result.IsNull()) {
- return result;
- }
-
- //ADD_PROFILING_POINT("EvaluatePolicy", "start");
-
- ExtendedEffect policyEffect = evaluatePolicies(getCurrentPolicyTree());
-
- //ADD_PROFILING_POINT("EvaluatePolicy", "stop");
-
- LogDebug("Policy effect is: " << toString(policyEffect.getEffect()));
-
- ExtendedPolicyResult exResult(
- effectToPolicyResult(policyEffect.getEffect()),
- policyEffect.getRuleId());
-
- AceDAO::setPolicyResult(this->m_attributeSet, exResult);
- return OptionalExtendedPolicyResult(exResult);
-}
-
-// +----------------+---------+---------+------+--------+
-// |\User setting | PERMIT | PROMPT* | DENY | DEF |
-// | \ | | | | |
-// |Policy result\ | | | | |
-// |----------------+---------+---------+------+--------+
-// |PERMIT | PERMIT | PROMPT* | DENY | PERMIT |
-// |----------------+---------+---------+------+--------+
-// |PROMPT* | PROMPT* | PR MIN | DENY | PROMPT*|
-// |----------------+---------+---------+------+--------+
-// |DENY | DENY | DENY | DENY | DENY |
-// |----------------+---------+---------+------+--------+
-// |UNDETERMIND | UNDET | UNDET | DENY | UNDET |
-// |----------------+---------+---------+------+--------+
-// |NOT_AP | PEMIT | PROMPT* | DENY | NOT_AP |
-// +----------------+---------+---------+------+--------+
-
-static PolicyResult getMostRestrict(
- PreferenceTypes globalPreference,
- const PolicyResult &policyResult)
-{
- if (globalPreference == PreferenceTypes::PREFERENCE_PERMIT
- && policyResult == PolicyEffect::PERMIT) {
- return PolicyEffect::PERMIT;
- }
-
- if (globalPreference == PreferenceTypes::PREFERENCE_DENY
- || policyResult == PolicyEffect::DENY) {
- return PolicyEffect::DENY;
- }
-
- if (policyResult == PolicyResult::UNDETERMINED) {
- return PolicyResult::UNDETERMINED;
- }
-
- if (globalPreference == PreferenceTypes::PREFERENCE_DEFAULT) {
- return policyResult;
- }
-
- if (globalPreference == PreferenceTypes::PREFERENCE_ONE_SHOT_PROMPT
- || policyResult == PolicyEffect::PROMPT_ONESHOT) {
- return PolicyEffect::PROMPT_ONESHOT;
- }
-
- if (globalPreference == PreferenceTypes::PREFERENCE_SESSION_PROMPT
- || policyResult == PolicyEffect::PROMPT_SESSION) {
- return PolicyEffect::PROMPT_SESSION;
- }
-
- if (globalPreference == PreferenceTypes::PREFERENCE_BLANKET_PROMPT
- || policyResult == PolicyEffect::PROMPT_BLANKET) {
- return PolicyEffect::PROMPT_BLANKET;
- }
-
- return PolicyEffect::PERMIT;
-}
-
-OptionalExtendedPolicyResult PolicyEvaluator::getPolicyForRequestFromCache(
- const Request &request)
-{
- return getPolicyForRequest(request, true);
-}
-
-ExtendedPolicyResult PolicyEvaluator::getPolicyForRequest(const Request &request)
-{
- auto result = this->getPolicyForRequest(request, false);
- Assert(!result.IsNull()
- && "Policy always has to be evaluated to valid state");
- return *result;
-}
-
-OptionalExtendedPolicyResult PolicyEvaluator::getPolicyForRequest(
- const Request &request,
- bool fromCacheOnly)
-{
- //ADD_PROFILING_POINT("getPolicyForRequest", "start");
- m_attributeSet.clear();
-
- switch (request.getAppType()) {
- case Request::APP_TYPE_TIZEN:
- m_policy_to_use = PolicyType::Tizen;
- LogDebug("==== Using Tizen policy ====");
- break;
- case Request::APP_TYPE_WAC20:
- m_policy_to_use = PolicyType::WAC2_0;
- LogDebug("==== Using WAC policy ====");
- break;
- default:
- LogError("Unsupported(unknown) widget type. Access denied.");
- return OptionalExtendedPolicyResult(
- ExtendedPolicyResult(PolicyEffect::DENY));
- }
-
- try {
- // Check which attributes should be used
- // memory alocated, free in destructor
- //ADD_PROFILING_POINT("getAttributes", "start");
- AceDB::AceDAO::getAttributes(&m_attributeSet);
- //ADD_PROFILING_POINT("getAttributes", "stop");
-
- // If attributes can't be resolved then check the policy
- if (!fillAttributeWithPolicy()) {
- //ADD_PROFILING_POINT("getPolicyForRequest", "stop");
- return OptionalExtendedPolicyResult(
- ExtendedPolicyResult(PolicyEffect::DENY));
- }
-
- //ADD_PROFILING_POINT("getAttributesValues", "start");
- m_pip->getAttributesValues(&request, &m_attributeSet);
- //ADD_PROFILING_POINT("getAttributesValues", "stop");
- LogDebug("==== Attributes set by PIP ====");
- printAttributes(m_attributeSet);
- LogDebug("==== End of attributes set by PIP ====");
-
- OptionalExtendedPolicyResult policyResult = getPolicyForRequestInternal(
- fromCacheOnly);
-
- if (policyResult.IsNull()) {
- if (!fromCacheOnly) {
- LogError("Policy evaluated to NULL value");
- Assert(false && "Policy evaluated to NULL value");
- }
- return OptionalExtendedPolicyResult::Null;
- }
- LogDebug("==== getPolicyForRequestInternal result (PolicyResult): "
- << policyResult->policyResult << "=====");
-
- PreferenceTypes globalPreference =
- SettingsLogic::findGlobalUserSettings(request);
-
- auto ret = getMostRestrict(globalPreference, policyResult->policyResult);
- //ADD_PROFILING_POINT("getPolicyForRequest", "stop");
- return OptionalExtendedPolicyResult(
- ExtendedPolicyResult(ret, policyResult->ruleId));
-
- } catch (AceDB::AceDAO::Exception::DatabaseError &e) {
- LogError("Database error");
- DPL::Exception::DisplayKnownException(e);
- //ADD_PROFILING_POINT("getPolicyForRequest", "stop");
- return OptionalExtendedPolicyResult(
- ExtendedPolicyResult(PolicyEffect::DENY));
- }
-}
-
-bool PolicyEvaluator::extractAttributes(TreeNode* policyTree)
-{
- if (NULL == policyTree) {
- return false;
- }
-
- //We check if root target matches. In general the root's target should
- //be empty. Otherwise it would have to have all the subjects available
- //specified but just to be on the safe side (and for tests) this checking
- const Policy * policy =
- dynamic_cast<const Policy *>(policyTree->getElement());
- Assert(policy != NULL
- && "Policy element has been null while attribute extracting");
-
- extractTargetAttributes(policy);
- extractAttributesFromSubtree(policyTree); //Enter recursion
-
- return true;
-}
-
-void PolicyEvaluator::extractTargetAttributes(const Policy *policy)
-{
- std::list<const Subject *>::const_iterator it =
- policy->getSubjects()->begin();
- for (; it != policy->getSubjects()->end(); ++it) {
- const std::list<Attribute> & attrList = (*it)->getTargetAttributes();
- FOREACH(it2, attrList)
- {
- BaseAttributePtr attr(
- new Attribute((*it2).getName(), (*it2).getMatchFunction(),
- (*it2).getType()));
- m_attributeSet.insert(attr);
- }
- }
-}
-
-TreeNode * PolicyEvaluator::getCurrentPolicyTree()
-{
- TreeNode * currentPolicy = NULL;
- switch (m_policy_to_use) {
- case PolicyType::Tizen: {
- currentPolicy = m_tizen_policy;
- break;}
- case PolicyType::WAC2_0: {
- currentPolicy = m_wac_policy;
- break;}
- default: {
- LogError("Invalid policy type to use");}
- }
- return currentPolicy;
-}
-
-/**
- *
- * @param *root - the root of the original (full) subtree of politics
- * @param *newRoot - the pointer to the root of the copy (reduced) subtree of politics
- */
-void PolicyEvaluator::extractAttributesFromSubtree(const TreeNode *root)
-{
- const ChildrenSet & children = root->getChildrenSet();
-
- for (std::list<TreeNode *>::const_iterator it = children.begin();
- it != children.end(); ++it) {
- TreeNode * node = *it;
- if (node->getTypeID() != TreeNode::Policy
- && node->getTypeID() != TreeNode::PolicySet) {
- //It is not a policy so we may be sure that we have already
- //checked that SubjectId matches
- //Add new node to new tree and extract attributes
-
- extractAttributesFromRules(node);
- } else { //TreeNode is a Policy or PolicySet
- const Policy * policy =
- dynamic_cast<const Policy *>(node->getElement());
- //We will be needing also the attributes from target
- if (policy) {
- extractTargetAttributes(policy);
- } else {
- LogError(" extractAttributesFromSubtree policy=NULL");
- }
- //Enter recursion
- extractAttributesFromSubtree(node);
- }
- }
-}
-
-bool PolicyEvaluator::extractAttributesFromRules(const TreeNode *root)
-{
- Assert(root->getTypeID() == TreeNode::Rule
- && "Tree structure, extracting attributes from node that is not a rule");
- Rule * rule = dynamic_cast<Rule *>(root->getElement());Assert
- (rule != NULL);
- //Get attributes from rule
- rule->getAttributes(&m_attributeSet);
-
- //[CR] consider returned value, because its added only to eliminate errors
- return true;
-}
-
-ExtendedEffect PolicyEvaluator::evaluatePolicies(const TreeNode * root)
-{
- if (root == NULL) {
- LogInfo("Error: policy tree doesn't exist. "
- "Probably xml file is missing");
- return Deny;
- }
-
- if (m_attributeSet.empty()) {
- LogInfo("Warning: evaluatePolicies: attribute set was empty");
- }
- m_combiner->setAttributeSet(&m_attributeSet);
- return m_combiner->combinePolicies(root);
-}
-
-
-int PolicyEvaluator::updatePolicy(const char* newPolicy)
-{
- LogError("PolicyEvaluator::updatePolicy is DEPRECATED");
- ConfigurationManager* configMgr = ConfigurationManager::getInstance();
- if (NULL == configMgr) {
- LogError("ACE fatal error: failed to create configuration manager");
- return POLICY_PARSING_ERROR;
- }
- int result = POLICY_PARSING_SUCCESS;
- if (newPolicy == NULL) {
- LogError("Policy Update: incorrect policy name");
- return POLICY_FILE_ERROR;
- }
- LogDebug("Starting update policy: " << newPolicy);
-
- Parser parser;
- TreeNode *backup = m_uniform_policy;
-
- m_uniform_policy = parser.parse(newPolicy,
- configMgr->getFullPathToPolicyXMLSchema());
-
- if (NULL == m_uniform_policy) {
- m_uniform_policy = backup;
- LogError("Policy Update: corrupted policy file");
- result = POLICY_PARSING_ERROR;
- } else {
- m_currentPolicyFile = newPolicy;
- m_wac_policy = m_uniform_policy; //we must be able to use WAC widgets
- m_tizen_policy = m_uniform_policy;//we must be able to use Tizen widgets
- m_attributeSet.clear();
- backup->releaseResources();
- LogInfo("Policy Update: successful.");
- try {
- AceDAO::resetDatabase(); // TODO: this is strange, but this
- // method is deprecated so not changing
- // it (will disappear with entire method)
- } catch (AceDAO::Exception::DatabaseError &e) {
- }
- }
- return result;
-}
-
-TreeNode * PolicyEvaluator::getDefaultSafePolicyTree(void)
-{
- Policy * policy = new Policy;
- Rule * rule = new Rule;
- TreeNode * mainTree = NULL,
- * childTree = NULL;
-
- policy->setCombineAlgorithm(Policy::CombineAlgorithm::DenyOverride);
- rule->setEffect(Deny);
-
- mainTree = new TreeNode(m_uniform_policy, TreeNode::Policy, policy);
- childTree = new TreeNode(mainTree, TreeNode::Rule, rule);
- mainTree->addChild(childTree);
-
- LogError("Loading default safe policy tree");
- return mainTree;
-}
-
-void PolicyEvaluator::updatePolicy()
-{
- ConfigurationManager *configMgr = ConfigurationManager::getInstance();
- Assert(NULL != configMgr && "ACE fatal error: failed to "
- "create configuration manager");
- AceDAO::clearPolicyCache();
- if (NULL != m_uniform_policy) {
- m_uniform_policy->releaseResources();
- }
- Parser parserWac, parserTizen;
- m_wac_policy = parserWac.parse(
- configMgr->getFullPathToPolicyFile(PolicyType::WAC2_0),
- configMgr->getFullPathToPolicyXMLSchema());
- if (NULL == m_wac_policy) {
- LogError("ACE fatal error: cannot parse XML file (WAC policy)");
- m_wac_policy = getDefaultSafePolicyTree();
- }
- m_tizen_policy = parserTizen.parse(
- configMgr->getFullPathToPolicyFile(PolicyType::Tizen),
- configMgr->getFullPathToPolicyXMLSchema());
- if (NULL == m_tizen_policy) {
- LogError("ACE fatal error: cannot parse XML file (Tizen policy)");
- m_tizen_policy = getDefaultSafePolicyTree();
- }
- // Policy set is usefull for releasing all policies in case of
- // policy change
- Policy * policySet = new PolicySet();
- policySet->setCombineAlgorithm(Policy::CombineAlgorithm::DenyOverride);
- m_uniform_policy = new TreeNode(NULL, TreeNode::PolicySet, policySet);
- m_uniform_policy->addChild(m_wac_policy);
- m_uniform_policy->addChild(m_tizen_policy);
-
- // Creating attribute set for the first time after loading policy
- // to speed up queries
- m_attributeSet.clear();
- fillAttributeWithPolicy();
-}
-
-std::string PolicyEvaluator::getCurrentPolicy()
-{
- LogError("PolicyEvaluator::getCurrentPolicy is DEPRECATED");
- return m_currentPolicyFile;
-}
-
-const char * toString(Validity validity)
-{
- switch (validity) {
- case Validity::ONCE:
- return "Once";
- break;
- case Validity::SESSION:
- return "Session";
- case Validity::ALWAYS:
- return "Always";
- default:
- return "WRONG VALIDITY";
- }
-}
-
-const char * toString(Verdict verdict)
-{
- switch (verdict) {
- case Verdict::VERDICT_PERMIT:
- return "Permit";
- case Verdict::VERDICT_DENY:
- return "Deny";
- case Verdict::VERDICT_INAPPLICABLE:
- return "Inapplicable";
- case Verdict::VERDICT_UNKNOWN:
- return "Unknown";
- case Verdict::VERDICT_UNDETERMINED:
- return "Undetermined";
- case Verdict::VERDICT_ERROR:
- return "Error";
- case Verdict::VERDICT_ASYNC:
- return "Async";
- default:
- return "Wrong verdict value";
- }
-}
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-//
-//
-//
-//
-// @ Project : Access Control Engine
-// @ File Name : PolicyInformationPoint.cpp
-// @ Date : 2009-05-06
-// @ Author : Samsung
-//
-//
-#include <map>
-#include <string>
-#include <list>
-
-#include <ace/PolicyInformationPoint.h>
-#include <ace/ConfigurationManager.h>
-
-#include <dpl/log/log.h>
-#include <dpl/assert.h>
-#include <dpl/foreach.h>
-
-#include <ace/Attribute.h>
-#include <ace-dao-ro/BaseAttribute.h>
-#include <ace-dao-ro/AceDAOReadOnly.h>
-
-using namespace AceDB;
-
-PolicyInformationPoint::PolicyInformationPoint(IWebRuntime *wrt,
- IResourceInformation *resource,
- IOperationSystem *system) : wrtInterface(wrt),
- resourceInformation(resource),
- operationSystem(system)
-{
- AceDB::AceDAOReadOnly::attachToThreadRO();
-}
-
-PolicyInformationPoint::~PolicyInformationPoint()
-{
- AceDB::AceDAOReadOnly::detachFromThread();
-}
-
-/* gather attributes values from adequate interfaces */
-PipResponse PolicyInformationPoint::getAttributesValues(const Request* request,
- AttributeSet* attributes)
-{
- int subjectReturn = 0;
- int resourceReturn = 0;
- int operationReturn = 0;
- int functionReturn = 0;
- /* create query lists */
- createQueries(attributes);
-
- /* check if subject attributes query has any elements*/
- if (!subjectAttributesQuery.empty()) {
- /* get Subject Attributes */
- subjectReturn = wrtInterface->getAttributesValues(
- *request,
- &subjectAttributesQuery);
- }
-
- AttributeSet::const_iterator iter2;
- FOREACH(iter, subjectAttributesQuery)
- {
- if (iter->second == NULL) {
- Attribute attr(*(iter->first));
- attr.setType(Attribute::Type::Subject);
- iter2 = std::find_if(attributes->begin(),
- attributes->end(),
- BaseAttribute::UnaryPredicate(&attr));
- Assert(iter2 != attributes->end() && "This should not happen, "
- "the attribute MUST be in attribute set");
- (*iter2)->setUndetermind(true);
- }
- }
-
- /* check if resource attributes query has any elements*/
- if (!resourceAttributesQuery.empty()) {
- /* get Resource Attributes */
- resourceReturn = resourceInformation->getAttributesValues(
- *request,
- &resourceAttributesQuery);
- /* error analyzys*/
- resourceReturn <<= ERROR_SHIFT_RESOURCE;
- }
-
- FOREACH(iter, resourceAttributesQuery)
- {
- if (iter->second == NULL) {
- LogInfo("Found undetermined attribute");
- Attribute attr(*(iter->first));
- attr.setType(Attribute::Type::Resource);
- iter2 = std::find_if(attributes->begin(),
- attributes->end(),
- BaseAttribute::UnaryPredicate(&attr));
- Assert(iter2 != attributes->end() && "This should not happen, "
- "the attribute MUST be in attribute set");
- (*iter2)->setUndetermind(true);
- }
- }
-
- /* check if resource attributes query has any elements*/
- if (!environmentAttributesQuery.empty()) {
- /* get enviroment attributes */
- operationReturn = operationSystem->getAttributesValues(
- *request,
- &environmentAttributesQuery);
- /* error analyzys*/
- operationReturn <<= ERROR_SHIFT_OS;
- }
-
- FOREACH(iter, environmentAttributesQuery)
- {
- if (iter->second == NULL) {
- //it doesnt change uniqueness of a set element so we can const_cast
- Attribute attr(*(iter->first));
- attr.setType(Attribute::Type::Environment);
- iter2 = find_if(attributes->begin(),
- attributes->end(),
- BaseAttribute::UnaryPredicate(&attr));
- Assert(iter2 != attributes->end() && "This should not happen, "
- "the attribute MUST be in attribute set");
- (*iter2)->setUndetermind(true);
- }
- }
-
- /* check if functionParam attributes query has any elements*/
- if (!functionParamAttributesQuery.empty() && request->getFunctionParam()) {
- /* get params attributes */
- functionReturn = request->getFunctionParam()->getAttributesValues(
- *request,
- &functionParamAttributesQuery);
- /* error analyzys*/
- functionReturn <<= ERROR_SHIFT_FP;
- }
-
- FOREACH(iter, functionParamAttributesQuery)
- {
- if (iter->second == NULL) {
- //it doesnt change uniqueness of a set element so we can const_cast
- Attribute attr(*(iter->first));
- attr.setType(Attribute::Type::FunctionParam);
- iter2 = find_if(attributes->begin(),
- attributes->end(),
- BaseAttribute::UnaryPredicate(&attr));
- Assert(iter2 != attributes->end() && "This should not happen, "
- "the attribute MUST be in attribute set");
- (*iter2)->setUndetermind(true);
- }
- }
-
- // Here we must add to attributes proper marking of policy type
- // (Tizen or WAC widget)
- /**
- * This part of code seems odd here, but we don't want to keep it in
- * attribute fascade, as it is maintained by ACE clients and we are not
- * sure if this kind of distinction between different policies will be ok
- * as final solution.
- *
- * This is somehow private part of ACE, so it may be moved into
- * separate ACEAttributeFascade kind of a class in (already planned)
- * refactoring, when moving to new, C-only API for ACE.
- */
- if (widgetParamAttributesQuery.empty()) {
- LogError("No attrbutes of WidgetParam type present - "
- "should be widget type at least");
- } else {
- LogDebug("WidgetParam type atributes present, searching for widget type");
- FOREACH(iter, widgetParamAttributesQuery) {
- const std::string *name = iter->first;
- if (POLICY_WIDGET_TYPE_ATTRIBUTE_NAME == *name) {
- LogDebug("Widget type attribute found");
-
- // Extracting widget type
- std::list<std::string> attrValue;
- Try {
- AceDB::AppTypes appType =
- AceDB::AceDAOReadOnly::getWidgetType(
- request->getWidgetHandle());
- switch (appType) {
- case AceDB::AppTypes::Tizen : {
- attrValue.push_back(POLICY_NAME_TIZEN);
- LogDebug("==== Using Tizen policy in PIP ====");
- break;}
- case AceDB::AppTypes::WAC20 : {
- attrValue.push_back(POLICY_NAME_WAC2_0);
- LogDebug("==== Using WAC policy in PIP ====");
- break;}
- default: {
- LogError("Invalid widget type");
- }
- }
- } Catch (AceDB::AceDAOReadOnly::Exception::DatabaseError)
- {
- LogError("Couldn't find widget for handle "
- << request->getWidgetHandle());
- }
-
- // Setting real attribute value
- Attribute attr(*(iter->first));
- attr.setType(Attribute::Type::WidgetParam);
- iter2 = find_if(attributes->begin(),
- attributes->end(),
- BaseAttribute::UnaryPredicate(&attr));
- Assert(iter2 != attributes->end() && "This should not happen, "
- "the attribute MUST be in attribute set");
- (*iter2)->setUndetermind(false);
- (*iter2)->setValue(attrValue);
- }
- }
- }
-
- /** clear query lists*/
- resourceAttributesQuery.clear();
- environmentAttributesQuery.clear();
- subjectAttributesQuery.clear();
- functionParamAttributesQuery.clear();
- widgetParamAttributesQuery.clear();
-
- return subjectReturn | resourceReturn | operationReturn | functionReturn;
-}
-
-/** create query lists */
-void PolicyInformationPoint::createQueries(AttributeSet* attributes)
-{
- AttributeSet::const_iterator it;
-
- enum Attribute::Type type;
-
- /**iterate all attributes and split them into adequate query */
- FOREACH (it, *attributes) {
- type = (*it)->getType();
-
- switch (type) {
- case Attribute::Type::Subject:
- subjectAttributesQuery.push_back(ATTRIBUTE((*it)->getName(),
- (*it)->getValue()));
- break;
-
- case Attribute::Type::Environment:
- environmentAttributesQuery.push_back(ATTRIBUTE((*it)->getName(),
- (*it)->getValue()));
- break;
-
- case Attribute::Type::Resource:
- resourceAttributesQuery.push_back(ATTRIBUTE((*it)->getName(),
- (*it)->getValue()));
- break;
-
- case Attribute::Type::FunctionParam:
- functionParamAttributesQuery.push_back(ATTRIBUTE((*it)->getName(),
- (*it)->getValue()));
- break;
-
- case Attribute::Type::WidgetParam:
- widgetParamAttributesQuery.push_back(ATTRIBUTE((*it)->getName(),
- (*it)->getValue()));
- break;
- default:
- break;
- }
- }
-}
-
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-//
-//
-//
-// @ Project : Access Control Engine
-// @ File Name : Rule.h
-// @ Date : 2009-05-06
-// @ Author : Samsung
-//
-//
-
-#include <iostream>
-#include <dpl/log/log.h>
-
-#include <ace/Rule.h>
-
-void Rule::printData()
-{
- std::cout << "Rule: effect: " << printEffect(this->effect) <<
- " condition: " << this->condition;
-}
-
-std::string Rule::printEffect(const ExtendedEffect &effect) const
-{
- switch (effect.getEffect()) {
- case Deny:
- return "Deny";
- case PromptBlanket:
- return "PromptBlanket";
- case PromptOneShot:
- return "PromptOneShot";
- case PromptSession:
- return "PromptSession";
- case Permit:
- return "Permit";
- case Inapplicable:
- return "Inapplicable";
- case Error:
- return "Error";
- default:
- return "ERROR";
- }
-}
-
-ExtendedEffect Rule::evaluateRule(const AttributeSet * attrSet) const
-{
- Attribute::MatchResult result = condition.evaluateCondition(attrSet);
-
- if (result == Attribute::MatchResult::MRUndetermined) {
- // LogInfo("Rule is undetermined");
- return ExtendedEffect(Undetermined);
- } else if (result == Attribute::MatchResult::MRTrue) {
- // LogInfo("Rule effect "<<printEffect(effect));
- return effect;
- }
- // LogInfo("Rule is inapplicable");
- return Inapplicable;
-}
-
-
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/**
- *
- *
- * @file SettingsLogic.cpp
- * @author Tomasz Swierczek (t.swierczek@samsung.com)
- * @version 0.1
- * @brief SettingsLogic implementation
- */
-
-#include <ace/SettingsLogic.h>
-
-#include <dpl/log/log.h>
-#include <dpl/foreach.h>
-
-#include <ace/Preference.h>
-
-using namespace AceDB;
-
-Preference SettingsLogic::findGlobalUserSettings(
- const std::string &resource,
- WidgetHandle handler)
-{
- Preference p = AceDAO::getWidgetDevCapSetting(resource, handler);
- if (PreferenceTypes::PREFERENCE_DEFAULT == p) {
- return AceDAO::getDevCapSetting(resource);
- } else {
- return p;
- }
-}
-
-Preference SettingsLogic::findGlobalUserSettings(
- const Request &request)
-{
- Request::DeviceCapabilitySet devset = request.getDeviceCapabilitySet();
- Assert(!devset.empty() && "No device cap set in request");
- return findGlobalUserSettings(
- *(devset.begin()),
- request.getWidgetHandle());
-}
-
-Preference SettingsLogic::getDevCapSetting(const std::string &resource)
-{
- return AceDAO::getDevCapSetting(resource);
-}
-
-void SettingsLogic::getDevCapSettings(PreferenceMap *globalSettingsMap)
-{
- AceDAO::getDevCapSettings(globalSettingsMap); // NULL check inside
-}
-
-
-void SettingsLogic::setDevCapSetting(const std::string &resource,
- Preference preference)
-{
- if (resource.empty()) {
- LogInfo("WARNING: setting resource settings for empty resource name");
- }
-
- AceDAO::addResource(resource);
-
- if (preference == PreferenceTypes::PREFERENCE_DEFAULT) {
- return;
- }
-
- Assert((PreferenceTypes::PREFERENCE_PERMIT == preference ||
- PreferenceTypes::PREFERENCE_DENY == preference ||
- PreferenceTypes::PREFERENCE_BLANKET_PROMPT == preference ||
- PreferenceTypes::PREFERENCE_ONE_SHOT_PROMPT == preference ||
- PreferenceTypes::PREFERENCE_SESSION_PROMPT == preference));
-
- AceDAO::setDevCapSetting(resource,preference);
-}
-
-void SettingsLogic::setAllDevCapSettings(
- const std::list < std::pair < const std::string*,
- Preference > > &resourcesList)
-{
- std::list < std::pair < const std::string*,
- Preference > >::const_iterator iter;
- for (iter = resourcesList.begin(); iter != resourcesList.end(); ++iter) {
- SettingsLogic::setDevCapSetting(*(iter->first), iter->second);
- }
-}
-
-void SettingsLogic::removeDevCapSetting(const std::string &resource)
-{
- AceDAO::removeDevCapSetting(resource);
-}
-
-void SettingsLogic::updateDevCapSetting(const std::string &resource,
- Preference p)
-{
- if (PreferenceTypes::PREFERENCE_DEFAULT == p) {
- SettingsLogic::removeDevCapSetting(resource);
- } else {
- SettingsLogic::setDevCapSetting(resource, p);
- }
-}
-
-Preference SettingsLogic::getWidgetDevCapSetting(
- const std::string &resource,
- WidgetHandle handler)
-{
- return AceDAO::getWidgetDevCapSetting(resource, handler);
-}
-
-void SettingsLogic::getWidgetDevCapSettings(PermissionList *outputList)
-{
- AceDAO::getWidgetDevCapSettings(outputList); // NULL check inside
-}
-
-
-void SettingsLogic::setWidgetDevCapSetting(
- const std::string &resource,
- WidgetHandle handler,
- Preference preference)
-{
- if (resource.empty()) {
- LogError("Empty resource");
- return;
- }
-
- LogDebug("userSetting, resource: " << resource <<
- " app_id: " << handler);
-
- AceDAO::addResource(resource);
- SettingsLogic::removeWidgetDevCapSetting(resource, handler);
-
- if (PreferenceTypes::PREFERENCE_DEFAULT == preference) {
- return;
- }
-
- Assert((PreferenceTypes::PREFERENCE_PERMIT == preference ||
- PreferenceTypes::PREFERENCE_DENY == preference ||
- PreferenceTypes::PREFERENCE_BLANKET_PROMPT == preference ||
- PreferenceTypes::PREFERENCE_ONE_SHOT_PROMPT == preference ||
- PreferenceTypes::PREFERENCE_SESSION_PROMPT == preference));
-
- AceDAO::setWidgetDevCapSetting(resource, handler, preference);
-}
-
-
-void SettingsLogic::setWidgetDevCapSettings(const PermissionList &permissionsList)
-{
- FOREACH(i, permissionsList) {
- SettingsLogic::setWidgetDevCapSetting(i->devCap,
- i->appId,
- i->access);
- }
-}
-
-
-void SettingsLogic::removeWidgetDevCapSetting(const std::string &resource,
- WidgetHandle handler)
-{
- AceDAO::removeWidgetDevCapSetting(resource, handler);
-}
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-#include <dpl/log/log.h>
-#include <dpl/foreach.h>
-
-#include <ace/Subject.h>
-
-bool Subject::matchSubject(const AttributeSet *attrSet,
- bool &isUndetermined) const
-{
- bool result = true;
- Attribute::MatchResult match = Attribute::MatchResult::MRUndetermined;
-
- FOREACH(it, targetAttributes)
- {
- AttributeSet::const_iterator attr =
- std::find_if(attrSet->begin(),
- attrSet->end(),
- AceDB::BaseAttribute::UnaryPredicate(&(*it)));
- if (attr == attrSet->end()) {
- LogError("Cannot find attribute value for " << *(it->getName()));
- Assert(false &&
- "Attribute for subject hasn't been found."
- "It shoud not happen. This attribute should be undetermined,"
- "not missing");
- result = false; //According to BONDI 1.0 for signle subject all attributes must match
- isUndetermined = true;
- break;
- }
-
- match = it->matchAttributes(&(*(*attr)));
-
- if (match == Attribute::MatchResult::MRUndetermined) {
- result = false;
- isUndetermined = true;
- /// LogError("Subject doesn match and UNDETERMINED");
- break; //According to BONDI 1.0 for signle subject all attributes must match
- } else if (match == Attribute::MatchResult::MRFalse) {
- result = false;
- // LogError("Subject doesn match and DETERMINED");
- break; //According to BONDI 1.0 for signle subject all attributes must match
- }
- }
-
- return result;
-}
-
-const std::list<Attribute>& Subject::getTargetAttributes() const
-{
- return targetAttributes;
-}
-
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-#include <ace/TreeNode.h>
-#include <dpl/assert.h>
-#include <dpl/log/log.h>
-
-//Tree node destructor is a tricky part, only the original tree should remove the elements
-//release resources should be called when we want to destroy the whole tree
-TreeNode::~TreeNode()
-{
-}
-
-//TODO release resources is releaseTheSubtree and delete the element
-void TreeNode::releaseResources()
-{
- Assert(this != 0);
- delete element;
- std::list<TreeNode*>::iterator it = this->children.begin();
- while (it != children.end()) {
- (*it)->releaseResources();
- ++it;
- }
- delete this;
-}
-
-int TreeNode::level = 0;
-
-std::ostream & operator<<(std::ostream & out,
- const TreeNode * node)
-{
- std::string tmp;
-
- switch (node->getTypeID()) {
- case TreeNode::Policy:
- tmp = "Policy";
- break;
- case TreeNode::PolicySet:
- tmp = "PolicySet";
- break;
- case TreeNode::Rule:
- tmp = "Rule";
- break;
- default:
- break;
- }
-
- out << "" << tmp << "-> children count: " << node->children.size() <<
- ": " << std::endl;
- AbstractTreeElement * el = node->getElement();
- if (el != NULL) {
- el->printData();
- } else {
- std::cout << "Empty element!" << std::endl;
- }
-
- return out;
-}
-
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-#include <memory>
-#include <functional>
-#include <string.h>
-#include <stdarg.h>
-#include <dpl/log/log.h>
-
-#include <ace/parser.h>
-#include <string.h>
-
-namespace {
-
-class ParserWarningLogger
-{
- public:
- void operator()(const std::string& logMsg)
- {
- LogWarning(logMsg);
- }
-};
-
-class ParserErrorLogger
-{
- public:
- void operator()(const std::string& logMsg)
- {
- LogError(logMsg);
- }
-};
-
-template <class Logger>
-void xmlLogFunction(void* /*ctx*/, const char *msg, ...)
-{
- const int BUFFER_SIZE = 1024;
- char buffer[BUFFER_SIZE];
- buffer[BUFFER_SIZE - 1] = '\0';
- Logger l;
-
- va_list va;
- va_start(va, msg);
- vsnprintf(buffer, BUFFER_SIZE - 1, msg, va);
- va_end(va);
-
- std::string logmsg(buffer);
- l(logmsg);
-}
-
-}
-
-const char *Parser::TOKEN_PARAM = "param:";
-
-Parser::Parser() :
- ruleId(0),
- reader(NULL),
- root(NULL),
- currentRoot(NULL),
- currentSubject(NULL),
- currentCondition(NULL),
- currentAttribute(NULL),
- currentText(NULL),
- processingSignature(false),
- canonicalizeOnce(false)
-{
- processingSignature = true;
- canonicalizeOnce = true;
-}
-
-Parser::~Parser()
-{
- /* parse function destroys reader */
- // free(this->xmlFilename);
-}
-
-TreeNode* Parser::parse(const std::string& filename, const std::string& schema)
-{
- if(root != NULL) {
- root->releaseResources();
- root = NULL;
- }
-
- LogDebug("Parser: opening file " << filename);
-
- xmlDocPtr xmlDocument = xmlParseFile(filename.c_str());
- if (!xmlDocument) {
- LogError("Couldn't parse file " << filename);
- return root;
- }
-
- std::unique_ptr <xmlDoc, std::function<void(xmlDoc*)> >
- doc(xmlDocument, xmlFreeDoc);
-
- xmlSchemaParserCtxtPtr xmlSchemaParserContext =
- xmlSchemaNewParserCtxt(schema.c_str());
-
- if (!xmlSchemaParserContext) {
- LogError("Couldn't load xml schema: " << schema);
- return root;
- }
-
- std::unique_ptr <
- xmlSchemaParserCtxt,
- std::function<void(xmlSchemaParserCtxt*)> >
- schemaContext(
- xmlSchemaParserContext,
- xmlSchemaFreeParserCtxt);
-
- LogDebug("Setting callbacks");
-
- xmlSchemaSetParserErrors(
- schemaContext.get(),
- static_cast<xmlValidityErrorFunc>
- (&xmlLogFunction<ParserErrorLogger>),
- static_cast<xmlValidityWarningFunc>
- (&xmlLogFunction<ParserWarningLogger>),
- NULL);
-
- xmlSchemaPtr xmlSchema = xmlSchemaParse(schemaContext.get());
-
- if (!xmlSchema) {
- LogError("Couldn't parse xml schema: " << xmlSchema);
- return root;
- }
-
- xmlSchemaValidCtxtPtr xmlValidContext = xmlSchemaNewValidCtxt(xmlSchema);
-
- if (!xmlValidContext) {
- LogError("Couldn't create validation context!");
- return root;
- }
-
- std::unique_ptr <
- xmlSchemaValidCtxt,
- std::function<void(xmlSchemaValidCtxt*)> >
- schemaValidContext(
- xmlValidContext,
- xmlSchemaFreeValidCtxt);
-
- xmlSchemaSetValidErrors(
- schemaValidContext.get(),
- static_cast<xmlValidityErrorFunc>
- (&xmlLogFunction<ParserErrorLogger>),
- static_cast<xmlValidityWarningFunc>
- (&xmlLogFunction<ParserWarningLogger>),
- NULL);
-
- xmlSchemaSetValidOptions(
- schemaValidContext.get(),
- XML_SCHEMA_VAL_VC_I_CREATE);
-
- bool result =
- (xmlSchemaValidateDoc(
- schemaValidContext.get(),
- xmlDocument) == 0 ? true : false);
-
- if (!result) {
- LogError("Couldn't validate policy file: " << filename <<
- " against xml schema: " << schema);
-
- return root;
- }
-
- LogInfo("Policy file: " << filename << " validated!");
-
- xmlTextReaderPtr xmlReader = xmlReaderWalker(xmlDocument);
-
- //[CR] consider using ASSERT/DASSERT
- if (NULL == xmlReader) {
- LogError("Error, xml reader cannot be created. Probably xml file is missing (opening file " << filename << ")");
- return root;
- }
-
- std::unique_ptr <xmlTextReader, std::function<void(xmlTextReader*)> >
- reader(xmlReader, xmlFreeTextReader);
-
- int ret;
- ret = xmlTextReaderRead(reader.get());
- while (ret == 1) {
- std::unique_ptr<xmlChar, std::function<void(xmlChar*)> >
- name(xmlTextReaderName(reader.get()), xmlFree);
-
- if (!strcmp("policy-set", (const char *)name.get())) {
- processingSignature = false;
- } else if (!strcmp("SignedInfo",
- (const char *)name.get()) && canonicalizeOnce) {
- #if 0 //TODO I think we don't need canonicalization in ACE only in PM,
- //we have to verify it tough
- extractNodeToFile(reader, "output.xml");
- //TODO we should be able to handle more than one canonicalization algorithm
- canonicalize("output.xml", "canon.xml", Canonicalization::C14N);
- canonicalizeOnce = false;
- #endif
- }
- //Do not process signature of xml file
- if(!processingSignature) {
- processNode(reader.get());
- }
- ret = xmlTextReaderRead(reader.get());
- }
-
- if (ret != 0) {
- LogError("Error while parsing XML file");
- if (root) {
- root->releaseResources();
- root = NULL;
- }
- }
-
- return root;
-}
-
-void Parser::processNode(xmlTextReaderPtr reader)
-{
- //TODO this is interesting, xmlTextReaderNodeType returns int but I am pretty sure
- //those integers coresponds to xmlReaderTypes
- xmlReaderTypes type =
- static_cast<xmlReaderTypes>(xmlTextReaderNodeType(reader));
-
- switch (type) {
- //Start element
- case XML_READER_TYPE_ELEMENT:
- startNodeHandler(reader);
- break;
- //End element
- case XML_READER_TYPE_END_ELEMENT:
- endNodeHandler(reader);
- break;
- //Text element
- case XML_READER_TYPE_TEXT:
- textNodeHandler(reader);
- break;
- default:
- //Do not handle other xml tags
- break;
- }
-}
-
-void Parser::startNodeHandler(xmlTextReaderPtr reader)
-{
- xmlChar *name = xmlTextReaderName(reader);
-
- switch (*name) {
- case 'p': //policy and policy-set
- if (*(name + 6) == 0) {
- handlePolicy(reader, TreeNode::Policy);
- } else {
- handlePolicy(reader, TreeNode::PolicySet);
- }
- break;
- case 'r': //rule and resource-match
- if (*(name + 1) == 'u') {
- handleRule(reader);
- } else if (*(name + 9) == 'm') {
- handleMatch(reader, Attribute::Type::Resource);
- } else {
- handleAttr(reader);
- }
- break;
- case 's': //subject and subject-match
- if (*(name + 7) == 0) {
- handleSubject();
- } else if (*(name + 8) == 'm') { //subject match
- handleSubjectMatch(reader);
- } else { //subject attr
- handleAttr(reader);
- }
- break;
- case 'c': //condition
- handleCondition(reader);
- break;
- case 'e': //environment-match
- if (*(name + 12) == 'm') {
- handleMatch(reader, Attribute::Type::Environment);
- } else { //env-attr
- handleAttr(reader);
- }
- break;
- }
- xmlFree(name);
-}
-
-void Parser::endNodeHandler(xmlTextReaderPtr reader)
-{
- xmlChar *name = xmlTextReaderName(reader);
-
- switch (*name) {
- case 'p': //policy and policy-set
- //Restore old root
- currentRoot = currentRoot->getParent();
- break;
- case 'r': //Rule and resource match
- if (*(name + 1) == 'u') { //Rule
- currentRoot = currentRoot->getParent();
- } else { //Resource-match
- consumeCurrentText(); //consume text if any available
- consumeCurrentAttribute(); //consume attribute
- }
- break;
- case 's': //subject and subject-match
- if (*(name + 7) == 0) { //handle subject
- consumeCurrentSubject();
- } else if (*(name + 8) == 'm') { //handle subject match
- consumeCurrentText();
- consumeSubjectMatch();
- }
- //Subject-match end doesn't require handling
- break;
- case 'c': //condition
- consumeCurrentCondition();
- break;
- case 'e': //environment-match
- consumeCurrentText(); //consume text if any available
- consumeCurrentAttribute(); //consume attribute
- break;
- }
- xmlFree(name);
-}
-
-void Parser::textNodeHandler(xmlTextReaderPtr reader)
-{
- delete currentText;
- xmlChar * text = xmlTextReaderValue(reader);
- Assert(text != NULL && "Parser couldn't parse PCDATA");
-
- currentText = new std::string(reinterpret_cast<const char * >(text));
- trim(currentText);
- xmlFree(text);
-}
-
-void Parser::handlePolicy(xmlTextReaderPtr reader,
- TreeNode::TypeID type)
-{
- Policy::CombineAlgorithm algorithm;
-
- //Get first attribute
- xmlChar * combAlg = xmlTextReaderGetAttribute(reader, BAD_CAST("combine"));
-
- Assert(combAlg != NULL && "Parser error while getting attributes");
- algorithm = convertToCombineAlgorithm(combAlg);
-
- //Create TreeNode element
- Policy * policy = NULL;
- if (type == TreeNode::Policy) {
- policy = new Policy();
- } else {
- policy = new PolicySet();
- }
- policy->setCombineAlgorithm(algorithm);
- TreeNode * node = new TreeNode(currentRoot, type, policy);
- //Add new tree node to current's root children set
- if (currentRoot != NULL) {
- currentRoot->addChild(node);
- }
-
- //Switch the current root to the new node
- if (!xmlTextReaderIsEmptyElement(reader)) {
- //Current root switching is necessary only if tag is not empty
- currentRoot = node;
- }
- if (root == NULL) {
- root = currentRoot;
- }
-
- if (NULL == currentRoot) {
- node->releaseResources();
- }
-
- xmlFree(combAlg);
-}
-
-void Parser::handleRule(xmlTextReaderPtr reader)
-{
- ExtendedEffect effect(Inapplicable);
-
- //[CR] create macros for attribute names
- xmlChar * eff = xmlTextReaderGetAttribute(reader, BAD_CAST("effect")); //get the rule attribute
-
- Assert(eff != NULL && "Parser error while getting attributes");
- effect = convertToEffect(eff);
-
- Rule * rule = NULL;
- rule = new Rule();
- rule->setEffect(effect);
-
- TreeNode * node = new TreeNode(currentRoot, TreeNode::Rule, rule);
- //Add new tree node to current's root children set
- if (currentRoot != NULL) { //
- currentRoot->addChild(node);
- }
-
- if (!xmlTextReaderIsEmptyElement(reader)) {
- currentRoot = node;
- }
-
- if (NULL == currentRoot) {
- node->releaseResources();
- }
-
- xmlFree(eff);
-}
-
-void Parser::handleSubject()
-{
- currentSubject = new Subject();
- //TODO what about empty subject tag
-}
-
-void Parser::handleCondition(xmlTextReaderPtr reader)
-{
- Condition::CombineType combineType = Condition::AND;
-
- xmlChar * combine = xmlTextReaderGetAttribute(reader, BAD_CAST("combine")); //get the rule attribute
-
- Assert(combine != NULL && "Parser error while getting attributes");
-
- combineType = *combine == 'a' ? Condition::AND : Condition::OR;
-
- Condition * condition = new Condition();
- condition->setCombineType(combineType);
- condition->setParent(currentCondition);
-
- currentCondition = condition;
- //TODO what about empty condition tag?
-}
-
-//Subject match is handled differently than resource or environment match
-//Because it cannot have any children tags and can only include PCDATA
-void Parser::handleSubjectMatch(xmlTextReaderPtr reader)
-{
- //processing Subject
- int attributes = xmlTextReaderAttributeCount(reader);
-
- xmlChar * func = NULL;
- xmlChar * value = NULL;
- xmlChar * attrName = xmlTextReaderGetAttribute(reader, BAD_CAST("attr")); //get the first attribute
-
- if (attributes == 2) {
- //match attribute ommited, text value will be used
- func = xmlTextReaderGetAttribute(reader, BAD_CAST("func"));
- } else if (attributes == 3) {
- value = xmlTextReaderGetAttribute(reader, BAD_CAST("match"));
- func = xmlTextReaderGetAttribute(reader, BAD_CAST("func"));
- } else {
- Assert(false && "Wrong XML file format");
- }
-
- // creating temporiary object is not good idea
- // but we have no choice untill Attribute have constructor taking std::string*
- std::string temp(reinterpret_cast<const char *>(attrName));
- Attribute * attr = new Attribute(&temp, convertToMatchFunction(
- func), Attribute::Type::Subject);
- if (value != NULL) { //add value of the attribute if possible
- //[CR] consider create Attribute::addValue(char *) function
- std::string temp(reinterpret_cast<const char *>(value));
- attr->addValue(&temp);
- }
- currentAttribute = attr;
-
- if (xmlTextReaderIsEmptyElement(reader)) {
- Assert(value != NULL && "XML file format is wrong");
- //Attribute value is required to obtain the match value easier
- consumeSubjectMatch(value);
- }
-
- if (attributes == 2 || attributes == 3) {
- xmlFree(func);
- }
- xmlFree(value);
- xmlFree(attrName);
-}
-
-void Parser::handleMatch(xmlTextReaderPtr reader,
- Attribute::Type type)
-{
- int attributes = xmlTextReaderAttributeCount(reader);
-
- xmlChar * func = NULL;
- xmlChar * value = NULL;
- xmlChar * attrName = xmlTextReaderGetAttribute(reader, BAD_CAST("attr")); //get the first attribute
-
- if (attributes == 2) {
- //match attribute ommited, text value will be used
- func = xmlTextReaderGetAttribute(reader, BAD_CAST("func"));
- //the content may be resource-attr or PCDATA
- } else if (attributes == 3) {
- value = xmlTextReaderGetAttribute(reader, BAD_CAST("match"));
- func = xmlTextReaderGetAttribute(reader, BAD_CAST("func"));
- } else {
- Assert(false && "Wrong XML file format");
- }
-
- // FunctionParam type is sybtype of Resource.
- // FunctionParam is used to storage attriburess of call functions.
- if (0 ==
- xmlStrncmp(attrName, BAD_CAST(TOKEN_PARAM),
- xmlStrlen(BAD_CAST(TOKEN_PARAM))) && type ==
- Attribute::Type::Resource) {
- type = Attribute::Type::FunctionParam;
- }
-
- std::string temp(reinterpret_cast<const char*>(attrName));
- Attribute * attr = new Attribute(&temp, convertToMatchFunction(func), type);
- currentAttribute = attr;
-
- if (xmlTextReaderIsEmptyElement(reader)) {
- Assert(value != NULL && "XML is currupted");
- std::string tempVal(reinterpret_cast<const char*>(value));
- currentAttribute->addValue(&tempVal);
- consumeCurrentAttribute();
- }
-
- if (attributes == 2 || attributes == 3) {
- xmlFree(func);
- }
- xmlFree(value);
- xmlFree(attrName);
-}
-
-Policy::CombineAlgorithm Parser::convertToCombineAlgorithm(xmlChar* algorithm)
-{
- switch (*algorithm) {
- case 'f':
- if (*(algorithm + 6) == 'a') { //first applicable
- return Policy::FirstApplicable;
- }
- return Policy::FirstTargetMatching;
- case 'd':
- return Policy::DenyOverride;
- case 'p':
- return Policy::PermitOverride;
- default:
- Assert(false && "Wrong combine algorithm name");
- return Policy::DenyOverride;
- }
-}
-
-ExtendedEffect Parser::convertToEffect(xmlChar *effect)
-{
- switch (*effect) {
- case 'd': //deny
- return Deny;
- break;
- case 'p':
- //permit, prompt-blanket, prompt-session, prompt-oneshot
- if (*(effect + 1) == 'e') {
- return ExtendedEffect(Permit, ruleId++);
- }
- switch (*(effect + 7)) {
- case 'b':
- return ExtendedEffect(PromptBlanket, ruleId++);
- case 's':
- return ExtendedEffect(PromptSession, ruleId++);
- case 'o':
- return ExtendedEffect(PromptOneShot, ruleId++);
- default:
- Assert(false && "Effect is Error");
- return ExtendedEffect();
- }
- break;
- default:
- Assert(false && "Effect is Error");
- return ExtendedEffect();
- }
- //return ExtendedEffect(Inapplicable); //unreachable statement
-}
-
-Attribute::Match Parser::convertToMatchFunction(xmlChar * func)
-{
- if (func == NULL) {
- LogError("[ERROR] match function value is NULL");
- return Attribute::Match::Error;
- }
-
- if (*func == 'g') {
- return Attribute::Match::Glob;
- } else if (*func == 'e') {
- return Attribute::Match::Equal;
- } else if (*func == 'r') {
- return Attribute::Match::Regexp;
- } else {
- LogError("[ERROR] match function value is NULL");
- return Attribute::Match::Error;
- }
-}
-
-void Parser::handleAttr(xmlTextReaderPtr reader)
-{
- xmlChar * attrValue = xmlTextReaderGetAttribute(reader, BAD_CAST("attr")); //get the first attribute
- Assert(attrValue != NULL && "Error while obtaining attribute");
-
- std::string temp(reinterpret_cast<const char*>(attrValue));
- currentAttribute->addValue(&temp);
-
- xmlFree(attrValue);
-}
-
-void Parser::consumeCurrentText()
-{
- Assert(currentText != NULL);
- currentAttribute->addValue(currentText);
- delete currentText;
-
- currentText = NULL;
-}
-
-void Parser::consumeCurrentAttribute()
-{
- Assert(currentAttribute != NULL);
-
- currentCondition->addAttribute(*currentAttribute);
- delete currentAttribute;
-
- currentAttribute = NULL;
-}
-
-void Parser::consumeCurrentSubject()
-{
- Policy * policy = dynamic_cast<Policy *>(currentRoot->getElement());
- Assert(policy != NULL);
- policy->addSubject(currentSubject);
- //TODO maybe keep subjects not subject pointers in Policies and consume subjects here
- currentSubject = NULL;
-}
-
-void Parser::consumeCurrentCondition()
-{
- Condition * temp = NULL;
- if (currentCondition != NULL) {
- if (currentCondition->getParent() != NULL) { //Condition is a child of another condition
- currentCondition->getParent()->addCondition(*currentCondition);
- } else { //Condition parent is a Rule
- Rule * rule = dynamic_cast<Rule *>(currentRoot->getElement());
- Assert(rule != NULL);
- rule->setCondition(*currentCondition);
- }
- temp = currentCondition->getParent();
- delete currentCondition;
- }
- currentCondition = temp; //switch current condition ( it may be switched to NULL if condition's parent was rule
-}
-
-void Parser::consumeSubjectMatch(xmlChar * value)
-{
- Assert(
- currentAttribute != NULL &&
- "consuming subject match without attribute set");
-
- if (currentSubject != NULL) {
- currentSubject->addNewAttribute(*currentAttribute);
- //[CR] matching/modyfing functions transform uri.host to uri ( etc. ) so strncmp is not needed, string equality will do
- if (!strncmp(currentAttribute->getName()->c_str(), "uri",
- 3) ||
- !strncmp(currentAttribute->getName()->c_str(), "id", 2)) {
- if (value != NULL) {
- currentSubject->setSubjectId(reinterpret_cast<const char *>(
- value));
- } else if (currentAttribute->getValue()->size()) {
- currentSubject->setSubjectId(
- currentAttribute->getValue()->front());
- } else {
- Assert(false);
- }
- }
- } else if (currentCondition != NULL) {
- currentCondition->addAttribute(*currentAttribute);
- }
-
- delete currentAttribute;
- currentAttribute = NULL;
-}
-
-void Parser::trim(std::string * str)
-{
- std::string::size_type pos = str->find_last_not_of(whitespaces);
- if (pos != std::string::npos) {
- str->erase(pos + 1);
- pos = str->find_first_not_of(whitespaces);
- if (pos != std::string::npos) {
- str->erase(0, pos);
- }
- } else {
- str->erase(str->begin(), str->end());
- LogInfo("Warning, empty string as attribute value");
- }
-}
-
-// KW void Parser::canonicalize(const char * input, const char * output, CanonicalizationAlgorithm canonicalizationAlgorithm){
-// KW
-// KW xmlDocPtr doc = xmlParseFile(input);
-// KW //xmlDocDump(stdout, doc);
-// KW
-// KW if(doc == NULL)
-// KW {
-// KW LogError("Canonicalization error, cannot parser xml file");
-// KW }
-// KW
-// KW
-// KW int mode = -1;
-// KW if(canonicalizationAlgorithm == C14N)
-// KW {
-// KW mode = 0;
-// KW }
-// KW else if(canonicalizationAlgorithm == C14NEXCLUSIVE)
-// KW {
-// KW mode = 1;
-// KW }
-// KW
-// KW
-// KW xmlC14NDocSave(doc, NULL, mode, NULL, 0, output, 0);
-// KW
-// KW xmlFreeDoc(doc);
-// KW
-// KW }
-
-// KW int Parser::extractNodeToFile(xmlTextReaderPtr reader, const char * filename){
-// KW
-// KW xmlNodePtr node = xmlTextReaderExpand(reader);
-// KW xmlBufferPtr buff = xmlBufferCreate();
-// KW xmlNodeDump(buff, node->doc, node, 0, 0);
-// KW FILE * file = fopen(filename, "w");
-// KW if(file == NULL){
-// KW LogError("Error while trying to open file "<<filename);
-// KW return -1;
-// KW }
-// KW int ret = xmlBufferDump(file, buff);
-// KW fclose(file);
-// KW xmlBufferFree(buff);
-// KW return ret;
-// KW
-// KW }
-
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/**
- *
- *
- * @file AceDAOConversions.h
- * @author Grzegorz Krawczyk (g.krawczyk@samsung.com)
- * @version 0.1
- * @brief
- */
-
-#ifndef WRT_ACE_DAO_CONVERSIONS_H_
-#define WRT_ACE_DAO_CONVERSIONS_H_
-
-#include <dpl/string.h>
-#include <ace-dao-ro/BaseAttribute.h>
-
-namespace AceDB {
-namespace AceDaoConversions {
-
-DPL::String convertToHash(const BaseAttributeSet &attributes);
-
-}
-}
-
-#endif
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/**
- *
- *
- * @file AceDAOReadOnly.h
- * @author Krzysztof Jackiewicz (k.jackiewicz@samsung.com)
- * @author Grzegorz Krawczyk (g.krawczyk@samsung.com)
- * @version 0.1
- * @brief
- */
-
-#ifndef ACE_DAO_READ_ONLY_H_
-#define ACE_DAO_READ_ONLY_H_
-
-#include <map>
-
-#include <openssl/md5.h>
-#include <dpl/string.h>
-#include <dpl/exception.h>
-#include <ace-dao-ro/PreferenceTypes.h>
-#include <ace-dao-ro/BaseAttribute.h>
-#include <ace-dao-ro/BasePermission.h>
-#include <ace-dao-ro/AppTypes.h>
-#include <ace-dao-ro/IRequest.h>
-#include <ace/PolicyEffect.h>
-#include <ace/PolicyResult.h>
-#include <ace/PromptDecision.h>
-#include <ace-dao-ro/common_dao_types.h>
-
-namespace AceDB {
-
-typedef std::map<DPL::String, bool> RequestedDevCapsMap;
-typedef DPL::String FeatureName;
-typedef std::vector<FeatureName> FeatureNameVector;
-
-class AceDAOReadOnly
-{
- public:
- class Exception
- {
- public:
- DECLARE_EXCEPTION_TYPE(DPL::Exception, Base)
- DECLARE_EXCEPTION_TYPE(Base, DatabaseError)
- };
-
- AceDAOReadOnly() {}
-
- static void attachToThreadRO(void);
- static void attachToThreadRW(void);
- static void detachFromThread(void);
-
- // policy effect/decision
- static OptionalExtendedPolicyResult getPolicyResult(
- const BaseAttributeSet &attributes);
-
- static OptionalExtendedPolicyResult getPolicyResult(
- const DPL::String &attrHash);
-
- static OptionalCachedPromptDecision getPromptDecision(
- WidgetHandle widgetHandle,
- int ruleId);
-
- // resource settings
- static PreferenceTypes getDevCapSetting(const std::string &resource);
- static void getDevCapSettings(PreferenceTypesMap *preferences);
-
- // user settings
- static void getWidgetDevCapSettings(BasePermissionList *permissions);
- static PreferenceTypes getWidgetDevCapSetting(
- const std::string &resource,
- WidgetHandle handler);
-
- static void getAttributes(BaseAttributeSet *attributes);
-
- // Getter for device capabilities that are requested in widgets config.
- //
- // Additional boolean flag means whether widget will always get
- // (at launch) the SMACK permissions needed to use the device cap).
- //
- // 'permissions' is the map of device cap names and smack status for
- // given widget handle.
- static void getRequestedDevCaps(
- WidgetHandle widgetHandle,
- RequestedDevCapsMap *permissions);
-
- static void getAcceptedFeature(
- WidgetHandle widgetHandle,
- FeatureNameVector *featureVector);
-
- static WidgetHandleList getHandleList();
-
- static AppTypes getWidgetType(WidgetHandle handle);
- static std::string getVersion(WidgetHandle widgetHandle);
- static std::string getAuthorName(WidgetHandle widgetHandle);
- static std::string getGUID(WidgetHandle widgetHandle);
-
- static WidgetCertificateCNList getKeyCommonNameList(
- WidgetHandle widgetHandle,
- WidgetCertificateData::Owner owner,
- WidgetCertificateData::Type type);
- static FingerPrintList getKeyFingerprints(
- WidgetHandle widgetHandle,
- WidgetCertificateData::Owner owner,
- WidgetCertificateData::Type type);
-
- static std::string getShareHref(WidgetHandle widgetHandle);
- static bool isWidgetInstalled(WidgetHandle handle);
-
- protected:
- static int promptDecisionToInt(PromptDecision decision);
- static PromptDecision intToPromptDecision(int decision);
- static int appTypeToInt(AppTypes app_type);
- static AppTypes intToAppType(int app_type);
-};
-
-}
-
-#endif
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/**
- *
- *
- * @file AceDAOUtil.h
- * @author Grzegorz Krawczyk (g.krawczyk@samsung.com)
- * @version 0.1
- * @brief
- */
-
-#ifndef WRT_ACE_DAO_UTILITIES_H_
-#define WRT_ACE_DAO_UTILITIES_H_
-
-#include <dpl/db/thread_database_support.h>
-#include <ace-dao-ro/BaseAttribute.h>
-#include <ace-dao-ro/PreferenceTypes.h>
-#include <ace-dao-ro/VerdictTypes.h>
-#include <orm_generator_ace.h>
-
-namespace AceDB {
-
-namespace AceDaoUtilities {
-
-BaseAttribute::Type intToAttributeType(int val);
-int attributeTypeToInt(BaseAttribute::Type type);
-int preferenceToInt(PreferenceTypes p);
-PreferenceTypes intToPreference(int p);
-VerdictTypes intToVerdict(int v);
-int verdictToInt(VerdictTypes v);
-bool getSubjectByUri(const std::string &uri,
- DPL::DB::ORM::ace::AceSubject::Row &row);
-bool getResourceByUri(const std::string &uri,
- DPL::DB::ORM::ace::AceDevCap::Row &row);
-
-extern DPL::DB::ThreadDatabaseSupport m_databaseInterface;
-
-}
-
-}
-
-#endif
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file AceDatabase.h
- * @author Lukasz Marek (l.marek@samsung.com)
- * @version 1.0
- * @brief This file contains the declaration of ace database
- */
-
-#ifndef WRT_ENGINE_SRC_ACCESS_CONTROL_ACE_DATABASE_H
-#define WRT_ENGINE_SRC_ACCESS_CONTROL_ACE_DATABASE_H
-
-#include <dpl/thread.h>
-#include <dpl/mutex.h>
-
-extern DPL::Mutex g_aceDbQueriesMutex;
-
-#define ACE_DB_INTERNAL(tlsCommand, InternalType, interface) \
- static DPL::ThreadLocalVariable<InternalType> *tlsCommand ## Ptr = NULL; \
- { \
- DPL::Mutex::ScopedLock lock(&g_aceDbQueriesMutex); \
- if (!tlsCommand ## Ptr) { \
- static DPL::ThreadLocalVariable<InternalType> tmp; \
- tlsCommand ## Ptr = &tmp; \
- } \
- } \
- DPL::ThreadLocalVariable<InternalType> &tlsCommand = *tlsCommand ## Ptr; \
- if (tlsCommand.IsNull()) { tlsCommand = InternalType(interface); }
-
-#define ACE_DB_SELECT(name, type, interface) \
- ACE_DB_INTERNAL(name, type::Select, interface)
-
-#define ACE_DB_INSERT(name, type, interface) \
- ACE_DB_INTERNAL(name, type::Insert, interface)
-
-#define ACE_DB_UPDATE(name, type, interface) \
- ACE_DB_INTERNAL(name, type::Update, interface)
-
-#define ACE_DB_DELETE(name, type, interface) \
- ACE_DB_INTERNAL(name, type::Delete, interface)
-
-
-#endif // WRT_ENGINE_SRC_ACCESS_CONTROL_ACE_DATABASE_H
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/**
- *
- *
- * @file AppTypes.h
- * @author Tomasz Swierczek (t.swierczek@samsung.com)
- */
-
-#ifndef ACCESS_CONTROL_DAO_APPTYPES_H_
-#define ACCESS_CONTROL_DAO_APPTYPES_H_
-
-namespace AceDB{
-
-enum class AppTypes
-{
- Unknown,
- WAC20,
- Tizen
-};
-
-}
-
-#endif // ACCESS_CONTROL_DAO_APPTYPES_H_
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/**
- *
- *
- * @file IAttribute.h
- * @author Grzegorz Krawczyk (g.krawczyk@samsung.com)
- * @version 0.1
- * @brief
- */
-
-#ifndef ACCESS_CONTROL_DAO_BASEATTRIBUTE_H_
-#define ACCESS_CONTROL_DAO_BASEATTRIBUTE_H_
-
-#include <list>
-#include <set>
-#include <string>
-#include <dpl/shared_ptr.h>
-#include <dpl/assert.h>
-
-namespace AceDB {
-
-class BaseAttribute;
-typedef DPL::SharedPtr<BaseAttribute> BaseAttributePtr;
-
-class BaseAttribute
-{
-
- public:
- /**
- * Types of attributes
- */
- enum class Type { Subject, Environment, Resource, FunctionParam,
- WidgetParam, Undefined };
-
- struct UnaryPredicate
- {
- public:
- UnaryPredicate(const AceDB::BaseAttribute *comp = NULL) :
- m_priv(comp)
- {
- }
-
- bool operator()(const AceDB::BaseAttributePtr &comp)
- {
- Assert(m_priv != NULL);
- if (m_priv->getName()->compare(*comp->getName()) != 0) {
- return false;
- }
- return m_priv->getType() == comp->getType();
- }
-
- bool operator()(const AceDB::BaseAttributePtr &comp1,
- const AceDB::BaseAttributePtr &comp2)
- {
- if (comp1->getType() != comp2->getType()) {
- return comp1->getType() < comp2->getType();
- }
- return comp1->getName()->compare(*comp2->getName()) < 0;
- }
-
- private:
- const AceDB::BaseAttribute *m_priv;
- };
-
- public:
- BaseAttribute() :
- m_typeId(Type::Undefined),
- m_undetermindState(false)
- {}
-
- virtual void setName(const std::string& name)
- {
- m_name = name;
- }
- virtual void setName(const std::string* name)
- {
- m_name = *name;
- }
-
- virtual void setType(const Type& type)
- {
- m_typeId = type;
- }
- virtual Type getType() const
- {
- return m_typeId;
- }
-
- virtual const std::string* getName() const
- {
- return &m_name;
- }
-
- //TODO think
- virtual void setUndetermind(bool tmp)
- {
- m_undetermindState = tmp;
- }
- virtual bool isUndetermind() const
- {
- return m_undetermindState;
- }
- virtual std::list<std::string> * getValue() const
- {
- return const_cast<std::list<std::string>* >(&value);
- }
- virtual bool isValueEmpty() const
- {
- return value.empty();
- }
-
- virtual void setValue(const std::list<std::string>& arg)
- {
- value = arg;
- }
-
- virtual ~BaseAttribute()
- {
- }
-
- static const char * typeToString(Type type);
-
- virtual std::string toString() const;
-
- protected:
- std::string m_name;
- Type m_typeId;
- bool m_undetermindState;
- std::list<std::string> value; //string bag list
-};
-
-typedef std::set<BaseAttributePtr, BaseAttribute::UnaryPredicate> BaseAttributeSet;
-
-}
-
-#endif
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/**
- *
- *
- * @file IPermission.h
- * @author Grzegorz Krawczyk (g.krawczyk@samsung.com)
- * @version 0.1
- * @brief
- */
-
-#ifndef ACCESS_CONTROL_DAO_BASEPERMISSION_H_
-#define ACCESS_CONTROL_DAO_BASEPERMISSION_H_
-
-#include <ace-dao-ro/PreferenceTypes.h>
-#include <ace-dao-ro/common_dao_types.h>
-
-namespace AceDB{
-
-struct BasePermission
-{
- BasePermission(WidgetHandle handler,
- const std::string& devCap,
- PreferenceTypes accessAllowed) :
- appId(handler),
- devCap(devCap),
- access(accessAllowed)
- {
- }
-
- WidgetHandle appId;
- std::string devCap;
- PreferenceTypes access;
-};
-
-typedef std::list<BasePermission> BasePermissionList;
-
-}
-
-#endif
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/**
- *
- *
- * @file IRequest.h
- * @author Grzegorz Krawczyk (g.krawczyk@samsung.com)
- * @version 0.1
- * @brief
- */
-
-#ifndef ACCESS_CONTROL_DAO_IREQUEST_H_
-#define ACCESS_CONTROL_DAO_IREQUEST_H_
-
-namespace AceDB{
-
-class IRequest
-{
-public:
- virtual ~IRequest(){}
-};
-
-}
-
-#endif
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/**
- *
- *
- * @file PreferenceTypes.h
- * @author Grzegorz Krawczyk (g.krawczyk@samsung.com)
- * @version 0.1
- * @brief
- */
-
-#ifndef ACCESS_CONTROL_DAO_PREFERENCETYPES_H_
-#define ACCESS_CONTROL_DAO_PREFERENCETYPES_H_
-
-#include <map>
-#include <string>
-
-namespace AceDB{
-
-enum class PreferenceTypes
-{
- PREFERENCE_PERMIT,
- PREFERENCE_DENY,
- PREFERENCE_DEFAULT,
- PREFERENCE_BLANKET_PROMPT,
- PREFERENCE_SESSION_PROMPT,
- PREFERENCE_ONE_SHOT_PROMPT
-};
-
-
-typedef std::map<std::string, PreferenceTypes> PreferenceTypesMap;
-
-}
-
-#endif
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/* @file PromptModel.h
- * @author Justyna Mejzner (j.kwiatkowsk@samsung.com)
- * @author Jaroslaw Osmanski (j.osmanski@samsung.com)
- * @version 1.0
- *
- */
-
-#ifndef WRT_SRC_ACCESSCONTROL_ENGINE_PROMPT_MODEL_H_
-#define WRT_SRC_ACCESSCONTROL_ENGINE_PROMPT_MODEL_H_
-
-#include <memory>
-#include <string>
-#include <vector>
-
-#include <dpl/optional_typedefs.h>
-
-namespace Prompt {
-typedef std::vector<std::string> ButtonLabels;
-
-class PromptLabels
-{
-public:
- PromptLabels(int promptType,
- const Prompt::ButtonLabels& questionLabel,
- const std::string& mainLabel);
- DPL::OptionalString getCheckLabel() const;
- bool isAllowed(const size_t buttonNumber) const;
- int getPromptType() const;
- const ButtonLabels& getButtonLabels() const;
- const std::string& getMainLabel() const;
-
-private:
- int m_promptType;
- ButtonLabels m_buttonLabels;
- std::string m_mainLabel;
-};
-
-typedef std::unique_ptr<PromptLabels> PromptLabelsPtr;
-
-enum Validity
-{
- ONCE,
- SESSION,
- ALWAYS
-};
-
-class PromptAnswer
-{
-public:
- PromptAnswer(bool isAccessAllowed, Validity validity);
- PromptAnswer(int aPromptType, unsigned int buttonAns, bool checkAns);
- bool isAccessAllowed() const;
- Validity getValidity() const;
-
-private:
- bool m_isAccessAllowed;
- Validity m_validity;
-};
-
-class PromptModel
-{
- public:
- static PromptLabels* getOneShotModel(const std::string& resourceId);
- static PromptLabels* getSessionModel(const std::string& resourceId);
- static PromptLabels* getBlanketModel(const std::string& resourceId);
-
- enum PromptType
- {
- PROMPT_ONESHOT,
- PROMPT_SESSION,
- PROMPT_BLANKET
- };
-};
-
-} // Prompt
-
-#endif /* WRT_SRC_ACCESSCONTROL_ENGINE_PROMPT_MODEL_H_ */
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/**
- *
- *
- * @file TimedVerdict.h
- * @author Grzegorz Krawczyk (g.krawczyk@samsung.com)
- * @version 0.1
- * @brief
- */
-
-#ifndef ACCESS_CONTROL_DAO_TIMEDVERDICT_H_
-#define ACCESS_CONTROL_DAO_TIMEDVERDICT_H_
-
-#include <ace-dao-ro/VerdictTypes.h>
-
-namespace AceDB{
-
-struct TimedVerdict
-{
- VerdictTypes decision;
- /*Below values are optional,its filled only when verdict depend on session*/
- std::string session;
- int subjectVerdictId;
-};
-
-}
-
-#endif
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/**
- *
- *
- * @file ValidityTypes.h
- * @author Grzegorz Krawczyk (g.krawczyk@samsung.com)
- * @version 0.1
- * @brief
- */
-
-#ifndef ACCESS_CONTROL_DAO_VALIDITYTYPES_H_
-#define ACCESS_CONTROL_DAO_VALIDITYTYPES_H_
-
-namespace AceDB{
-
-enum class ValidityTypes
-{
- ONCE,
- SESSION,
- ALWAYS,
- UNWRITEABLE
-};
-
-}
-
-#endif
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/**
- *
- *
- * @file VerdictTypes.h
- * @author Grzegorz Krawczyk (g.krawczyk@samsung.com)
- * @version 0.1
- * @brief
- */
-
-#ifndef ACCESS_CONTROL_DAO_VERDICTTYPES_H_
-#define ACCESS_CONTROL_DAO_VERDICTTYPES_H_
-
-namespace AceDB{
-
-enum class VerdictTypes
-{
- VERDICT_PERMIT,
- VERDICT_DENY,
- //Verdict is innapplicable if policy evaluate to INAPPLICABLE,
- //in this case WRT should decide what to do
- VERDICT_INAPPLICABLE,
- VERDICT_UNDETERMINED,
- VERDICT_UNKNOWN, //Verdict is unknown if Verdicts manager cannot find it
- VERDICT_ASYNC,
- VERDICT_ERROR
-};
-
-}
-
-#endif
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/**
- *
- * @file common_dao_types.h
- * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
- * @version 1.1
- * @brief This file contains the declaration of common data types for ace database.
- */
-#ifndef ACE_SRC_CONFIGURATION_COMMON_DAO_TYPES_H_
-#define ACE_SRC_CONFIGURATION_COMMON_DAO_TYPES_H_
-
-#include <list>
-#include <dpl/optional_typedefs.h>
-#include <dpl/string.h>
-#include "AppTypes.h"
-
-typedef int WidgetHandle;
-typedef std::list<WidgetHandle> WidgetHandleList;
-
-namespace AceDB {
-
-enum {
- INVALID_PLUGIN_HANDLE = -1
-};
-typedef int DbPluginHandle;
-
-enum CertificateSource {
- SIGNATURE_DISTRIBUTOR = 0,
- SIGNATURE_AUTHOR = 1
-};
-
-struct WidgetRegisterInfo {
- AppTypes type;
- DPL::OptionalString widget_id;
- DPL::OptionalString authorName;
- DPL::OptionalString version;
- DPL::OptionalString shareHref;
-};
-
-typedef std::list <std::string> WidgetCertificateCNList;
-
-struct WidgetCertificateData {
- enum Owner { AUTHOR, DISTRIBUTOR, UNKNOWN };
- enum Type { ROOT, ENDENTITY };
-
- Owner owner;
- Type type;
-
- int chainId;
- std::string strMD5Fingerprint;
- std::string strSHA1Fingerprint;
- DPL::String strCommonName;
-
- bool operator== (const WidgetCertificateData& certData) const {
- return certData.chainId == chainId &&
- certData.owner == owner &&
- certData.strCommonName == strCommonName &&
- certData.strMD5Fingerprint == strMD5Fingerprint &&
- certData.strSHA1Fingerprint == strSHA1Fingerprint;
- }
-};
-typedef std::list<WidgetCertificateData> WidgetCertificateDataList;
-
-typedef std::list<std::string> FingerPrintList;
-
-typedef std::list<std::string> CertificateChainList;
-class IWacSecurity {
- public:
- virtual ~IWacSecurity() {}
- virtual const WidgetCertificateDataList& getCertificateList() const = 0;
- virtual bool isRecognized() const = 0;
- virtual bool isDistributorSigned() const = 0;
- virtual bool isWacSigned() const = 0;
- virtual void getCertificateChainList(CertificateChainList& list) const = 0;
-};
-
-} //namespace AceDB
-
-#endif /* ACE_SRC_CONFIGURATION_COMMON_DAO_TYPES_H_ */
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/**
- *
- *
- * @file AceDAO.h
- * @author Krzysztof Jackiewicz (k.jackiewicz@samsung.com)
- * @version 0.1
- * @brief
- */
-
-#ifndef ACEDAO_H_
-#define ACEDAO_H_
-
-#include <list>
-#include <map>
-#include <string>
-
-#include <dpl/optional_typedefs.h>
-#include <dpl/string.h>
-#include <ace-dao-ro/AceDAOReadOnly.h>
-#include <ace-dao-ro/ValidityTypes.h>
-#include <ace-dao-ro/AppTypes.h>
-
-namespace AceDB {
-/*
- *
- */
-class AceDAO : public AceDAOReadOnly
-{
- public:
-
- AceDAO() {}
-
- // Policy Decisions
- static void setPolicyResult(
- const BaseAttributeSet &attributes,
- const ExtendedPolicyResult &policyResult);
-
- static void removePolicyResult(
- const BaseAttributeSet &attributes);
-
- // PromptDecision
- static void setPromptDecision(
- WidgetHandle widgetHandle,
- int ruleId,
- const DPL::OptionalString &session,
- PromptDecision decision);
-
- static void clearPromptDecisions(void);
-
- // reseting database
- static void clearWidgetDevCapSettings(void);
- static void clearDevCapSettings(void);
- static void clearAllSettings(void);
- static void resetDatabase(void);
- // clears all databse information relevant to policy cache
- static void clearPolicyCache(void);
-
- // resource settings
- static void setDevCapSetting(const std::string &resource,
- PreferenceTypes preference);
- static void removeDevCapSetting(const std::string &resource);
-
- // user settings
- static void setWidgetDevCapSetting(
- const std::string &resource,
- WidgetHandle handler,
- PreferenceTypes);
- static void removeWidgetDevCapSetting(
- const std::string &resource,
- WidgetHandle handler);
-
- // resource and subject management
- static int addResource(const std::string &request);
-
- // utilities
- static void addAttributes(const BaseAttributeSet &attributes);
-
- // Setter for device capabilities that are requested in widgets config.
- //
- // Additional boolean flag means whether widget will always get
- // (at launch) the SMACK permissions needed to use the device cap).
- //
- // 'permissions' is the map of device cap names and smack status for
- // given widget handle.
- static void setRequestedDevCaps(
- WidgetHandle widgetHandle,
- const RequestedDevCapsMap &permissions);
-
- static void setAcceptedFeature(
- WidgetHandle widgetHandle,
- const FeatureNameVector &vector);
-
- static void removeAcceptedFeature(WidgetHandle widgetHandle);
-
- static void registerWidgetInfo(WidgetHandle handle,
- const WidgetRegisterInfo& info,
- const WidgetCertificateDataList& dataList);
- static void unregisterWidgetInfo(WidgetHandle handle);
-
-};
-}
-#endif /* ACEDAO_H_ */
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#ifndef WRT_SRC_ACCESS_CONTROL_LOGIC_ABSTRACT_POLICY_ENFORCEMENT_POINTS_H
-#define WRT_SRC_ACCESS_CONTROL_LOGIC_ABSTRACT_POLICY_ENFORCEMENT_POINTS_H
-
-#include <ace/WRT_INTERFACE.h>
-#include <ace/PolicyResult.h>
-#include <dpl/event/inter_context_delegate.h>
-
-class AbstractPolicyEnforcementPoint
-{
- public:
- typedef DPL::Event::ICDelegate<PolicyResult> ResponseReceiver;
- virtual ExtendedPolicyResult check(Request &request) = 0;
-};
-
-#endif /* WRT_SRC_ACCESS_CONTROL_LOGIC_ABSTRACT_POLICY_ENFORCEMENT_POINTS_H */
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-class AbstractPolicyInformationPoint
-{
- public:
- virtual ~AbstractPolicyInformationPoint() {}
-};
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-//
-//
-//
-// @ Project : Access Control Engine
-// @ File Name : AbstractTreeElement.h
-// @ Date : 2009-05-25
-// @ Author : Samsung
-//
-//
-#if !defined(_ABSTRACTTREEELEMENT_H)
-#define _ABSTRACTTREEELEMENT_H
-
-#include <list>
-#include "Effect.h"
-#include <iostream>
-
-class AbstractTreeElement
-{
- public:
-
- virtual ~AbstractTreeElement()
- {
- }
-
- virtual void printData() = 0;
- protected:
-};
-
-#endif //_ABSTRACTTREEELEMENT_H
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-#ifndef _ASYNCVERDICT_H
-#define _ASYNCVERDICT_H
-
-#include <ace/Verdict.h>
-#include <ace/WRT_INTERFACE.h>
-#include <ace/Request.h>
-
-class AsyncVerdictResultListener
-{
- public:
- virtual void onVerdict(const Verdict &verdict,
- const Request *request) = 0;
- virtual ~AsyncVerdictResultListener()
- {
- }
-};
-
-#endif
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-//
-//
-//
-// @ Project : Access Control Engine
-// @ File Name : Attribute.h
-// @ Date : 2009-05-06
-// @ Author : Samsung
-//
-//
-
-#if !defined(_ATTRIBUTE_H)
-#define _ATTRIBUTE_H
-
-#include <string>
-#include <iostream>
-#include <set>
-#include <list>
-
-#include <ace-dao-ro/BaseAttribute.h>
-
-class Attribute : public AceDB::BaseAttribute
-{
- public:
- /**
- * Types of match functions
- */
- enum class Match { Equal, Glob, Regexp, Error };
- /**
- * Types of attribute value modifiers
- */
- enum class Modifier { Non, Scheme, Authority, SchemeAuthority, Host, Path };
- /**
- * Possible match results
- */
- enum class MatchResult { MRUndetermined = -1, MRFalse = 0, MRTrue = 1};
-
- public:
-
- /**
- * New attribute constructor
- * @param name name of the new attribute
- * @param matchFunction match function used in the attribute
- * @param type attribute type
- */
- Attribute(const std::string *name,
- const Match matchFunction,
- const Type type);
-
-
- /**
- * Constructor used to create default attribute ( used for unit tests )
- * @param nm name of the default attribute
- */
- Attribute(const std::string& nm) :
- matchFunction(Match::Error),
- modifierFunction(Modifier::Non)
- {
- m_name = nm;
- m_typeId = Type::Subject;
- m_undetermindState = false;
- }
-
- /**
- * Destructor
- */
- virtual ~Attribute();
-
- std::list<std::string> * getValue() const
- {
- return AceDB::BaseAttribute::getValue();
- }
- Match getMatchFunction() const
- {
- return matchFunction;
- }
-
- /* --- Setters --- */
- void addValue (const std::string *value);
-
- MatchResult matchAttributes(const BaseAttribute *) const;
-
- /**
- * Operator used in for attribute set,used to distinguished only attribute names
- * It cannot take attribute type into consideration
- */
- bool operator< (const Attribute & obj) const
- {
- int result = this->m_name.compare(*obj.getName());
- if (result == 0) { //If names are equal check attribute types
- if (this->m_typeId < obj.getType()) {
- result = -1;
- } else if (this->m_typeId > obj.getType()) {
- result = 1;
- }
- }
- //If result is negative that means that 'this' was '<' than obj
- return result < 0;
- }
-
- /** Checks if object type is equal to argument */
- bool instanceOf(Type type_)
- {
- return type_ == m_typeId;
- }
-
- friend std::ostream & operator<<(std::ostream & out,
- const Attribute & attr);
-
- protected:
-
- bool searchAndCut(const char *);
-
- /*
- * URI definition from rfc2396
- *
- * <scheme>://<authority><path>?<query>
- * Each of the components may be absent, apart from the scheme.
- * Host is a part of authority as in definition below:
- *
- * authority = server | reg_name
- * server = [ [ userinfo "@" ] hostport ]
- * <userinfo>@<host>:<port>
- *
- * Extract from rfc2396
- * The authority component is preceded by a double slash "//" and is
- * terminated by the next slash "/", question-mark "?", or by the end of
- * the URI. Within the authority component, the characters ";", ":",
- * "@", "?", and "/" are reserved.
- *
- * Modifiers should return pointer to empty string if given part of string was empty.
- * Modifiers should return NULL if the string to be modified was not an URI.
- */
- std::string * uriScheme(const std::string *) const;
- std::string * uriAuthority(const std::string *) const;
- std::string * uriSchemeAuthority(const std::string *) const;
- std::string * uriHost(const std::string *) const;
- std::string * uriPath(const std::string *) const;
- std::string * applyModifierFunction(const std::string * val) const;
-
- bool parse(const std::string *input,
- std::string *part) const;
- bool find_error(const std::string *part) const;
-
- bool checkScheme(const std::string *scheme) const;
- bool checkAuthority(const std::string *scheme) const;
- std::string * getHost(const std::string *scheme) const;
- bool checkPath(const std::string *scheme) const;
-
- bool isSchemeAllowedCharacter(int c) const;
- bool isSegmentAllowedCharacter(int c) const;
- bool isUserInfoAllowedString(const std::string *str) const;
- bool isHostAllowedString(const std::string *str) const;
- bool isHostNameAllowedString(const std::string * str) const;
- bool isIPv4AllowedString(const std::string * str) const;
- bool isDomainLabelAllowedString(const char * data,
- int lenght) const;
- bool isTopLabelAllowedString(const char* data,
- int lenght) const;
-
- bool isUnreserved(int c) const;
- bool isAlphanum(int c) const;
- bool isEscaped(const char esc[3]) const;
- bool isHex(int c) const;
-
- MatchResult lists_comparator(
- const std::list<std::string> *first,
- const std::list<std::string> *second,
- MatchResult (*comparator)(const std::string *,
- const std::string *)) const;
-
- /**
- * Map used to check if character is a 'mark'
- */
- static const bool mark[256];
- /**
- * Map used to check if character is a 'digit'
- *
- */
- static const bool digit[256];
- /**
- * Map used to check if character is an 'alphanumeric' value
- *
- */
- static const bool alpha[256];
-
- protected:
- Match matchFunction;
- Modifier modifierFunction;
-};
-
-typedef AceDB::BaseAttributeSet AttributeSet;
-
-//TODO remove later or ifdef debug methods
-void printAttributes(const AttributeSet& attrs);
-void printAttributes(const std::list<Attribute> & attrs);
-
-#endif //_ATTRIBUTE_H
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-//
-//
-//
-// @ Project : Access Control Engine
-// @ File Name : Combiner.h
-// @ Date : 2009-05-06
-// @ Author : Samsung
-//
-//
-
-#if !defined(_COMBINER_H)
-#define _COMBINER_H
-
-#include <set>
-
-#include <ace/Attribute.h>
-#include <ace/TreeNode.h>
-
-class Combiner
-{
- protected:
-
- const AttributeSet * attrSet;
-
- public:
-
- virtual ExtendedEffect combineRules(const TreeNode * rule) = 0;
- virtual ExtendedEffect combinePolicies(const TreeNode * policy) = 0;
-
- const AttributeSet * getAttributeSet() const
- {
- return this->attrSet;
- }
- void setAttributeSet(const AttributeSet * attrSet)
- {
- this->attrSet = attrSet;
- }
- virtual ~Combiner()
- {
- } //attrSet is deleted elsewhere
-};
-
-#endif //_COMBINER_H
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-//
-//
-//
-// @ Project : Access Control Engine
-// @ File Name : CombinerImpl.h
-// @ Date : 2009-05-06
-// @ Author : Samsung
-//
-//
-
-#ifndef _COMBINER_IMPL_H
-#define _COMBINER_IMPL_H
-
-#include <list>
-#include <dpl/log/log.h>
-
-#include "Combiner.h"
-#include "Effect.h"
-#include "Policy.h"
-#include "Subject.h"
-
-class CombinerImpl : public Combiner
-{
- public:
-
- virtual ExtendedEffect combineRules(const TreeNode * rule);
- virtual ExtendedEffect combinePolicies(const TreeNode * policy);
-
- virtual ~CombinerImpl()
- {
- }
-
- protected:
-
- bool checkIfTargetMatches(const std::list<const Subject *> * subjectsSet,
- bool &isUndetermined);
-
- ExtendedEffect combine(Policy::CombineAlgorithm algorithm,
- ExtendedEffectList &effects);
-
- ExtendedEffect denyOverrides(const ExtendedEffectList &effects);
- ExtendedEffect permitOverrides(const ExtendedEffectList &effects);
- ExtendedEffect firstApplicable(const ExtendedEffectList &effects);
- ExtendedEffect firstMatchingTarget(const ExtendedEffectList &effects);
-
- std::list<int> * convertEffectsToInts(const std::list<Effect> * effects);
- Effect convertIntToEffect(int intEffect);
-
- void showEffectList(ExtendedEffectList & effects)
- {
- ExtendedEffectList::iterator it = effects.begin();
- for (; it != effects.end(); ++it) {
- LogDebug(toString(*it));
- }
- }
-
- private:
- bool isError(const ExtendedEffectList &effects);
-};
-
-#endif //_COMBINERIMPL_H
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-//
-// File: Condition.h
-// Author: notroot
-//
-// Created on June 3, 2009, 9:00 AM
-//
-#ifndef _CONDITION_H
-#define _CONDITION_H
-
-#include <list>
-#include <set>
-#include <iostream>
-#include <dpl/foreach.h>
-
-#include "Attribute.h"
-#include "Effect.h"
-#include "TreeNode.h"
-
-class Condition
-{
- public:
- enum CombineType
- {
- AND, OR
- };
-
- void addCondition(const Condition & condition)
- {
- this->conditions.push_back(condition);
- }
-
- void addAttribute(const Attribute & attribute)
- {
- this->attributes.push_back(attribute);
- }
-
- void setCombineType(CombineType type)
- {
- this->combineType = type;
- }
-
- Condition() : combineType(AND),
- parent(NULL)
- {
- }
-
- Condition(CombineType type) : combineType(type),
- parent(NULL)
- {
- }
-
- virtual ~Condition()
- {
- }
-
- Condition * getParent()
- {
- return this->parent;
- }
-
- void setParent(Condition * condition)
- {
- this->parent = condition;
- }
-
- Attribute::MatchResult evaluateCondition(
- const AttributeSet * attrSet) const;
-
- friend std::ostream & operator<<(std::ostream & out,
- Condition & condition)
- {
- FOREACH (it, condition.attributes)
- {
- out << *it;
- }
- return out;
- }
- //[CR] change function name
- void getAttributes(AttributeSet * attrSet);
-
- private:
- Attribute::MatchResult evaluateChildConditions(
- const AttributeSet * attrSet,
- bool &isFinalMatch,
- bool & undefinedMatchFound) const;
-
- Attribute::MatchResult evaluateAttributes(
- const AttributeSet * attrSet,
- bool& isFinalMatch,
- bool & undefinedMatchFound) const;
-
- // KW Attribute::MatchResult performANDalgorithm(const std::set<Attribute> * attributes) const;
-
- // KW Attribute::MatchResult performORalgorithm(const std::set<Attribute> * attributes) const;
-
- bool isEmpty() const
- {
- return attributes.empty() && conditions.empty();
- }
-
- bool isAndCondition() const
- {
- return combineType == AND;
- }
-
- bool isOrCondition() const
- {
- return combineType == OR;
- }
-
- std::list<Condition> conditions;
- CombineType combineType;
- std::list<Attribute> attributes;
- Condition *parent;
-};
-
-#endif /* _CONDITION_H */
-
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-#ifndef _CONFIGURATIONMANAGER_H_
-#define _CONFIGURATIONMANAGER_H_
-
-#include <list>
-#include <string.h>
-#include <string>
-#include "Constants.h"
-#include <iostream>
-#include <dpl/log/log.h>
-
-enum class PolicyType {
- WAC2_0,
- Tizen
-};
-
-#define POLICY_NAME_WAC2_0 "WAC2.0"
-#define POLICY_NAME_TIZEN "Tizen"
-#define POLICY_WIDGET_TYPE_ATTRIBUTE_NAME "WrtSecurity.WidgetPolicyType"
-
-#pragma message "ATTR_ACTIVE_POLICY BAD_CAST, PARSER_ERROR, PARSER_SUCCESS\
- macros are DEPRECATED"
-#define ATTR_ACTIVE_POLICY BAD_CAST("active") // !! DEPRECATED !!
-#define PARSER_ERROR 1 // !! DEPRECATED !!
-#define PARSER_SUCCESS 0 // !! DEPRECATED !!
-
-class ConfigurationManager
-{
- public:
- // !! DEPRECATED !!
- enum ConfigurationManagerResult
- {
- CM_OPERATION_SUCCESS = 0,
- CM_GENERAL_ERROR = -1,
- CM_FILE_EXISTS = -2,
- CM_REMOVE_ERROR = -3,
- CM_REMOVE_CURRENT = -4,
- CM_REMOVE_NOT_EXISTING = -5
- };
-
- // !! DEPRECATED !!
- std::string getCurrentPolicyFile(void) const;
- std::string getFullPathToCurrentPolicyFile(void) const;
- std::string getFullPathToCurrentPolicyXMLSchema(void) const;
- int addPolicyFile(const std::string & filePath);
- int removePolicyFile(const std::string& fileName);
- int changeCurrentPolicyFile(const std::string& filePath);
- std::string extractFilename(const std::string& path) const;
-
- /**
- * ACE policy file path getter
- * @return Full path to policy file
- */
- std::string getFullPathToPolicyFile(PolicyType policy) const;
-
- /**
- * ACE policy dtd file path getter
- * @return Full path to ACE current policy file
- */
- std::string getFullPathToPolicyXMLSchema(void) const;
-
- /**
- * ACE policy storage path getter
- * @return Full path to ACE policy file storage
- */
- std::string getStoragePath(void) const;
-
- /**
- * Method to obtain instance of configuration manager
- * @return retuns pointer to configuration manager or NULL in case of error
- */
- static ConfigurationManager * getInstance()
- {
- if (!instance) {
- instance = new ConfigurationManager();
- }
- return instance;
- }
-
- protected:
-
- // !! DEPRECATED !!
- int parse(const std::string&);
- bool copyFile(FILE*, FILE*, int lenght = 1024) const;
- bool checkIfFileExistst(const std::string&) const;
- const std::list<std::string> & getPolicyFiles() const;
- const std::string & getConfigFile() const;
-
- ConfigurationManager()
- {
- }
- virtual ~ConfigurationManager()
- {
- }
-
-private:
-
- static ConfigurationManager * instance;
-};
-
-#endif
-
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/**
- * @file Constants.h
- * @author Piotr Fatyga (p.fatyga@samsung.com)
- * @version 0.1
- * @brief
- */
-
-#ifndef _CONSTANTS_H
-#define _CONSTANTS_H
-
-#define ACE_MAIN_STORAGE "/usr/etc/ace"
-#define ACE_WAC_POLICY_FILE_NAME "/WAC2.0Policy.xml"
-#define ACE_TIZEN_POLICY_FILE_NAME "/TizenPolicy.xml"
-#define ACE_DTD_LOCATION ACE_MAIN_STORAGE "/bondixml.dtd"
-
-// !! DEPRECATED !!
-#pragma message "ACE_CONFIGURATION_PATH, ACE_CONFIGURATION_DTD \
- macros are DEPRECATED"
-#define ACE_CONFIGURATION_PATH ACE_MAIN_STORAGE "/config.xml"
-#define ACE_CONFIGURATION_DTD ACE_MAIN_STORAGE "/config.dtd"
-
-/////////////////FOR GUI//////////////////////
-
-#define MYSTERIOUS_BITMAP "/usr/apps/org.tizen.policy/d.png"
-#define MYSTERIOUS_BITMAP2 "/usr/apps/org.tizen.policy/file.png"
-
-///////////////////FOR TESTS//////////////////////////
-
-#define COMBINER_TEST "/usr/etc/ace/CMTest/com_general-test.xml"
-#define CONFIGURATION_MGR_TEST_PATH "/usr/etc/ace/CMTest/"
-#define CONFIGURATION_MGR_TEST_CONFIG ACE_MAIN_STORAGE "/CMTest/pms_config.xml"
-#define CONFIGURATION_MGR_TEST_POLICY_STORAGE ACE_MAIN_STORAGE "/CMTest/active"
-#define CONFIGURATION_MGR_TEST_POLICY_STORAGE_MOVED ACE_MAIN_STORAGE \
- "/CMTest/activeMoved"
-#define CONFIGURATION_MGR_TEST_POLICY CONFIGURATION_MGR_TEST_POLICY_STORAGE \
- "/pms_general-test.xml"
-#define POLICIES_TO_SIGN_DIR ACE_MAIN_STORAGE "/SignerTests/"
-
-#define OUTPUT_DIR ACE_MAIN_STORAGE "/SignerTests/signedPolicies/"
-#define PRIVATE_KEY_DIR ACE_MAIN_STORAGE "/SignerTests/PrvKey/"
-#define X509_DATA_BASE_DIR ACE_MAIN_STORAGE "/SignerTests/X509Data/"
-
-#endif /* _CONSTANTS_H */
-
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-//
-//
-//
-// @ Project : Access Control Engine
-// @ File Name : Effect.h
-// @ Date : 2009-05-06
-// @ Author : Samsung
-//
-//
-
-#ifndef _EFFECT_H_
-#define _EFFECT_H_
-
-#include <list>
-
-typedef int RuleId;
-
-enum Effect
-{
- Deny =0,
- Undetermined=1, // jk mb added this enum, so the ones below are inceremented!!!!!!!
- PromptOneShot =2,
- PromptSession =3,
- PromptBlanket =4,
- Permit =5,
- Inapplicable =6,
- NotMatchingTarget=7,
- Error=8,
-};
-
-struct ExtendedEffect {
-public:
- ExtendedEffect(Effect effect = Error, RuleId ruleId = -1)
- : m_effect(effect)
- , m_ruleId(ruleId)
- {}
-
- ExtendedEffect(const ExtendedEffect &second)
- : m_effect(second.m_effect)
- , m_ruleId(second.m_ruleId)
- {}
-
- ExtendedEffect& operator=(const ExtendedEffect &second) {
- m_effect = second.m_effect;
- m_ruleId = second.m_ruleId;
- return *this;
- }
-
- Effect getEffect() const { return m_effect; }
-
- RuleId getRuleId() const { return m_ruleId; }
-
-private:
- Effect m_effect;
- RuleId m_ruleId;
-};
-
-typedef std::list<ExtendedEffect> ExtendedEffectList;
-
-inline const char *toString(const ExtendedEffect &effect)
-{
- const char * temp = "";
-
- switch (effect.getEffect()) {
- case Deny:
- temp = "Deny";
- break;
- case Undetermined:
- temp = "Undetermined";
- break;
- case PromptOneShot:
- temp = "PromptOneShot";
- break;
- case PromptSession:
- temp = "PromptSession";
- break;
- case PromptBlanket:
- temp = "PromptBlanket";
- break;
- case Permit:
- temp = "Permit";
- break;
- case Inapplicable:
- temp = "Inapplicable";
- break;
- case NotMatchingTarget:
- temp = "NotMatchingTarget";
- break;
- case Error:
- temp = "Error";
- break;
- default:;
- }
- return temp;
-}
-
-#endif //_EFFECT_H_
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-//
-//
-//
-// @ Project : Access Control Engine
-// @ File Name : PermissionTriple.h
-// @ Date : 2009-05-06
-// @ Author : Samsung
-//
-//
-
-#if !defined(_PERMISSION_TRIPLE_H)
-#define _PERMISSION_TRIPLE_H
-
-#include <string>
-#include <list>
-#include <ace-dao-ro/PreferenceTypes.h>
-#include <ace-dao-ro/BasePermission.h>
-
-typedef AceDB::BasePermission PermissionTriple;
-typedef AceDB::BasePermissionList PermissionList;
-
-struct GeneralSetting
-{
- GeneralSetting(const std::string& resourceName,
- AceDB::PreferenceTypes accessAllowed) : generalSettingName(resourceName),
- access(accessAllowed)
- {
- }
- std::string generalSettingName;
- AceDB::PreferenceTypes access;
-};
-
-#endif //_PERMISSION_TRIPLE_H
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-//
-//
-//
-// @ Project : Access Control Engine
-// @ File Name : Policy.h
-// @ Date : 2009-05-06
-// @ Author : Samsung
-//
-//
-
-#if !defined(_POLICY_H)
-#define _POLICY_H
-
-#include <list>
-
-#include <ace/AbstractTreeElement.h>
-#include <ace/Effect.h>
-#include <ace/Attribute.h>
-#include <ace/Subject.h>
-#include <iostream>
-#include <dpl/noncopyable.h>
-
-class Policy : public AbstractTreeElement,
- DPL::Noncopyable
-{
- public:
- enum CombineAlgorithm { DenyOverride, PermitOverride, FirstApplicable,
- FirstTargetMatching };
-
- Policy()
- {
- combineAlgorithm = DenyOverride;
- subjects = new std::list<const Subject *>();
- }
-
- CombineAlgorithm getCombineAlgorithm() const
- {
- return this->combineAlgorithm;
- }
-
- void setCombineAlgorithm(CombineAlgorithm algorithm)
- {
- this->combineAlgorithm = algorithm;
- }
-
- const std::list<const Subject *> * getSubjects() const
- {
- return this->subjects;
- }
-
- void addSubject(const Subject * subject)
- {
- if (this->subjects == NULL) {
- return;
- }
- this->subjects->push_back(subject);
- }
-
- virtual ~Policy();
-
- void printData();
-
- std::string printCombineAlgorithm(CombineAlgorithm algorithm);
-
- private:
- std::list<const Subject *> *subjects;
- CombineAlgorithm combineAlgorithm;
-};
-
-const char * toString(Policy::CombineAlgorithm algorithm);
-
-#endif //_POLICY_H
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file PolicyEffect.h
- * @author B.Grzelewski (b.grzelewski@samsung.com)
- * @version 1.0
- * @brief This file contains the declaration of PolicyEffect type.
- */
-#ifndef _SRC_ACCESS_CONTROL_COMMON_POLICY_EFFECT_H_
-#define _SRC_ACCESS_CONTROL_COMMON_POLICY_EFFECT_H_
-
-enum class PolicyEffect {
- DENY = 0,
- PERMIT,
- PROMPT_ONESHOT,
- PROMPT_SESSION,
- PROMPT_BLANKET
-};
-
-inline static std::ostream & operator<<(std::ostream& stream,
- PolicyEffect effect)
-{
- switch (effect) {
- case PolicyEffect::DENY: stream << "DENY"; break;
- case PolicyEffect::PERMIT: stream << "PERMIT"; break;
- case PolicyEffect::PROMPT_ONESHOT: stream << "PROMPT_ONESHOT"; break;
- case PolicyEffect::PROMPT_SESSION: stream << "PROMPT_SESSION"; break;
- case PolicyEffect::PROMPT_BLANKET: stream << "PROMPT_BLANKET"; break;
- default: Assert(false && "Invalid PolicyEffect constant");
- }
- return stream;
-}
-
-#endif // _SRC_ACCESS_CONTROL_COMMON_POLICY_EFFECT_H_
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/**
- * This class simply redirects the access requests to access control engine.
- * The aim is to hide access control engine specific details from WRT modules.
- * It also implements WRT_INTERFACE.h interfaces, so that ACE could access
- * WRT specific and other information during the decision making.
- *
- * @file security_logic.h
- * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com)
- * @author Ming Jin(ming79.jin@samsung.com)
- * @brief Implementation file for security logic
- */
-#ifndef POLICY_ENFORCEMENT_POINT_H
-#define POLICY_ENFORCEMENT_POINT_H
-
-#include <memory>
-#include <string>
-#include <map>
-
-//#include <glib/gthread.h>
-//#include <glib/gerror.h>
-//#include <glib.h>
-
-//#include <dpl/optional.h>
-#include <dpl/event/inter_context_delegate.h>
-#include <dpl/event/property.h>
-
-#include <ace/AbstractPolicyEnforcementPoint.h>
-#include <ace/PolicyResult.h>
-
-// Forwards
-class IWebRuntime;
-class IResourceInformation;
-class IOperationSystem;
-class PolicyEvaluator;
-class PolicyInformationPoint;
-class Request;
-
-class PolicyEnforcementPoint : public AbstractPolicyEnforcementPoint
-{
- public:
- OptionalExtendedPolicyResult checkFromCache(Request &request);
- ExtendedPolicyResult check(Request &request);
- OptionalExtendedPolicyResult check(Request &request,
- bool fromCacheOnly);
-
- virtual ~PolicyEnforcementPoint();
-
- class PEPException
- {
- public:
- DECLARE_EXCEPTION_TYPE(DPL::Exception, Base)
- DECLARE_EXCEPTION_TYPE(Base, AlreadyInitialized)
- };
-
- /**
- * This function take ownership of objects pass in call.
- * Object will be deleted after call Deinitialize function.
- */
- void initialize(IWebRuntime *wrt,
- IResourceInformation *resource,
- IOperationSystem *operation);
- void terminate();
-
- void updatePolicy(const std::string &policy);
- void updatePolicy();
-
- PolicyEvaluator *getPdp() const { return this->m_pdp; }
- PolicyInformationPoint *getPip() const { return this->m_pip; }
-
- protected:
- PolicyEnforcementPoint();
- friend class SecurityLogic;
- private: // private data
- IWebRuntime *m_wrt;
- IResourceInformation *m_res;
- IOperationSystem *m_sys;
- PolicyEvaluator *m_pdp;
- PolicyInformationPoint *m_pip;
-};
-
-#endif // POLICY_ENFORCEMENT_POINT_H
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-//
-//
-//
-// @ Project : Access Control Engine
-// @ File Name : PolicyEvaluator.h
-// @ Date : 2009-05-06
-// @ Author : Samsung
-//
-//
-
-#ifndef _POLICY_EVALUATOR_H
-#define _POLICY_EVALUATOR_H
-
-#include <memory>
-#include <set>
-#include <string>
-
-#include <dpl/event/event_listener.h>
-#include <dpl/log/log.h>
-#include <dpl/noncopyable.h>
-
-#include <ace/AsyncVerdictResultListener.h>
-#include <ace/Attribute.h>
-#include <ace/ConfigurationManager.h>
-#include <ace/Constants.h>
-#include <ace/Effect.h>
-#include <ace/Policy.h>
-#include <ace/PolicyInformationPoint.h>
-#include <ace/PolicyResult.h>
-#include <ace/Request.h>
-#include <ace/Subject.h>
-#include <ace/Verdict.h>
-#include <ace/UserDecision.h>
-#include <ace/CombinerImpl.h>
-
-
-class PolicyEvaluator : DPL::Noncopyable
-{
- protected:
-
- /**
- * Internal method used to initiate policy evaluation. Called after attribute set has been fetched
- * by PIP.
- * @param root root of the policies tree to be evaluated
- */
- virtual ExtendedEffect evaluatePolicies(const TreeNode * root);
-
- // !! DEPRECATED !!
- enum updateErrors
- {
- POLICY_PARSING_SUCCESS = 0,
- POLICY_FILE_ERROR = 1,
- PARSER_CREATION_ERROR,
- POLICY_PARSING_ERROR
- };
- private:
- AttributeSet m_attributeSet;
-
- TreeNode *m_uniform_policy, *m_wac_policy, *m_tizen_policy;
- std::string m_currentPolicyFile;
- PolicyType m_policy_to_use;
-
- Combiner * m_combiner;
- AsyncVerdictResultListener * m_verdictListener;
- PolicyInformationPoint * m_pip;
-
- /**
- * @return current policy Tree acc. to m_policy_to_use
- */
- TreeNode * getCurrentPolicyTree();
-
- /**
- * Method used to extract attributes from subtree defined by PolicySet
- * @param root original TreeStructure root node
- * @param newRoot copy of TreeStructure containing only policies that matches current request
- *
- */
- void extractAttributesFromSubtree(const TreeNode *root);
-
- /**
- * Method used to extract attributes from Tree Structure
- * @return pointer to set of attributes needed to evaluate current request
- * @return if extraction has been successful
- * TODO return reducte tree structure
- * TODO change comments
- */
- bool extractAttributesFromRules(const TreeNode *);
-
- /**
- * Extracts attributes from target of a given policy that are required to be fetched by PIP
- */
- void extractTargetAttributes(const Policy *policy);
- bool extractAttributes(TreeNode*);
-
- OptionalExtendedPolicyResult getPolicyForRequestInternal(bool fromCacheOnly);
- PolicyResult effectToPolicyResult(Effect effect);
-
- /**
- * Return safe policy tree in case of error with loading policy from file
- */
- TreeNode * getDefaultSafePolicyTree(void);
-
- public:
- PolicyEvaluator(PolicyInformationPoint * pip);
-
- bool extractAttributesTest()
- {
- m_attributeSet.clear();
- if (!extractAttributes(m_uniform_policy)) {
- LogInfo("Warnign attribute set cannot be extracted. Returning Deny");
- return true;
- }
-
- return extractAttributes(m_uniform_policy);
- }
-
- AttributeSet * getAttributeSet()
- {
- return &m_attributeSet;
- }
-
- virtual bool initPDP();
- virtual ~PolicyEvaluator();
- virtual ExtendedPolicyResult getPolicyForRequest(const Request &request);
- virtual OptionalExtendedPolicyResult getPolicyForRequestFromCache(
- const Request &request);
- virtual OptionalExtendedPolicyResult getPolicyForRequest(const Request &request,
- bool fromCacheOnly);
- bool fillAttributeWithPolicy();
-
- virtual int updatePolicy(const char *);
- // This function updates policy from well known locations
- virtual void updatePolicy();
-
- std::string getCurrentPolicy();
-};
-
-#endif //_POLICYEVALUATOR_H
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/**
- * @file AbstractObjectFactory.h
- * @author Piotr Fatyga (p.fatyga@samsung.com)
- * @version 0.1
- * @brief
- */
-
-#ifndef _ABSTRACTOBJECTFACTORY_H
-#define _ABSTRACTOBJECTFACTORY_H
-
-#include <ace/PolicyEvaluator.h>
-
-class AbstractPolicyEvaluatorFactory
-{
- public:
- virtual PolicyEvaluator * createPolicyEvaluator(PolicyInformationPoint *pip)
- const = 0;
-};
-
-class PolicyEvaluatorFactory : public AbstractPolicyEvaluatorFactory
-{
- public:
- PolicyEvaluator * createPolicyEvaluator(PolicyInformationPoint *pip) const
- {
- return new PolicyEvaluator(pip);
- }
-};
-
-#endif /* _ABSTRACTOBJECTFACTORY_H */
-
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-//
-//
-//
-// @ Project : Access Control Engine
-// @ File Name : PolicyInformationPoint.h
-// @ Date : 2009-05-06
-// @ Author : Samsung
-//
-//
-
-#ifndef _POLICY_INFORMATION_POINT_H
-#define _POLICY_INFORMATION_POINT_H
-
-#include <set>
-
-#include <ace/Attribute.h>
-#include <ace/Request.h>
-#include <ace/WRT_INTERFACE.h>
-#include <ace-dao-ro/BaseAttribute.h>
-#include <dpl/noncopyable.h>
-
-typedef int PipResponse;
-
-class PolicyInformationPoint : public DPL::Noncopyable
-{
- private:
-
- /** queries for interfaces*/
- std::list<ATTRIBUTE> resourceAttributesQuery;
- std::list<ATTRIBUTE> environmentAttributesQuery;
- std::list<ATTRIBUTE> subjectAttributesQuery;
- std::list<ATTRIBUTE> functionParamAttributesQuery;
- std::list<ATTRIBUTE> widgetParamAttributesQuery;
-
- /** create queries */
- void createQueries(AttributeSet* attributes);
-
- IWebRuntime* wrtInterface;
- IResourceInformation* resourceInformation;
- IOperationSystem* operationSystem;
-
- public:
- static const int ERROR_SHIFT_RESOURCE = 3;
- static const int ERROR_SHIFT_OS = 6;
- static const int ERROR_SHIFT_FP = 9;
-
- /** Mask used to identify PIP error */
- enum ResponseTypeMask
- {
- SUCCESS = 0,
- /* WebRuntime Error */
- WRT_UNKNOWN_SUBJECT = 1 << 0,
- WRT_UNKNOWN_ATTRIBUTE = 1 << 1,
- WRT_INTERNAL_ERROR = 1 << 2,
- /* Resource Information Storage Error */
- RIS_UNKNOWN_RESOURCE = 1 << 3,
- RIS_UNKNOWN_ATTRIBUTE = 1 << 4,
- RIS_INTERNAL_ERROR = 1 << 5,
- /*Operating system */
- OS_UNKNOWN_ATTRIBUTE = 1 << 6,
- OS_INTERNAL_ERROR = 1 << 7
- };
-
- //TODO add checking values of attributes
- /** gather attributes values from adequate interfaces */
- virtual PipResponse getAttributesValues(const Request* request,
- AttributeSet* attributes);
- virtual ~PolicyInformationPoint();
- PolicyInformationPoint(IWebRuntime *wrt,
- IResourceInformation *resource,
- IOperationSystem *system);
- virtual void update(IWebRuntime *wrt,
- IResourceInformation *resource,
- IOperationSystem *system)
- {
- wrtInterface = wrt;
- resourceInformation = resource;
- operationSystem = system;
- }
- IWebRuntime * getWebRuntime()
- {
- return wrtInterface;
- }
-};
-
-#endif //_POLICY_INFORMATION_POINT_H
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#ifndef _SRC_ACCESS_CONTROL_COMMON_POLICY_RESULT_H_
-#define _SRC_ACCESS_CONTROL_COMMON_POLICY_RESULT_H_
-
-#include <dpl/assert.h>
-#include <dpl/optional.h>
-#include <dpl/optional_typedefs.h>
-
-#include <ace/PolicyEffect.h>
-
-typedef DPL::Optional<PolicyEffect> OptionalPolicyEffect;
-
-class PolicyDecision
-{
-public:
- enum Value { NOT_APPLICABLE = -1 };
-
- PolicyDecision(PolicyEffect effect)
- : m_isPolicyEffect(true)
- , m_effect(effect)
- {}
-
- PolicyDecision(const PolicyDecision &decision)
- : m_isPolicyEffect(decision.m_isPolicyEffect)
- , m_effect(decision.m_effect)
- {}
-
- PolicyDecision(Value)
- : m_isPolicyEffect(false)
- {}
-
- bool operator==(const PolicyDecision &decision) const {
- return (m_isPolicyEffect
- && decision.m_isPolicyEffect
- && m_effect == decision.m_effect)
- || (!m_isPolicyEffect && !decision.m_isPolicyEffect);
- }
-
- bool operator==(Value) const {
- return !m_isPolicyEffect;
- }
-
- bool operator!=(const PolicyDecision &decision) const {
- return !(*this == decision);
- }
-
- bool operator!=(Value value) const {
- return !(*this == value);
- }
-
- OptionalPolicyEffect getEffect() const
- {
- if (!m_isPolicyEffect) {
- return OptionalPolicyEffect();
- }
- return OptionalPolicyEffect(m_effect);
- }
-
- std::ostream & toStream(std::ostream& stream) {
- if (m_isPolicyEffect)
- stream << m_effect;
- else
- stream << "NOT-APPLICABLE";
- return stream;
- }
-
-private:
- bool m_isPolicyEffect;
- PolicyEffect m_effect;
-};
-
-inline static bool operator==(PolicyEffect e, const PolicyDecision &d) {
- return d.operator==(e);
-}
-
-inline static bool operator!=(PolicyEffect e, const PolicyDecision &d) {
- return !(e == d);
-}
-
-inline static std::ostream & operator<<(std::ostream& stream,
- PolicyDecision decision)
-{
- return decision.toStream(stream);
-}
-
-class PolicyResult {
-public:
- enum Value { UNDETERMINED = -2 };
-
- // This constructor is required by dpl controller and by dpl optional
- PolicyResult()
- : m_isDecision(false)
- , m_decision(PolicyDecision::Value::NOT_APPLICABLE) // don't care
- {}
-
- PolicyResult(PolicyEffect effect)
- : m_isDecision(true)
- , m_decision(effect)
- {}
-
- PolicyResult(const PolicyDecision &decision)
- : m_isDecision(true)
- , m_decision(decision)
- {}
-
- PolicyResult(const PolicyResult &result)
- : m_isDecision(result.m_isDecision)
- , m_decision(result.m_decision)
- {}
-
- PolicyResult(PolicyDecision::Value value)
- : m_isDecision(true)
- , m_decision(value)
- {}
-
- PolicyResult(Value)
- : m_isDecision(false)
- , m_decision(PolicyDecision::Value::NOT_APPLICABLE) // don't care
- {}
-
- bool operator==(const PolicyResult &result) const {
- return (m_isDecision
- && result.m_isDecision
- && m_decision == result.m_decision)
- || (!m_isDecision && !result.m_isDecision);
- }
-
- bool operator==(Value) const {
- return !m_isDecision;
- }
-
- bool operator!=(const PolicyResult &result) const {
- return !(*this == result);
- }
-
- bool operator!=(Value value) const {
- return !(*this == value);
- }
-
- OptionalPolicyEffect getEffect() const
- {
- if (!m_isDecision) {
- return OptionalPolicyEffect();
- }
- return m_decision.getEffect();
- }
-
- static int serialize(const PolicyResult &policyResult)
- {
- if (!policyResult.m_isDecision) {
- return BD_UNDETERMINED;
- } else if (policyResult.m_decision ==
- PolicyDecision::Value::NOT_APPLICABLE)
- {
- return BD_NOT_APPLICABLE;
- } else if (policyResult.m_decision == PolicyEffect::PROMPT_BLANKET) {
- return BD_PROMPT_BLANKET;
- } else if (policyResult.m_decision == PolicyEffect::PROMPT_SESSION) {
- return BD_PROMPT_SESSION;
- } else if (policyResult.m_decision == PolicyEffect::PROMPT_ONESHOT) {
- return BD_PROMPT_ONESHOT;
- } else if (policyResult.m_decision == PolicyEffect::PERMIT) {
- return BD_PERMIT;
- } else if (policyResult.m_decision == PolicyEffect::DENY) {
- return BD_DENY;
- }
- Assert(false && "Unknown value of policyResult.");
- }
-
- static PolicyResult deserialize(int dec){
- switch (dec) {
- case BD_DENY:
- return PolicyEffect::DENY;
- case BD_PERMIT:
- return PolicyEffect::PERMIT;
- case BD_PROMPT_ONESHOT:
- return PolicyEffect::PROMPT_ONESHOT;
- case BD_PROMPT_SESSION:
- return PolicyEffect::PROMPT_SESSION;
- case BD_PROMPT_BLANKET:
- return PolicyEffect::PROMPT_BLANKET;
- case BD_NOT_APPLICABLE:
- return PolicyDecision::Value::NOT_APPLICABLE;
- case BD_UNDETERMINED:
- return Value::UNDETERMINED;
- }
- Assert(false && "Broken database");
- }
-
- std::ostream & toStream(std::ostream& stream) {
- if (m_isDecision)
- stream << m_decision;
- else
- stream << "UNDETERMINED";
- return stream;
- }
-
-private:
- static const int BD_UNDETERMINED = 6;
- static const int BD_NOT_APPLICABLE = 5;
- static const int BD_PROMPT_BLANKET = 4;
- static const int BD_PROMPT_SESSION = 3;
- static const int BD_PROMPT_ONESHOT = 2;
- static const int BD_PERMIT = 1;
- static const int BD_DENY = 0;
-
- bool m_isDecision;
- PolicyDecision m_decision;
-};
-
-inline static bool operator==(const PolicyDecision &d, const PolicyResult &r) {
- return r == d;
-}
-
-inline static bool operator!=(const PolicyDecision &d, const PolicyResult &r) {
- return !(d == r);
-}
-
-inline static bool operator==(const PolicyEffect &e, const PolicyResult &r) {
- return e == r;
-}
-
-inline static bool operator!=(const PolicyEffect &e, const PolicyResult &r) {
- return !(e == r);
-}
-
-inline static std::ostream & operator<<(std::ostream& stream,
- PolicyResult result)
-{
- return result.toStream(stream);
-}
-
-struct ExtendedPolicyResult {
- ExtendedPolicyResult(const PolicyResult pr = PolicyEffect::DENY, int rule = -1)
- : policyResult(pr)
- , ruleId(rule)
- {}
- PolicyResult policyResult;
- int ruleId;
-};
-
-typedef DPL::Optional<ExtendedPolicyResult> OptionalExtendedPolicyResult;
-
-#endif // _SRC_ACCESS_CONTROL_COMMON_POLICY_RESULT_H_
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-//
-//
-//
-// @ Project : Access Control Engine
-// @ File Name : PolicySet.h
-// @ Date : 2009-05-06
-// @ Author : Samsung
-//
-//
-
-#if !defined(_POLICYSET_H)
-#define _POLICYSET_H
-
-#include "Policy.h"
-#include <iostream>
-
-class PolicySet : public Policy
-{
- public:
-
- //TODO Clean this class
- //PolicySet(CombineAlgorithm algorithm, std::list<Attribute> * targetAttr,const std::string & subjectId)
- // : Policy(algorithm,targetAttr,subjectId)
- // {}
- PolicySet()
- {
- }
- ~PolicySet()
- {
- }
-};
-
-#endif //_POLICYSET_H
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-//
-//
-//
-// @ Project : Access Control Engine
-// @ File Name : Preference.h
-// @ Date : 2009-05-2
-// @ Author : Samsung
-//
-//
-
-#ifndef _Preference_H_
-#define _Preference_H_
-
-#include <map>
-#include <string>
-
-#include <ace-dao-ro/PreferenceTypes.h>
-
-typedef AceDB::PreferenceTypes Preference;
-typedef AceDB::PreferenceTypesMap PreferenceMap;
-
-#endif //_Preference_H
-
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#ifndef _SRC_ACCESS_CONTROL_COMMON_PROMPT_DECISION_H_
-#define _SRC_ACCESS_CONTROL_COMMON_PROMPT_DECISION_H_
-
-#include <dpl/optional.h>
-#include <dpl/optional_typedefs.h>
-
-enum class PromptDecision {
- ALLOW_ALWAYS,
- DENY_ALWAYS,
- ALLOW_THIS_TIME,
- DENY_THIS_TIME,
- ALLOW_FOR_SESSION,
- DENY_FOR_SESSION
-};
-
-typedef DPL::Optional<PromptDecision> OptionalPromptDecision;
-
-struct CachedPromptDecision {
- PromptDecision decision;
- DPL::OptionalString session;
-};
-
-typedef DPL::Optional<CachedPromptDecision> OptionalCachedPromptDecision;
-
-#endif // _SRC_ACCESS_CONTROL_COMMON_PROMPT_DECISION_H_
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-//
-//
-//
-// @ Project : Access Control Engine
-// @ File Name : Request.h
-// @ Date : 2009-05-06
-// @ Author : Samsung
-//
-//
-
-#ifndef _REQUEST_H_
-#define _REQUEST_H_
-
-#include <set>
-#include <string>
-#include <vector>
-
-#include <ace-dao-ro/IRequest.h>
-#include <ace/WRT_INTERFACE.h>
-
-class Request : public AceDB::IRequest
-{
- public:
- typedef std::string DeviceCapability;
- typedef std::set<DeviceCapability> DeviceCapabilitySet;
-
- enum ApplicationType {
- APP_TYPE_TIZEN,
- APP_TYPE_WAC20,
- APP_TYPE_UNKNOWN
- };
-
- Request(WidgetHandle widgetHandle,
- WidgetExecutionPhase phase,
- IFunctionParam *functionParam = 0)
- : m_widgetHandle(widgetHandle)
- , m_phase(phase)
- , m_functionParam(functionParam)
- , m_appType(APP_TYPE_UNKNOWN)
- {}
-
- WidgetHandle getWidgetHandle() const
- {
- return m_widgetHandle;
- }
-
- WidgetExecutionPhase getExecutionPhase() const
- {
- return m_phase;
- }
-
- IFunctionParam *getFunctionParam() const
- {
- return m_functionParam;
- }
-
- void addDeviceCapability(const std::string& device)
- {
- m_devcapSet.insert(device);
- }
-
- DeviceCapabilitySet getDeviceCapabilitySet() const
- {
- return m_devcapSet;
- }
-
- void setAppType(ApplicationType appType)
- {
- m_appType = appType;
- }
-
- ApplicationType getAppType() const
- {
- return m_appType;
- }
-
- private:
- WidgetHandle m_widgetHandle;
- WidgetExecutionPhase m_phase;
- //! \brief list of function param (only for intercept)
- IFunctionParam *m_functionParam;
- //! \brief Set of defice capabilities
- DeviceCapabilitySet m_devcapSet;
- ApplicationType m_appType;
-};
-
-typedef std::vector <Request> Requests;
-
-#endif //_REQUEST_H_
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-//
-//
-//
-// @ Project : Access Control Engine
-// @ File Name : Rule.h
-// @ Date : 2009-05-06
-// @ Author : Samsung
-//
-//
-
-#if !defined(_RULE_H)
-#define _RULE_H
-
-#include "Attribute.h"
-#include "Effect.h"
-#include "Condition.h"
-#include <dpl/assert.h>
-
-class Rule : public AbstractTreeElement
-{
- public:
-
- ExtendedEffect evaluateRule(const AttributeSet * attrSet) const;
-
- Rule()
- : effect(Inapplicable)
- {
- //TODO we should set it to deny or smth, not inapplicable
- }
-
- void setEffect(ExtendedEffect effect)
- {
- //We should not allow to set "Inapplicable" effect.
- //Rules cannot have effect that is inapplicable, evaluation of the rules may however
- //render the effect inapplicable.
- Assert(effect.getEffect() != Inapplicable);
- this->effect = effect;
- }
- void setCondition(Condition condition)
- {
- this->condition = condition;
- }
- void getAttributes(AttributeSet * attrSet)
- {
- condition.getAttributes(attrSet);
- }
-
- //DEBUG methods
- std::string printEffect(const ExtendedEffect &effect) const;
- void printData();
-
- private:
-
- ExtendedEffect effect;
- Condition condition;
-};
-
-#endif //_RULE_H
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/**
- *
- *
- * @file SettingsLogic.h
- * @author Tomasz Swierczek (t.swierczek@samsung.com)
- * @version 0.1
- * @brief Header file for class getting/setting user/global ACE settings
- */
-
-#ifndef WRT_SRC_ACCESS_CONTROL_LOGIC_SETTINGS_LOGIC_H_
-#define WRT_SRC_ACCESS_CONTROL_LOGIC_SETTINGS_LOGIC_H_
-
-#include <set>
-#include <list>
-#include <map>
-#include <string>
-#include <ace-dao-ro/PreferenceTypes.h>
-#include <ace/Request.h>
-#include <ace/PermissionTriple.h>
-#include <ace-dao-rw/AceDAO.h>
-#include <ace-dao-ro/common_dao_types.h>
-
-class SettingsLogic
-{
- public:
- class Exception
- {
- public:
- DECLARE_EXCEPTION_TYPE(DPL::Exception, Base)
- DECLARE_EXCEPTION_TYPE(Base, DatabaseError)
- };
-
- // global settings
- static AceDB::PreferenceTypes findGlobalUserSettings(
- const std::string &resource,
- WidgetHandle handler);
-
- static AceDB::PreferenceTypes findGlobalUserSettings(
- const Request &request);
-
- // resource settings
- static AceDB::PreferenceTypes getDevCapSetting(
- const std::string &request);
- static void getDevCapSettings(AceDB::PreferenceTypesMap *preferences);
- static void setDevCapSetting(const std::string &resource,
- AceDB::PreferenceTypes preference);
- static void setAllDevCapSettings(
- const std::list<std::pair<const std::string *,
- AceDB::PreferenceTypes> > &resourcesList);
- static void removeDevCapSetting(const std::string &resource);
- static void updateDevCapSetting(const std::string &resource,
- AceDB::PreferenceTypes p);
-
- // user settings
- static AceDB::PreferenceTypes getWidgetDevCapSetting(
- const std::string &resource,
- WidgetHandle handler);
- static void getWidgetDevCapSettings(PermissionList *permissions);
- static void setWidgetDevCapSetting(const std::string &resource,
- WidgetHandle handler,
- AceDB::PreferenceTypes preference);
- static void setWidgetDevCapSettings(const PermissionList &tripleList);
- static void removeWidgetDevCapSetting(const std::string &resource,
- WidgetHandle handler);
-
- private:
- SettingsLogic()
- {
- }
-
-};
-
-#endif /* WRT_SRC_ACCESS_CONTROL_LOGIC_SETTINGS_LOGIC_H_ */
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-//
-// File: Subject.h
-// Author: notroot
-//
-// Created on June 2, 2009, 8:47 AM
-//
-
-#ifndef _SUBJECT_H
-#define _SUBJECT_H
-
-#include <set>
-#include <list>
-#include <iostream>
-#include <dpl/assert.h>
-#include <dpl/noncopyable.h>
-
-#include "Attribute.h"
-
-class Subject : DPL::Noncopyable
-{
- std::string subjectId;
- std::list<Attribute> targetAttributes;
-
- public:
- Subject()
- {}
-
- const std::list<Attribute>& getTargetAttributes() const;
-
- void setSubjectId(const std::string & subjectId)
- {
- this->subjectId = subjectId;
- }
-
- //TODO maybe we should remove that becuase this causes a memory leak right now!! [CR] maybe thats true, maybe whe can remove this fun
- // KW void setTargetAttributes(std::list<Attribute> * targetAttributes){ this->targetAttributes = targetAttributes; }
-
- const std::string & getSubjectId() const
- {
- return this->subjectId;
- }
-
- void addNewAttribute(Attribute & attr)
- {
- this->targetAttributes.push_back(attr);
- }
-
- //TODO in 1.0 change to true/false/undetermined
- bool matchSubject(const AttributeSet *attrSet,
- bool &isUndetermined) const;
-
- ~Subject()
- {}
-};
-
-#endif /* _SUBJECT_H */
-
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-#ifndef _TEST_TIMER_H
-#define _TEST_TIMER_H
-
-#include <time.h>
-
-class TestTimer
-{
- time_t startt, endt;
-
- public:
- void start()
- {
- time(&startt);
- }
- void stop()
- {
- time(&endt);
- }
- double getTime()
- {
- return difftime(endt, startt);
- }
-};
-
-#endif //_TEST_TIMER_H
-
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-//
-//
-//
-// @ Project : Access Control Engine
-// @ File Name : TreeNode.h
-// @ Date : 2009-05-06
-// @ Author : Samsung
-//
-//
-
-#ifndef _TREE_NODE_H
-#define _TREE_NODE_H
-
-#include <iostream>
-#include <list>
-
-#include <ace/AbstractTreeElement.h>
-
-class TreeNode;
-
-typedef std::list<TreeNode *> ChildrenSet;
-typedef std::list<TreeNode *>::iterator ChildrenIterator;
-typedef std::list<TreeNode *>::const_iterator ChildrenConstIterator;
-
-class TreeNode
-{
- public:
- //TODO nazwac pozadnie TYPY - moze jakas konwencja ... ??!!
- enum TypeID { Policy =0, PolicySet=1, Rule=2};
-
- const ChildrenSet & getChildrenSet() const
- {
- return children;
- }
-
- TreeNode * getParent() const
- {
- return this->parent;
- }
-
- void setParent(TreeNode *parent)
- {
- this->parent = parent;
- }
-
- TypeID getTypeID() const
- {
- return this->typeID;
- }
-
- void addChild(TreeNode *child)
- {
- child->setParent(this);
- children.push_back(child);
- }
-
- /**
- * Clone the node
- */
- // KW TreeNode * clone() { return new TreeNode(NULL,this->getTypeID(),this->getElement()); }
-
- TreeNode(TreeNode * parent,
- TypeID type,
- AbstractTreeElement * element) :
- parent(parent),
- typeID(type),
- element(element)
- {
- }
-
- AbstractTreeElement * getElement() const
- {
- return element;
- }
-
- private:
- virtual ~TreeNode();
-
- public:
- /*
- * It is common that we create a copy of tree structure created out of xml file. However we don't want to
- * copy abstract elements ( Policies and Rules ) because we need them only for reading. We want to modify the
- * tree structure though. Therefore we copy TreeNode. When the copy of the original tree is being destroyed method
- * releaseTheSubtree should be called on "root". It automatically traverse the tree and call TreeNode destructors for
- * each TreeNode in the tree. It doesn't remove the abstract elements in the tree ( there is always at most one abstract
- * element instance, when tree is copied it is a shallow copy.
- * When we want to completely get rid of the the tree and abstract elements we have to call releaseResources on tree root.
- * We may want to do this for instance when we want to serialize the tree to disc. releaseResource method traverses the tree
- * and releses the resources, as well as the TreeNode so NO releaseTheSubtree is required any more
- */
- void releaseResources();
-
- /**
- * Used to delete the copies of tree structure. The original tree structure should be removed with releaseResources method.
- * ReleaseTheSubtree method doesn't delete the abstract elements, only TreeNodes. It traverses the whole tree, so it should be
- * called on behalf of root of the tree
- */
- // KW void releaseTheSubtree();
-
- friend std::ostream & operator<<(std::ostream & out,
- const TreeNode * node);
- // KW void printSubtree();
-
- private:
- // KW TreeNode(const TreeNode& pattern){ (void)pattern; }
-
- std::list<TreeNode *> children;
- TreeNode * parent;
- //TODO standarize ID case
- TypeID typeID;
- AbstractTreeElement * element;
- static int level;
-};
-
-#endif //_TREE_NODE_H
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-//
-//
-//
-// @ Project : Access Control Engine
-// @ File Name : UserDecision.h
-// @ Date : 2009-05-22
-// @ Author : Samsung
-//
-//
-
-#ifndef _USERDECISION_H
-#define _USERDECISION_H
-
-#include <ace/Verdict.h>
-#include <ace-dao-ro/ValidityTypes.h>
-
-typedef AceDB::ValidityTypes Validity;
-
-const char * toString(Validity validity);
-
-#endif //_USERDECISION_H
-
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-//
-//
-//
-// @ Project : Access Control Engine
-// @ File Name : Verdict.h
-// @ Date : 2009-05-2
-// @ Author : Samsung
-//
-//
-
-#ifndef _VERDICT_H
-#define _VERDICT_H
-
-#include <string>
-#include <ace-dao-ro/VerdictTypes.h>
-#include <ace-dao-ro/TimedVerdict.h>
-
-typedef AceDB::VerdictTypes Verdict;
-//typedef AceDB::TimedVerdict TimedVerdict;
-
-const char * toString(Verdict verditct);
-
-#endif //_VERDICT_H
-
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-#ifndef _WRT_INERFACE_4_ACE_EXAMPLE_H_
-#define _WRT_INERFACE_4_ACE_EXAMPLE_H_
-
-#include <list>
-#include <map>
-#include <string>
-
-typedef int WidgetHandle;
-
-class Request;
-
-enum WidgetExecutionPhase
-{
- WidgetExecutionPhase_Unknown = 0,
- WidgetExecutionPhase_WidgetInstall = 1 << 0,
- WidgetExecutionPhase_WidgetInstantiate = 1 << 1,
- WidgetExecutionPhase_WebkitBind = 1 << 2,
- WidgetExecutionPhase_Invoke = 1 << 3
-};
-
-struct RequestContext
-{
- const WidgetHandle Handle;
- WidgetExecutionPhase Phase;
-
- RequestContext(WidgetHandle handle,
- WidgetExecutionPhase phase) :
- Handle(handle),
- Phase(phase)
- {
- }
-};
-
-// Pair of pointer to attribute name and pointer to list of value for
-// this attribute name
-typedef std::pair< const std::string* const, std::list<std::string>* >
-ATTRIBUTE;
-
-/*
- * Each function should return 0 as success and positive value as error
- *
- * Possible return value:
- * 0 - succes
- * 1 - subjectId/resourceId name unknown
- * 2 - unknown attribute name
- * 4 - interface error
- **/
-
-/************** Web Runtime ********************/
-
-class IWebRuntime
-{
- public:
-
- /**
- * gather and set attributes values for specified subjectId
- * and attribute name
- * @param subjectId is a name of subject (widget or internet site URI )
- * @param attributes is a list of pairs(
- * first: pointer to attribute name
- * second: list of values for attribute (std::string) -
- * its a list of string (BONDI requirement), but usually there will
- * be only one string
- * */
- virtual int getAttributesValues(const Request &request,
- std::list<ATTRIBUTE> *attributes) = 0;
-
- /*return current sessionId */
- virtual std::string getSessionId(const Request &request) = 0;
-
- virtual ~IWebRuntime()
- {
- }
-};
-
-/************** Resource Information ********************/
-class IResourceInformation
-{
- public:
- /**
- * gather and set attributes values for specified resourceId
- * and attribute name
- * @param resourceId is a name of subject (widget or internet site URI )
- * @param attributes is a list of pairs(
- * first: pointer to attribute name
- * second: list of values for attribute (std::string) -
- * its a list of string (BONDI requirement), but usually there will
- * be only one string
- * */
- virtual int getAttributesValues(const Request &request,
- std::list<ATTRIBUTE> *attributes) = 0;
-
- virtual ~IResourceInformation()
- {
- }
-};
-
-/************** Operation System ********************/
-class IOperationSystem
-{
- public:
-
- /**
- * gather and set attributes values for specified attribute name
- * @param attributes is a list of pairs(
- * first: pointer to attribute name
- * second: list of values for attribute (std::string) -
- * its a list of string (BONDI requirement), but usually
- * there will be only one string
- * */
- virtual int getAttributesValues(const Request &request,
- std::list<ATTRIBUTE> *attributes) = 0;
-
- virtual ~IOperationSystem()
- {
- }
-};
-
-class IFunctionParam
-{
- public:
- virtual int getAttributesValues(const Request &request,
- std::list<ATTRIBUTE> *attributes) = 0;
- virtual ~IFunctionParam()
- {
- }
-};
-
-#endif //_WRT_INERFACE_4_ACE_EXAMPLE_H_
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-//
-// @ Project : Access Control Engine
-// @ File Name : UserDecision.h
-// @ Date : 2009-05-22
-// @ Author : Samsung
-//
-//
-
-#ifndef _WIDGET_USAGE_H
-#define _WIDGET_USAGE_H
-
-#include <dpl/event/event_support.h>
-
-#include "Request.h"
-#include "AsyncVerdictResultListener.h"
-
-enum UsageValidity
-{
- USAGE_UNKNOWN,
- USAGE_ONCE,
- USAGE_SESSION,
- USAGE_ALWAYS
-};
-
-enum UsageVerdict
-{
- USAGE_VERDICT_PERMIT,
- USAGE_VERDICT_DENY,
- USAGE_VERDICT_INAPPLICABLE,
- USAGE_VERDICT_UNDETERMINED,
- USAGE_VERDICT_UNKNOWN,
- USAGE_VERDICT_ERROR
-};
-//Forward declaration
-class PolicyEvaluator;
-
-class PolicyEvaluatorData
-{
- private:
- Request m_request;
- UsageValidity m_validity;
- UsageVerdict m_verdict;
- AsyncVerdictResultListener *m_listener;
- public:
-
- PolicyEvaluatorData(const Request& request,
- AsyncVerdictResultListener *listener) :
- m_request(request),
- m_validity(USAGE_UNKNOWN),
- m_verdict(USAGE_VERDICT_ERROR),
- m_listener(listener)
- {
- }
-
- // KW UsageValidity getValidity() const {
- // KW return m_validity;
- // KW }
- // KW
- // KW UsageVerdict getVerdict() const {
- // KW return m_verdict;
- // KW }
- // KW
- // KW void setValidity(UsageValidity validity) {
- // KW this->m_validity = validity;
- // KW }
- // KW
- // KW void setVerdict(UsageVerdict verdict) {
- // KW this->m_verdict = verdict;
- // KW }
-
- const Request& getRequest() const
- {
- return m_request;
- }
-
- AsyncVerdictResultListener* getListener() const
- {
- return m_listener;
- }
-};
-
-#endif //_USERDECISION_H
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * This file contain consts for Signing Template and Policy Manager
- * This values will be used to specified and identified algorithms in xml policy documents.
- * Its consistent with BONDI 1.0 released requirements
- *
- * NOTE: This values should be verified when ACF will be updated to the latest version of BONDI requirements
- * This values comes from widget digital signature 1.0 - required version of this doc is very important
- *
- **/
-
-#ifndef ACF_CONSTS_TYPES_H
-#define ACF_CONSTS_TYPES_H
-
-//Digest Algorithms
-extern const char* DIGEST_ALG_SHA256;
-
-//Canonicalization Algorithms
-extern const char* CANONICAL_ALG_C14N;
-
-//Signature Algorithms
-extern const char* SIGNATURE_ALG_RSA_with_SHA256;
-extern const char* SIGNATURE_ALG_DSA_with_SHA1;
-extern const char* SIGNATURE_ALG_ECDSA_with_SHA256;
-
-#endif
-
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-//
-//
-//
-// @ Project : Access Control Engine
-// @ File Name : parser.h
-// @ Date : 2009-05-06
-// @ Author : Samsung
-//
-//
-
-#ifndef _PARSER_H_
-#define _PARSER_H_
-
-//#include "/usr/include/libxml2/libxml/parser.h"
-#include <string>
-#include <libxml/xmlreader.h>
-#include <libxml/c14n.h>
-#include <libxml/xpath.h>
-#include <libxml/xpathInternals.h>
-
-#include "Policy.h"
-#include "PolicySet.h"
-#include "Request.h"
-#include "Rule.h"
-#include "Attribute.h"
-#include "TreeNode.h"
-#include "Subject.h"
-#include "Condition.h"
-#include "Effect.h"
-
-#define whitespaces " \n\t\r"
-
-enum CanonicalizationAlgorithm
-{
- C14N,
- C14NEXCLUSIVE
-};
-
-class Parser
-{
- private:
- RuleId ruleId;
- xmlTextReaderPtr reader;
-
- TreeNode * root;
- TreeNode * currentRoot;
- Subject * currentSubject;
- Condition * currentCondition;
- Attribute * currentAttribute;
- std::string * currentText;
-
- bool processingSignature;
- bool canonicalizeOnce;
-
- void processNode(xmlTextReaderPtr reader);
-
- //Node Handlers
- void endNodeHandler(xmlTextReaderPtr reader);
- void textNodeHandler(xmlTextReaderPtr reader);
- void startNodeHandler(xmlTextReaderPtr reader);
-
- //Node names handlers
- void handleAttr(xmlTextReaderPtr reader);
- void handleRule(xmlTextReaderPtr reader);
- void handleSubject();
- void handleCondition(xmlTextReaderPtr reader);
- void handleSubjectMatch(xmlTextReaderPtr reader);
- void handleMatch(xmlTextReaderPtr reader,
- Attribute::Type);
- void handlePolicy(xmlTextReaderPtr reader,
- TreeNode::TypeID type);
-
- //helpers
- Policy::CombineAlgorithm convertToCombineAlgorithm(xmlChar*);
- ExtendedEffect convertToEffect(xmlChar *effect);
- Attribute::Match convertToMatchFunction(xmlChar * func);
- void consumeCurrentText();
- void consumeCurrentAttribute();
- void consumeSubjectMatch(xmlChar * value = NULL);
- void consumeCurrentSubject();
- void consumeCurrentCondition();
- void trim(std::string *);
- // KW void canonicalize(const char *, const char *, CanonicalizationAlgorithm canonicalizationAlgorithm);
- // KW int extractNodeToFile(xmlTextReaderPtr reader, const char * filename);
-
- static const char *TOKEN_PARAM;
- public:
- Parser();
- ~Parser();
- TreeNode * parse(const std::string& filename, const std::string& schema);
-};
-
-#endif //_PARSER_H
+++ /dev/null
-SQL(
- PRAGMA foreign_keys = ON;
- BEGIN TRANSACTION;
-)
-
-CREATE_TABLE(AcePolicyResult)
- COLUMN_NOT_NULL(decision, INTEGER, check(decision between 0 and 6))
- COLUMN_NOT_NULL(hash, TEXT,)
- COLUMN_NOT_NULL(rule_id, INTEGER)
- TABLE_CONSTRAINTS(
- PRIMARY KEY(hash)
- )
-CREATE_TABLE_END()
-
-CREATE_TABLE(AcePromptDecision)
- COLUMN_NOT_NULL(app_id, INTEGER,)
- COLUMN_NOT_NULL(decision, INTEGER, check(decision between 0 and 5))
- COLUMN(session, TEXT,)
- COLUMN_NOT_NULL(rule_id, INTEGER,)
- TABLE_CONSTRAINTS(
- PRIMARY KEY(app_id,rule_id)
- )
-CREATE_TABLE_END()
-
-CREATE_TABLE(AceAttribute)
- COLUMN_NOT_NULL(attr_id, INTEGER, primary key autoincrement)
- COLUMN_NOT_NULL(name, TEXT,)
- COLUMN_NOT_NULL(type, INTEGER, check(type between 0 and 4))
-
- TABLE_CONSTRAINTS(unique(name,type))
-CREATE_TABLE_END()
-
-CREATE_TABLE(AceSubject)
- COLUMN_NOT_NULL(subject_id, INTEGER, primary key autoincrement)
- COLUMN_NOT_NULL(id_uri, TEXT, unique)
-CREATE_TABLE_END()
-
-CREATE_TABLE(AceDevCap)
- COLUMN_NOT_NULL(resource_id, INTEGER, primary key autoincrement)
- COLUMN_NOT_NULL(id_uri, TEXT, unique)
- COLUMN_NOT_NULL(general_setting,INTEGER, check(general_setting between -1 and 4))
-CREATE_TABLE_END()
-
-CREATE_TABLE(AceWidgetDevCapSetting)
- COLUMN_NOT_NULL(app_id, INTEGER, not null)
- COLUMN_NOT_NULL(resource_id, INTEGER, references AceDevCap(resource_id))
- COLUMN_NOT_NULL(access_value, INTEGER, check(access_value between -1 and 4))
-
- TABLE_CONSTRAINTS(unique(app_id,resource_id))
-CREATE_TABLE_END()
-
-CREATE_TABLE(AceRequestedDevCaps)
- COLUMN_NOT_NULL(app_id, INTEGER, not null)
- COLUMN_NOT_NULL(grant_smack, INTEGER, not null)
- COLUMN_NOT_NULL(dev_cap, TEXT,)
-
- TABLE_CONSTRAINTS(unique(app_id,dev_cap))
-CREATE_TABLE_END()
-
-CREATE_TABLE(AceAcceptedFeature)
- COLUMN_NOT_NULL(app_id, INTEGER, not null)
- COLUMN_NOT_NULL(feature, TEXT, not null)
-
- TABLE_CONSTRAINTS(unique(app_id,feature))
-CREATE_TABLE_END()
-
-CREATE_TABLE(WidgetInfo)
- COLUMN_NOT_NULL(app_id, INTEGER, PRIMARY KEY)
- COLUMN(widget_type, INT, DEFAULT 1)
- COLUMN(widget_id, VARCHAR(256), DEFAULT '')
- COLUMN(widget_version, VARCHAR(256), DEFAULT '')
- COLUMN(author_name, VARCHAR(256), DEFAULT '')
- COLUMN(share_href, VARCHAR(256), DEFAULT '')
-CREATE_TABLE_END()
-
-CREATE_TABLE(WidgetCertificateFingerprint)
- COLUMN_NOT_NULL(app_id, INT,)
- COLUMN_NOT_NULL(owner, INT,)
- COLUMN_NOT_NULL(chainid, INT,)
- COLUMN_NOT_NULL(type, INT,)
- COLUMN(md5_fingerprint, VARCHAR(64),)
- COLUMN(sha1_fingerprint, VARCHAR(64),)
- COLUMN(common_name, VARCHAR(64),)
- TABLE_CONSTRAINTS(
- PRIMARY KEY (app_id, chainid, owner, type)
- FOREIGN KEY (app_id) REFERENCES WidgetInfo (app_id) ON DELETE CASCADE
- )
-CREATE_TABLE_END()
-
-SQL(
- COMMIT;
-)
+++ /dev/null
-DATABASE_START(ace)
-
-#include "ace_db"
-#include "version_db"
-
-DATABASE_END()
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file wrt_db_sql_generator.h
- * @author Bartosz Janiak (b.janiak@samsung.com)
- * @version 1.0
- * @brief Macro definitions for generating the SQL input file from database definition.
- */
-
-//Do not include this file directly! It is used only for SQL code generation.
-
-#include <dpl/db/orm_macros.h>
-
-#include "ace_db_definitions"
+++ /dev/null
-#!/bin/sh
-# Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-CHECKSUM=`cat ${2} ${3} 2>/dev/null | md5sum 2>/dev/null | cut -d\ -f1 2>/dev/null`
-echo "#define DB_CHECKSUM DB_VERSION_${CHECKSUM}" > ${1}
-echo "#define DB_CHECKSUM_STR \"DB_VERSION_${CHECKSUM}\"" >> ${1}
-
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#ifndef ORM_GENERATOR_ACE_H
-#define ORM_GENERATOR_ACE_H
-
-#define ORM_GENERATOR_DATABASE_NAME ace_db_definitions
-#include <dpl/db/orm_generator.h>
-#undef ORM_GENERATOR_DATABASE_NAME
-
-#endif
+++ /dev/null
-SQL(
- BEGIN TRANSACTION;
- CREATE TABLE DB_CHECKSUM (version INT);
- COMMIT;
-)
+++ /dev/null
-ADD_SUBDIRECTORY(src)
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/**
- * @file ace_client.h
- * @author Tomasz Swierczek (t.swierczek@samsung.com)
- * @version 1.0
- * @brief This file contains definitions of AceThinClient API
- */
-#ifndef WRT_ACE_CLIENT_H
-#define WRT_ACE_CLIENT_H
-
-#include <dpl/noncopyable.h>
-#include <dpl/singleton.h>
-#include <dpl/exception.h>
-#include <ace-client/ace_client_types.h>
-
-class WebRuntimeImpl;
-class ResourceInformationImpl;
-class OperationSystemImpl;
-
-namespace AceClient {
-
-class AceThinClientImpl;
-
-class AceThinClient : private DPL::Noncopyable {
- public:
- class Exception
- {
- public:
- DECLARE_EXCEPTION_TYPE(DPL::Exception, Base)
- DECLARE_EXCEPTION_TYPE(Base, AceThinClientException)
- };
-
- bool checkFunctionCall(const AceRequest& ace_request) const;
- AcePreference getWidgetResourcePreference(
- const AceResource& resource,
- const AceWidgetHandle& handle) const;
- AceResourcesPreferences* getGlobalResourcesPreferences() const;
- bool isInitialized() const;
-
- private:
- AceThinClient();
- virtual ~AceThinClient();
-
- AceThinClientImpl* m_impl;
- friend class DPL::Singleton<AceThinClient>;
- WebRuntimeImpl* m_wrt;
- ResourceInformationImpl* m_res;
- OperationSystemImpl* m_sys;
-};
-
-typedef DPL::Singleton<AceThinClient> AceThinClientSingleton;
-
-} // namespace AceClient
-
-#endif // WRT_ACE_CLIENT_H
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/**
- * @file ace_client_helper.h
- * @author Tomasz Swierczek (t.swierczek@samsung.com)
- * @version 1.0
- * @brief This file contains definitions of AceClient helper types and
- * functions.
- */
-#ifndef WRT_ACE_CLIENT_HELPER_H
-#define WRT_ACE_CLIENT_HELPER_H
-
-#include <string>
-#include <vector>
-#include <dpl/foreach.h>
-
-#include <ace-dao-ro/IRequest.h>
-#include <ace-dao-ro/PreferenceTypes.h>
-
-#include "ace_client_types.h"
-
-namespace AceClient {
-
-AcePreference toAcePreference(AceDB::PreferenceTypes preference)
-{
- switch (preference) {
- case AceDB::PreferenceTypes::PREFERENCE_PERMIT: {
- return PREFERENCE_PERMIT; }
- case AceDB::PreferenceTypes::PREFERENCE_DENY: {
- return PREFERENCE_DENY; }
- case AceDB::PreferenceTypes::PREFERENCE_DEFAULT: {
- return PREFERENCE_DEFAULT; }
- case AceDB::PreferenceTypes::PREFERENCE_BLANKET_PROMPT: {
- return PREFERENCE_BLANKET_PROMPT; }
- case AceDB::PreferenceTypes::PREFERENCE_SESSION_PROMPT: {
- return PREFERENCE_SESSION_PROMPT; }
- case AceDB::PreferenceTypes::PREFERENCE_ONE_SHOT_PROMPT: {
- return PREFERENCE_ONE_SHOT_PROMPT; }
- }
- return PREFERENCE_DEFAULT;
-}
-
-typedef std::vector<std::string> AceParamKeys;
-typedef std::vector<std::string> AceParamValues;
-
-class AceFunctionParam
-{
- public:
- virtual ~AceFunctionParam()
- {
- }
-
- void addAttribute(const std::string& key,
- const std::string& value)
- {
- m_paramMap.insert(std::make_pair(key, value));
- }
-
- AceParamKeys getKeys() const
- {
- AceParamKeys out;
- FOREACH (it, m_paramMap) {
- out.push_back(it->first);
- }
- return out;
- }
-
- AceParamValues getValues() const
- {
- AceParamValues out;
- FOREACH (it, m_paramMap) {
- out.push_back(it->second);
- }
- return out;
- }
-
- static std::string aceFunctionParamToken;
-
- private:
- typedef std::multimap<std::string, std::string> ParamMap;
- ParamMap m_paramMap;
-};
-
-typedef std::vector <AceFunctionParam> AceFunctionParams;
-
-class AceBasicRequest : public AceDB::IRequest {
- public:
- AceBasicRequest(const AceSubject& subject,
- const AceResource& resource) :
- m_subject(subject),
- m_resource(resource)
- {
- }
-
- AceBasicRequest(const AceSubject& subject,
- const AceResource& resource,
- const AceFunctionParam& param) :
- m_subject(subject),
- m_resource(resource),
- m_param(param)
- {
- }
- virtual const std::string& getSubjectId() const
- {
- return m_subject;
- }
- virtual const std::string& getResourceId() const
- {
- return m_resource;
- }
- virtual const AceFunctionParam& getFunctionParam() const
- {
- return m_param;
- }
-
- private:
- AceSubject m_subject;
- AceResource m_resource;
- AceFunctionParam m_param;
-};
-
-typedef std::vector <AceBasicRequest> AceBasicRequests;
-
-} // namespace AceClient
-
-#endif // WRT_ACE_CLIENT_HELPER_H
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/**
- * @file ace_client_types.h
- * @author Tomasz Swierczek (t.swierczek@samsung.com)
- * @version 1.0
- * @brief This file contains definitions of AceClient types
- */
-#ifndef WRT_ACE_CLIENT_TYPES_H
-#define WRT_ACE_CLIENT_TYPES_H
-
-#include <string>
-#include <utility>
-#include <map>
-
-namespace AceClient {
-
-typedef int AceWidgetHandle;
-typedef void* AceJobWidgetInstallId;
-
-typedef std::string AceResource;
-typedef std::string AceSubject;
-typedef std::string AceSessionId;
-
-enum AcePreference
-{
- PREFERENCE_PERMIT,
- PREFERENCE_DENY,
- PREFERENCE_DEFAULT,
- PREFERENCE_BLANKET_PROMPT,
- PREFERENCE_SESSION_PROMPT,
- PREFERENCE_ONE_SHOT_PROMPT
-};
-
-typedef std::map<std::string, AcePreference> AceResourcesPreferences;
-typedef std::pair<std::string, AcePreference> AceResurcePreference;
-
-struct AceParam
-{
- const char *name;
- const char *value;
-
- AceParam():
- name(NULL), value(NULL)
- {}
-
- AceParam(const char *name, const char *value):
- name(name), value(value)
- {}
-};
-
-struct AceParamList
-{
- size_t count;
- AceParam* param;
- AceParamList():
- count(0),
- param(NULL)
- {}
-};
-
-struct AceDeviceCap
-{
- size_t devcapsCount;
- const char** devCapNames;
- size_t paramsCount;
- AceParamList* params;
- AceDeviceCap():
- devcapsCount(0),
- devCapNames(NULL),
- paramsCount(0),
- params(NULL)
- {}
-};
-
-struct AceApiFeatures
-{
- size_t count;
- const char** apiFeature;
- AceApiFeatures():
- count(0),
- apiFeature(NULL)
- {}
-};
-
-struct AceRequest
-{
- AceSessionId sessionId;
- AceWidgetHandle widgetHandle;
- AceApiFeatures apiFeatures;
- const char* functionName;
- AceDeviceCap deviceCapabilities;
- AceRequest():
- widgetHandle(0),
- apiFeatures(),
- functionName(NULL),
- deviceCapabilities()
- {}
-};
-
-} // namespace AceClient
-
-#endif // WRT_ACE_CLIENT_TYPES_H
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file ace_api_client.h
- * @author Tomasz Swierczek (t.swierczek@samsung.com)
- * @version 1.0
- * @brief This is C api for Access Control Engine (ACE), client mode
- * (RO part).
- */
-
-#ifndef ACE_API_CLIENT_H
-#define ACE_API_CLIENT_H
-
-#include <ace_api_common.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/*
- * API defined in this header should be used only from one thread. If used
- * otherwise, unexpected behaviour may occur, including segmentation faults and
- * escalation of global warming. Be warned.
- */
-
-// --------------- Initialization and deinitialization -------------------------
-
-/*
- * Function type that must be implemented externally and passed to ACE
- * on initialization. This function must show to the user a popup with
- * information on access request to single device capability. Will be used by
- * implementation of ace_check_access API, when policy requires to display
- * popup.
- *
- * Function must be synchronous and must behave accordingly:
- *
- * Function may return value other than ACE_OK, but it will be treated as
- * denial of access.
- *
- * If returned value is ACE_OK, then 'validation_result' must hold information
- * on whether the access was granted or not.
- *
- * Executed function must display a popup with readable information presented to
- * user, covering 'resource_name' that is to be accessed for 'handle' widget
- * which is requesting the access.
- *
- * In its implementation, after the user answered to displayed question,
- * UI handler must call popup answer validation API (ace_validate_answer)
- * from separate, ace-popup-validation library, with passed 'param_list',
- * 'session_id', 'handle' and given answer as arguments. Validation result
- * returned by ace_validate_answer needs to be returned in 'validation_result'
- * parameter of UI handler.
- *
- * 'popup_type' describes what kind of options should be given to user - i.e.
- * ONESHOT prompt only gives possibility to answer Permit/Deny and returned
- * validity for this prompt must be ONCE. PER_SESSION prompt allows to return
- * validity ONCE or PER_SESSION. BLANKET prompt allows to return any validity,
- * as defined in ace_validity_t.
- *
- * This call must be made from properly SMACK labelled, safe process - otherwise
- * the validation will not occur in security daemon and caller will not be
- * granted access to requested device capability.
- */
-typedef ace_return_t (*ace_popup_handler_func_t)(
- ace_popup_t popup_type,
- const ace_resource_t resource_name,
- const ace_session_id_t session_id,
- const ace_param_list_t* param_list,
- ace_widget_handle_t handle,
- ace_bool_t* validation_result);
-
-/*
- * Initializes ACE for check access API (client mode). Must be called only once.
- * Keep in mind that initializing ACE in client mode disallows usage of API
- * defined in ace_api.h and ace_api_settings.h (RW part).
- *
- * 'handler' must not be NULL, see definition of ace_popup_handler_func_t for
- * more information.
- *
- * Returns error or ACE_OK.
- */
-ace_return_t ace_client_initialize(ace_popup_handler_func_t handler);
-
-/*
- * Deinitializes ACE client for check access API. Can be called only once.
- */
-ace_return_t ace_client_shutdown(void);
-
-// --------------- Check Access API --------------------------------------------
-
-/*
- * Does ACE check with set of device capabilities and function parameters.
- * Checks cache first, if it is non-existent, does full ACE check.
- *
- * Returns error or ACE_OK and information if access was allowed or not
- * (value ACE_TRUE or ACE_FALSE is in 'access' argument, only if returned value
- * is ACE_OK - otherwise, 'access' value is undefined)
- */
-ace_return_t ace_check_access(const ace_request_t* request, ace_bool_t* access);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif // ACE_API_CLIENT_H
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file ace_popup_handler.h
- * @author Tomasz Swierczek (t.swierczek@samsung.com)
- * @version 1.0
- * @brief Private header for access to UI handling function.
- * (RO part).
- */
-
-#ifndef ACE_POPUP_HANDLER_H
-#define ACE_POPUP_HANDLER_H
-
-#include <ace_api_client.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-extern ace_popup_handler_func_t popup_func;
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif // ACE_POPUP_HANDLER_H
+++ /dev/null
-include(FindPkgConfig)
-
-PKG_CHECK_MODULES(ACE_CLIENT_DEPS
- dpl-efl
- dpl-event-efl
- dpl-dbus-efl
- REQUIRED
- )
-
-SET(ACE_CLIENT_DIR
- ${PROJECT_SOURCE_DIR}/ace_client
- )
-
-SET(ACE_CLIENT_SRC_DIR
- ${ACE_CLIENT_DIR}/src
- )
-
-SET(ACE_CLIENT_INCLUDE_DIR
- ${ACE_CLIENT_DIR}/include
- )
-
-SET(ACE_CLIENT_SOURCES
- ${COMMUNICATION_CLIENT_SOURCES}
- ${ACE_CLIENT_SRC_DIR}/ace_client.cpp
- ${ACE_CLIENT_SRC_DIR}/ace_api_client.cpp
- ${PROJECT_SOURCE_DIR}/src/services/ace/logic/attribute_facade.cpp
- ${PROJECT_SOURCE_DIR}/src/services/ace/logic/simple_roaming_agent.cpp
- )
-
-SET(ACE_CLIENT_INCLUDES
- ${COMMUNICATION_CLIENT_INCLUDES}
- ${ACE_CLIENT_DEPS_INCLUDE_DIRS}
- ${ACE_CLIENT_INCLUDE_DIR}
- ${PROJECT_SOURCE_DIR}/ace_common/include
- ${PROJECT_SOURCE_DIR}/src/services/ace
- ${PROJECT_SOURCE_DIR}/src/services/ace/
- ${PROJECT_SOURCE_DIR}/src/services/ace/logic
- ${PROJECT_SOURCE_DIR}/src/services/popup
- ${PROJECT_SOURCE_DIR}/popup_process
- ${PROJECT_SOURCE_DIR}/ace/include
- )
-
-ADD_DEFINITIONS(${ACE_CLIENT_DEPS_CFLAGS})
-ADD_DEFINITIONS(${ACE_CLIENT_CFLAGS_OTHER})
-
-INCLUDE_DIRECTORIES(${ACE_CLIENT_INCLUDES})
-
-ADD_LIBRARY(${TARGET_ACE_CLIENT_LIB} SHARED ${ACE_CLIENT_SOURCES})
-
-SET_TARGET_PROPERTIES(${TARGET_ACE_CLIENT_LIB} PROPERTIES
- SOVERSION ${API_VERSION}
- VERSION ${VERSION})
-
-SET_TARGET_PROPERTIES(${TARGET_ACE_CLIENT_LIB} PROPERTIES
- COMPILE_FLAGS -fPIC)
-
-TARGET_LINK_LIBRARIES(${TARGET_ACE_CLIENT_LIB}
- ${ACE_CLIENT_DEPS_LIBRARIES}
- ${TARGET_ACE_DAO_RO_LIB}
- ${TARGET_ACE_LIB}
- )
-
-INSTALL(TARGETS ${TARGET_ACE_CLIENT_LIB}
- DESTINATION lib)
-
-INSTALL(FILES
-# ${ACE_CLIENT_INCLUDE_DIR}/ace-client/ace_client.h
-# ${ACE_CLIENT_INCLUDE_DIR}/ace-client/ace_client_types.h
- ${ACE_CLIENT_INCLUDE_DIR}/ace_api_client.h
- DESTINATION include/ace-client
- )
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/**
- * @file ace_api_client.cpp
- * @author Tomasz Swierczek (t.swierczek@samsung.com)
- * @version 1.0
- * @brief This file contains implementation of ACE client API
- */
-
-#include <dpl/log/log.h>
-#include <ace_popup_handler.h>
-#include "ace_api_client.h"
-#include "ace-client/ace_client.h"
-
-#include <string>
-#include <vector>
-#include <dpl/dbus/dbus_client.h>
-#include "popup_response_server_api.h"
-#include "security_daemon_dbus_config.h"
-//#include "PromptModel.h"
-
-ace_return_t ace_client_initialize(ace_popup_handler_func_t handler)
-{
- if (!AceClient::AceThinClientSingleton::Instance().isInitialized()) {
- return ACE_INTERNAL_ERROR;
- }
- popup_func = handler;
- // Changed order of checks to make API run with old popup implementation
- // instead of always needing the popup handler to be implemented.
- if (NULL == handler) {
- LogError("NULL argument(s) passed");
- return ACE_INVALID_ARGUMENTS;
- }
- return ACE_OK;
-}
-
-ace_return_t ace_client_shutdown(void)
-{
- popup_func = NULL;
- return ACE_OK;
-}
-
-ace_return_t ace_check_access(const ace_request_t* request, ace_bool_t* access)
-{
- if (NULL == request || NULL == access) {
- LogError("NULL argument(s) passed");
- return ACE_INVALID_ARGUMENTS;
- }
-
- AceClient::AceRequest aceRequest;
- aceRequest.sessionId = request->session_id;
- aceRequest.widgetHandle = request->widget_handle;
-
- aceRequest.apiFeatures.count = request->feature_list.count;
- aceRequest.apiFeatures.apiFeature =
- const_cast<const char**>(request->feature_list.items);
- aceRequest.functionName = NULL; // TODO will be removed
- aceRequest.deviceCapabilities.devcapsCount = request->dev_cap_list.count;
- aceRequest.deviceCapabilities.paramsCount = request->dev_cap_list.count;
-
- char** devCapNames = new char*[request->dev_cap_list.count];
- AceClient::AceParamList* paramList =
- new AceClient::AceParamList[request->dev_cap_list.count];
-
- unsigned int i;
- for (i = 0; i < request->dev_cap_list.count; ++i) {
- devCapNames[i] = request->dev_cap_list.items[i].name;
- paramList[i].count = request->dev_cap_list.items[i].param_list.count;
-
- paramList[i].param = new AceClient::AceParam[
- request->dev_cap_list.items[i].param_list.count];
-
- unsigned int j;
- for (j = 0; j < request->dev_cap_list.items[i].param_list.count; ++j) {
- paramList[i].param[j].name =
- request->dev_cap_list.items[i].param_list.items[j].name;
- paramList[i].param[j].value =
- request->dev_cap_list.items[i].param_list.items[j].value;
-
- }
- }
-
- aceRequest.deviceCapabilities.devCapNames =
- const_cast<const char**>(devCapNames);
- aceRequest.deviceCapabilities.params = paramList;
-
- bool ret = false;
-
- Try {
- ret = AceClient::AceThinClientSingleton::
- Instance().checkFunctionCall(aceRequest);
- *access = ret ? ACE_TRUE : ACE_FALSE;
- } Catch (AceClient::AceThinClient::Exception::AceThinClientException) {
- LogError("Ace client exception");
- delete [] devCapNames;
- for (i = 0; i < request->dev_cap_list.count; ++i) {
- delete [] paramList[i].param;
- }
- delete [] paramList;
- return ACE_INTERNAL_ERROR;
- }
-
- delete [] devCapNames;
- for (i = 0; i < request->dev_cap_list.count; ++i) {
- delete [] paramList[i].param;
- }
- delete [] paramList;
- return ACE_OK;
-}
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/**
- * @file ace_client.cpp
- * @author Tomasz Swierczek (t.swierczek@samsung.com)
- * @version 1.0
- * @brief This file contains implementation of AceThinClient class
- */
-
-#include <memory>
-#include <set>
-#include <map>
-
-#include <dpl/optional.h>
-#include <dpl/string.h>
-#include <dpl/optional_typedefs.h>
-#include <dpl/log/log.h>
-#include <dpl/singleton_safe_impl.h>
-#include <ace-dao-ro/PromptModel.h>
-
-#include <ace_popup_handler.h>
-
-#include "ace_server_api.h"
-#include "popup_response_server_api.h"
-#include "ace-client/ace_client.h"
-#include "ace-client/ace_client_helper.h"
-#include <attribute_facade.h>
-#include <ace/Request.h>
-
-// ACE tests need to use mock implementations
-#ifdef ACE_CLIENT_TESTS
-
-#include "AceDAOReadOnly_mock.h"
-#include "communication_client_mock.h"
-#include "PolicyInformationPoint_mock.h"
-
-#else
-
-#include <ace-dao-ro/AceDAOReadOnly.h>
-#include "SecurityCommunicationClient.h"
-#include <ace/PolicyInformationPoint.h>
-
-#endif // ACE_CLIENT_TESTS
-
-IMPLEMENT_SAFE_SINGLETON(AceClient::AceThinClient)
-
-ace_popup_handler_func_t popup_func = NULL;
-
-namespace AceClient {
-
-namespace {
-// These devcaps actually are not requested in config file, so should be treaded
-// as if were requested (access tags/WARP will block request if desired)
-const std::string DEVCAP_EXTERNAL_NETWORK_ACCESS = "externalNetworkAccess";
-const std::string DEVCAP_XML_HTTP_REQUEST = "XMLHttpRequest";
-} // anonymous
-
-
-std::string AceFunctionParam::aceFunctionParamToken = "param:function";
-
-// popup cache result
-
-enum class AceCachedPromptResult {
- PERMIT,
- DENY,
- ASK_POPUP
-};
-
-// AceThinClient implementation singleton
-class AceThinClientImpl {
- public:
- bool checkFunctionCall(const AceRequest& ace_request);
- AcePreference getWidgetResourcePreference(
- const AceResource& resource,
- const AceWidgetHandle& handle) const;
- AceResourcesPreferences* getGlobalResourcesPreferences() const;
- bool isInitialized() const;
-
- AceThinClientImpl();
- ~AceThinClientImpl();
-
- protected:
- bool containsNetworkDevCap(const AceRequest &ace_request);
- bool checkFeatureList(const AceRequest& ace_request);
- private:
- WebRuntimeImpl* m_wrt;
- ResourceInformationImpl* m_res;
- OperationSystemImpl* m_sys;
- WrtSecurity::Communication::Client *m_communicationClient, *m_popupValidationClient;
-
- AceSubject getSubjectForHandle(AceWidgetHandle handle) const;
- AceCachedPromptResult getCachedPromptResult(
- WidgetHandle widgetHandle,
- int ruleId,
- const AceSessionId& sessionId) const;
- bool askUser(PolicyEffect popupType,
- const AceRequest& ace_request,
- const AceBasicRequest& request);
- // Prompt validation
- bool validatePopupResponse(
- const AceRequest& ace_request,
- const AceBasicRequest& request,
- bool answer = true,
- Prompt::Validity validity = Prompt::Validity::ALWAYS);
- mutable PolicyInformationPoint m_pip;
- DPL::Optional<std::set<DPL::String>> m_grantedDevCaps;
- std::set<std::string> m_acceptedFeatures;
-};
-
-AceThinClientImpl::AceThinClientImpl()
- : m_communicationClient(NULL),
- m_popupValidationClient(NULL),
- m_wrt(new WebRuntimeImpl()),
- m_res(new ResourceInformationImpl()),
- m_sys(new OperationSystemImpl()),
- m_pip(m_wrt, m_res, m_sys)
-{
- AceDB::AceDAOReadOnly::attachToThreadRO();
- Try {
- m_communicationClient = new WrtSecurity::Communication::Client(WrtSecurity::AceServerApi::INTERFACE_NAME());
- m_popupValidationClient = new WrtSecurity::Communication::Client(WrtSecurity::PopupServerApi::INTERFACE_NAME());
- } Catch (WrtSecurity::Communication::Client::Exception::SecurityCommunicationClientException) {
- if(m_communicationClient) delete m_communicationClient;
- if(m_popupValidationClient) delete m_popupValidationClient;
- delete m_wrt;
- delete m_res;
- delete m_sys;
- ReThrowMsg(AceThinClient::Exception::AceThinClientException,
- "Failed to call security daemon");
- }
-}
-
-AceThinClientImpl::~AceThinClientImpl()
-{
- Assert(NULL != m_communicationClient);
- Assert(NULL != m_popupValidationClient);
- delete m_communicationClient;
- delete m_popupValidationClient;
- delete m_wrt;
- delete m_res;
- delete m_sys;
- m_communicationClient = NULL;
- m_popupValidationClient = NULL;
- AceDB::AceDAOReadOnly::detachFromThread();
-
-}
-
-bool AceThinClientImpl::isInitialized() const
-{
- return NULL != m_communicationClient && NULL != m_popupValidationClient;
-}
-
-bool AceThinClientImpl::containsNetworkDevCap(const AceRequest &ace_request)
-{
- AceDeviceCap deviceCap = ace_request.deviceCapabilities;
- for (size_t j=0; j<deviceCap.devcapsCount; ++j) {
- if (!deviceCap.devCapNames[j]) {
- continue;
- }
- if (DEVCAP_XML_HTTP_REQUEST == deviceCap.devCapNames[j]
- || DEVCAP_EXTERNAL_NETWORK_ACCESS == deviceCap.devCapNames[j])
- {
- return true;
- }
- }
- return false;
-}
-
-bool AceThinClientImpl::checkFeatureList(const AceRequest& ace_request)
-{
- for (size_t i=0; i<ace_request.apiFeatures.count; ++i) {
- Assert(ace_request.apiFeatures.apiFeature[i]);
- std::string featureName(ace_request.apiFeatures.apiFeature[i]);
- LogInfo("Api feature: " << featureName);
- if (0 != m_acceptedFeatures.count(featureName)) {
- return true;
- }
- LogInfo("Api-feature was not requested in widget config: " <<
- featureName);
- }
- return false;
-}
-
-bool AceThinClientImpl::checkFunctionCall(const AceRequest& ace_request)
-{
- LogInfo("Enter");
-
- // fill the m_grantedDevCaps, if not yet initialized
- // TODO: This is not so pretty. AceThinClient is not explicitly
- // tied to a widget handle, yet we assume it is always used
- // with the same handle. This will be amended in a future
- // refactoring (already planned).
- if (m_grantedDevCaps.IsNull()) {
- m_grantedDevCaps = std::set<DPL::String>();
- m_acceptedFeatures.clear();
-
- AceDB::FeatureNameVector fvector;
- AceDB::AceDAOReadOnly::getAcceptedFeature(ace_request.widgetHandle, &fvector);
- for(size_t i=0; i<fvector.size(); ++i) {
- m_acceptedFeatures.insert(DPL::ToUTF8String(fvector[i]));
- }
- }
-
- AceSubject subject = getSubjectForHandle(ace_request.widgetHandle);
-
- // Create function params
- const AceDeviceCap& devcaps = ace_request.deviceCapabilities;
-
- LogInfo("Checking against config requested api-features.");
-
- // Network device caps are not connected with api-features.
- // We must pass empty api-feature when network dev cap is set.
- if (!containsNetworkDevCap(ace_request) && !checkFeatureList(ace_request)) {
- return false;
- }
-
- AceFunctionParams functionParams(devcaps.devcapsCount);
- for (size_t i = 0; i < devcaps.devcapsCount; ++i) {
- AceFunctionParam functionParam;
- functionParam.addAttribute(AceFunctionParam::aceFunctionParamToken,
- NULL == ace_request.functionName ?
- "" : ace_request.functionName);
- if (devcaps.paramsCount) {
- Assert(devcaps.params);
- for (size_t j = 0; j < devcaps.params[i].count; ++j) {
- Assert(devcaps.params[i].param &&
- devcaps.params[i].param[j].name &&
- devcaps.params[i].param[j].value);
- functionParam.addAttribute(
- std::string(devcaps.params[i].param[j].name),
- std::string(devcaps.params[i].param[j].value));
- }
- }
- functionParams.push_back(functionParam);
- }
-
- // Convert AceRequest to array of AceBasicRequests
- AceBasicRequests requests;
-
- for (size_t i = 0; i < devcaps.devcapsCount; ++i) {
- // Adding dev cap name here as resource id
- Assert(devcaps.devCapNames[i]);
- LogInfo("Device cap: " << devcaps.devCapNames[i]);
- AceBasicRequest request(subject,
- devcaps.devCapNames[i],
- functionParams[i]);
- requests.push_back(request);
- }
-
- // true means access granted, false - denied
- bool result = true;
-
- FOREACH(it, requests){
- // Getting attributes from ACE DAO
- AceBasicRequest& request = *it;
- AceDB::BaseAttributeSet attributeSet;
- AceDB::AceDAOReadOnly::getAttributes(&attributeSet);
-
- // If true, we need to make popup IPC and ask user for decision
- bool askPopup = false;
- // If true, we need to make IPC to security daemon for policy
- // decision on granting access
- bool askServer = false;
- // If askPopup == true, this is the kind of popup to be opened
- PolicyEffect popupType = PolicyEffect::PROMPT_ONESHOT;
-
- if (attributeSet.empty()) {
- // Treat this case as missed cache - ask security daemon
- LogInfo("Empty attribute set");
- askServer = true;
- } else {
- // Filling attributes with proper values
- FunctionParamImpl params;
- AceParamKeys keys = request.getFunctionParam().getKeys();
- AceParamValues values = request.getFunctionParam().getValues();
- for (size_t i = 0; i < keys.size(); ++i) {
- params.addAttribute(keys[i], values[i]);
- }
- Request req(ace_request.widgetHandle,
- WidgetExecutionPhase_Invoke,
- ¶ms);
- req.addDeviceCapability(request.getResourceId());
-
- m_pip.getAttributesValues(&req, &attributeSet);
-
- // Getting cached policy result
- OptionalExtendedPolicyResult exPolicyResult =
- AceDB::AceDAOReadOnly::getPolicyResult(attributeSet);
-
- if (exPolicyResult.IsNull()) {
- // Missed cache - ask security daemon
- LogInfo("Missed policy result cache");
- askServer = true;
- } else {
- // Cached value found - now interpret it
- LogInfo("Result in cache");
- OptionalPolicyEffect effect = exPolicyResult->policyResult.getEffect();
- if (effect.IsNull()) {
- // PolicyDecision is UNDETERMINED or NOT_APPLICABLE
- result = false;
- break;
- } else if (*effect == PolicyEffect::DENY) {
- // Access denied
- result = false;
- break;
- } else if (*effect == PolicyEffect::PERMIT) {
- // Access granted
- if (m_grantedDevCaps->find(
- DPL::FromASCIIString(request.getResourceId()))
- != m_grantedDevCaps->end())
- {
- continue;
- } else
- askServer = true;
- } else {
- // Check for cached popup response
- LogInfo("Checking cached popup response");
- AceCachedPromptResult promptCached =
- getCachedPromptResult(ace_request.widgetHandle,
- exPolicyResult->ruleId,
- ace_request.sessionId);
- if (promptCached == AceCachedPromptResult::PERMIT) {
- // Granted by previous popup
- LogDebug("Cache found OK");
- if (m_grantedDevCaps->find(
- DPL::FromASCIIString(request.getResourceId()))
- != m_grantedDevCaps->end())
- {
- LogDebug("SMACK given previously");
- continue;
- } else {
- if (*effect != PolicyEffect::PROMPT_BLANKET) {
- // This should not happen.
- LogDebug("This should not happen.");
- result = false;
- break;
- }
- if (!validatePopupResponse(ace_request,
- request)) {
- LogDebug("Daemon has not validated response.");
- result = false;
- break;
- } else {
- // Access granted, move on to next request
- LogDebug("SMACK granted, all OK");
- m_grantedDevCaps->insert(
- DPL::FromASCIIString(
- request.getResourceId()));
- continue;
- }
- }
- }
- if (promptCached == AceCachedPromptResult::DENY) {
- // Access denied by earlier popup
- result = false;
- break;
- }
- if (promptCached == AceCachedPromptResult::ASK_POPUP) {
- askPopup = true;
- popupType = *effect;
- }
- }
- }
- }
-
- if (askServer) {
- // IPC to security daemon
- // here we must check if we have a SMACK permission for
- // the device cap requested
- LogInfo("Asking security daemon");
- int serializedPolicyResult = 0;
- Try {
- m_communicationClient->call(WrtSecurity::AceServerApi::CHECK_ACCESS_METHOD(),
- ace_request.widgetHandle,
- request.getSubjectId(),
- request.getResourceId(),
- request.getFunctionParam().getKeys(),
- request.getFunctionParam().getValues(),
- ace_request.sessionId,
- &serializedPolicyResult);
- } Catch (WrtSecurity::Communication::Client::Exception::SecurityCommunicationClientException) {
- ReThrowMsg(AceThinClient::Exception::AceThinClientException,
- "Failed to call security daemon");
- }
- PolicyResult policyResult = PolicyResult::
- deserialize(serializedPolicyResult);
- OptionalPolicyEffect effect = policyResult.getEffect();
- if (effect.IsNull()) {
- // PolicyDecision is UNDETERMINED or NOT_APPLICABLE
- result = false;
- break;
- }
- if (*effect == PolicyEffect::DENY) {
- // Access denied
- result = false;
- break;
- }
- if (*effect == PolicyEffect::PERMIT) {
- // Access granted, move on to next request
- m_grantedDevCaps->insert(
- DPL::FromASCIIString(request.getResourceId()));
-
- continue;
- }
- // Policy says: ask user - setup popup kind
- popupType = *effect;
- askPopup = true;
- }
-
- if (askPopup) {
- result = askUser(popupType, ace_request, request);
- }
- }
- LogInfo("Result: " << (result ? "GRANTED" : "DENIED"));
- return result;
-}
-
-bool AceThinClientImpl::askUser(PolicyEffect popupType,
- const AceRequest& ace_request,
- const AceBasicRequest& request)
-{
- LogInfo("Asking popup");
- Assert(NULL != popup_func);
-
- const AceFunctionParam& fParam = request.getFunctionParam();
- AceParamKeys keys = fParam.getKeys();
- AceParamValues values = fParam.getValues();
-
- ace_popup_t ace_popup_type;
- ace_resource_t resource = const_cast<ace_session_id_t>(
- request.getResourceId().c_str());
- ace_session_id_t session = const_cast<ace_session_id_t>(
- ace_request.sessionId.c_str());;
- ace_param_list_t parameters;
- ace_widget_handle_t handle = ace_request.widgetHandle;
-
- parameters.count = keys.size();
- parameters.items = new ace_param_t[parameters.count];
- unsigned int i;
- for (i = 0; i < parameters.count; ++i) {
- parameters.items[i].name =
- const_cast<ace_string_t>(keys[i].c_str());
- parameters.items[i].value =
- const_cast<ace_string_t>(values[i].c_str());
- }
-
- switch (popupType) {
- case PolicyEffect::PROMPT_ONESHOT: {
- ace_popup_type = ACE_ONESHOT;
- break; }
- case PolicyEffect::PROMPT_SESSION: {
- ace_popup_type = ACE_SESSION;
- break; }
- case PolicyEffect::PROMPT_BLANKET: {
- ace_popup_type = ACE_BLANKET;
- break; }
- default: {
- LogError("Unknown popup type passed!");
- LogError("Maybe effect isn't a popup?");
- LogError("Effect number is: " << static_cast<int>(popupType));
- Assert(0); }
- }
-
- ace_bool_t answer = ACE_FALSE;
- ace_return_t ret = popup_func(ace_popup_type,
- resource,
- session,
- ¶meters,
- handle,
- &answer);
-
- delete [] parameters.items;
-
- if (ACE_OK != ret) {
- LogError("Error in popup handler");
- return false;
- }
-
- if (ACE_TRUE == answer) {
- m_grantedDevCaps->insert(
- DPL::FromASCIIString(request.getResourceId()));
- return true;
- }
-
- return false;
-}
-
-bool AceThinClientImpl::validatePopupResponse(
- const AceRequest& ace_request,
- const AceBasicRequest& request,
- bool answer,
- Prompt::Validity validity
- )
-{
- bool response = false;
- Try{
- m_popupValidationClient->call(
- WrtSecurity::PopupServerApi::VALIDATION_METHOD(),
- answer,
- static_cast<int>(validity),
- ace_request.widgetHandle,
- request.getSubjectId(),
- request.getResourceId(),
- request.getFunctionParam().getKeys(),
- request.getFunctionParam().getValues(),
- ace_request.sessionId,
- &response);
- } Catch (WrtSecurity::Communication::Client::Exception::SecurityCommunicationClientException) {
- ReThrowMsg(AceThinClient::Exception::AceThinClientException,
- "Failed to call security daemon");
- }
- return response;
-}
-
-AcePreference AceThinClientImpl::getWidgetResourcePreference (
- const AceResource& resource,
- const AceWidgetHandle& handle) const
-{
- return toAcePreference(
- AceDB::AceDAOReadOnly::getWidgetDevCapSetting(resource, handle));
-}
-
-AceResourcesPreferences* AceThinClientImpl::getGlobalResourcesPreferences()
-const
-{
- AceDB::PreferenceTypesMap globalSettingsMap;
- AceResourcesPreferences* acePreferences = new AceResourcesPreferences();
- AceDB::AceDAOReadOnly::getDevCapSettings(&globalSettingsMap);
- FOREACH(it, globalSettingsMap) {
- acePreferences->insert(
- AceResurcePreference((*it).first,
- toAcePreference((*it).second)));
- }
- return acePreferences;
-}
-
-AceSubject AceThinClientImpl::getSubjectForHandle(AceWidgetHandle handle) const
-{
- try
- {
- return AceDB::AceDAOReadOnly::getGUID(handle);
- }
- catch (AceDB::AceDAOReadOnly::Exception::DatabaseError& /*ex*/)
- {
- LogError("Couldn't find GIUD for handle " << handle);
- return "";
- }
-}
-
-AceCachedPromptResult AceThinClientImpl::getCachedPromptResult(
- WidgetHandle widgetHandle,
- int ruleId,
- const AceSessionId& sessionId) const
-{
- OptionalCachedPromptDecision promptDecision =
- AceDB::AceDAOReadOnly::getPromptDecision(
- widgetHandle,
- ruleId);
- if (promptDecision.IsNull()) {
- LogDebug("No cache");
- return AceCachedPromptResult::ASK_POPUP;
- } else {
- // These should not be stored in DB!
- Assert(PromptDecision::ALLOW_THIS_TIME
- != (*promptDecision).decision);
- Assert(PromptDecision::DENY_THIS_TIME
- != (*promptDecision).decision);
- if ((*promptDecision).decision ==
- PromptDecision::ALLOW_ALWAYS) {
- // Access granted via earlier popup
- LogDebug("ALLOW_ALWAYS");
- return AceCachedPromptResult::PERMIT;
- }
- if ((*promptDecision).decision ==
- PromptDecision::DENY_ALWAYS) {
- LogDebug("DENY_ALWAYS");
- // Access denied via earlier popup
- return AceCachedPromptResult::DENY;
- }
- // Only thing left is per session prompts
- if ((*promptDecision).session.IsNull()) {
- LogDebug("NO SESSION");
- return AceCachedPromptResult::ASK_POPUP;
- }
- AceSessionId cachedSessionId = DPL::ToUTF8String(*((*promptDecision).session));
- if ((*promptDecision).decision ==
- PromptDecision::ALLOW_FOR_SESSION) {
- if (cachedSessionId == sessionId) {
- // Access granted for this session.
- LogDebug("SESSION OK, PERMIT");
- return AceCachedPromptResult::PERMIT;
- } else {
- LogDebug("SESSION NOT OK, ASKING");
- return AceCachedPromptResult::ASK_POPUP;
- }
- }
- if ((*promptDecision).decision ==
- PromptDecision::DENY_FOR_SESSION) {
- if (cachedSessionId == sessionId) {
- // Access denied for this session.
- LogDebug("SESSION OK, DENY");
- return AceCachedPromptResult::DENY;
- } else {
- LogDebug("SESSION NOT OK, ASKING");
- return AceCachedPromptResult::ASK_POPUP;
- }
- }
- }
- LogDebug("NO RESULT, ASKING");
- return AceCachedPromptResult::ASK_POPUP;
-}
-
-// AceThinClient
-
-bool AceThinClient::checkFunctionCall(
- const AceRequest& ace_request) const
-{
- return m_impl->checkFunctionCall(ace_request);
-}
-
-AcePreference AceThinClient::getWidgetResourcePreference(
- const AceResource& resource,
- const AceWidgetHandle& handle) const
-{
- return m_impl->getWidgetResourcePreference(
- resource, handle);
-}
-
-AceResourcesPreferences* AceThinClient::getGlobalResourcesPreferences()
-const
-{
- return m_impl->getGlobalResourcesPreferences();
-}
-
-AceThinClient::AceThinClient()
-{
- m_impl = new AceThinClientImpl();
-}
-
-AceThinClient::~AceThinClient()
-{
- Assert(NULL != m_impl);
- delete m_impl;
-}
-
-bool AceThinClient::isInitialized() const
-{
- return NULL != m_impl && m_impl->isInitialized();
-}
-
-
-} // namespace AceClient
+++ /dev/null
-cmake_minimum_required(VERSION 2.6)
-project(ace-thin-client-example)
-
-include(FindPkgConfig)
-
-pkg_check_modules(DEPS
- dpl-efl
- REQUIRED)
-
-pkg_search_module(wrt-ace-client REQUIRED wrt-ace-client)
-
-set(TARGET_NAME "ace-thin-client-example")
-
-set(SRCS
- ace-thin-client-example.cpp)
-
-include_directories(${DEPS_INCLUDE_DIRS})
-include_directories(${wrt-ace-client_INCLUDE_DIRS})
-
-add_definitions("-DDPL_LOGS_ENABLED")
-
-add_executable(${TARGET_NAME} ${SRCS})
-
-target_link_libraries(${TARGET_NAME}
- ${DEPS_LDFLAGS}
- ${wrt-ace-client_LDFLAGS})
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file ace-thin-client-example.cpp
- * @author Tomasz Swierczek (t.swierczek@samsung.com)
- * @version 1.0
- * @brief Example usage of ACE thin client.
- */
-
-#include <ace_client.h>
-
-int main(int argc, char **argv)
-{
- AceClient::AceThinClient& client =
- AceClient::AceThinClientSingleton::Instance();
- client.initialize(); // this fires echo method - see logs
- client.deinitialize();
- return 0;
-}
-
+++ /dev/null
-INSTALL(FILES
- ${PROJECT_SOURCE_DIR}/ace_common/include/ace_api_common.h
- DESTINATION include/ace-common
- )
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file ace_api_common.h
- * @author Tomasz Swierczek (t.swierczek@samsung.com)
- * @version 1.0
- * @brief This is header for basic ACE data types and error codes
- */
-
-#ifndef ACE_API_COMMON_H
-#define ACE_API_COMMON_H
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-// --------------- Boolean type and errors -------------------------------------
-
-/*
- * Order and values of enum constants are part of API
- */
-typedef enum
-{
- ACE_FALSE,
- ACE_TRUE
-} ace_bool_t;
-
-typedef enum
-{
- ACE_OK, // Operation succeeded
- ACE_INVALID_ARGUMENTS, // Invalid input parameters
- ACE_INTERNAL_ERROR, // ACE internal error
- ACE_ACE_UNKNOWN_ERROR // Unexpected operation
-} ace_return_t;
-
-// --------------- Basic types -------------------------------------------------
-
-typedef size_t ace_size_t;
-typedef char* ace_string_t; // NULL-terminated string
-typedef int ace_widget_handle_t;
-typedef char* ace_resource_t;
-typedef char* ace_subject_t;
-typedef char* ace_session_id_t;
-typedef void* ace_private_data_t;
-
-// --------------- Access requests ---------------------------------------------
-
-typedef struct
-{
- ace_size_t count;
- ace_string_t* items;
-} ace_feature_list_t;
-
-typedef struct
-{
- ace_string_t name;
- ace_string_t value;
-} ace_param_t;
-
-typedef struct
-{
- ace_size_t count;
- ace_param_t* items;
-} ace_param_list_t;
-
-typedef struct
-{
- ace_string_t name;
- ace_param_list_t param_list;
-} ace_dev_cap_t;
-
-typedef struct
-{
- ace_size_t count;
- ace_dev_cap_t* items;
-} ace_dev_cap_list_t;
-
-typedef struct
-{
- ace_session_id_t session_id; // DEPRECATED will be removed
- ace_widget_handle_t widget_handle; // DEPRECATED will be removed
- ace_feature_list_t feature_list;
- ace_dev_cap_list_t dev_cap_list;
-} ace_request_t;
-
-// --------------- Popup data types --------------------------------------------
-
-/*
- * Popup types that can be requested to be displayed by ACE
- */
-typedef enum
-{
- ACE_ONESHOT,
- ACE_SESSION,
- ACE_BLANKET
-} ace_popup_t;
-
-/*
- * Validity of answer that can be returned by ACE popup
- */
-typedef enum
-{
- ACE_ONCE,
- ACE_PER_SESSION,
- ACE_ALWAYS
-} ace_validity_t;
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif // ACE_API_COMMON_H
+++ /dev/null
-ADD_SUBDIRECTORY(src)
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file ace_api_setup.h
- * @author Tomasz Swierczek (t.swierczek@samsung.com)
- * @version 1.0
- * @brief This is C api for Access Control Engine (ACE), installer mode
- * (RW part).
- *
- */
-
-#ifndef ACE_API_H
-#define ACE_API_H
-
-#include <ace_api_common.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/*
- * API defined in this header should be used only from one thread. If used
- * otherwise, unexpected behaviour may occur, including segmentation faults and
- * escalation of global warming. Be warned.
- */
-
-// --------------- Initialization and policy update ----------------------------
-
-/*
- * Initializes ACE - connects (RW) to the database. Must be called only once.
- * Returns ACE_OK or error
- */
-ace_return_t ace_install_initialize(void);
-
-/*
- * Deinitializes ACE - deinitialize internal structures, detach DB, etc.
- * Must be called only once.
- * Returns ACE_OK or error
- */
-ace_return_t ace_install_shutdown(void);
-
-/*
- * Updates policy - parses XML files from known locations (reason for no arguments),
- * also clears policy and prompt caches.
- * Returns ACE_OK or error
- */
-ace_return_t ace_update_policy(void);
-
-// --------------- Requested device capabilities API for installer -------------
-
-typedef struct
-{
- ace_string_t device_capability;
- ace_bool_t smack_granted;
-} ace_requested_dev_cap_t;
-
-typedef struct
-{
- ace_size_t count;
- ace_requested_dev_cap_t* items;
-} ace_requested_dev_cap_list_t;
-
-/*
- * Deletes data allocated by ace_get_requested_dev_caps - a helper function
- */
-ace_return_t ace_free_requested_dev_caps(ace_requested_dev_cap_list_t* caps);
-
-/*
- * Returns ACE_OK or error; 'caps' will hold device capabilities information.
- * To free allcated resources in 'caps', use ace_free_requested_dev_caps
- */
-ace_return_t ace_get_requested_dev_caps(ace_widget_handle_t handle,
- ace_requested_dev_cap_list_t* caps);
-
-/*
- * Returns error or ACE_OK
- */
-ace_return_t ace_set_requested_dev_caps(ace_widget_handle_t handle,
- const ace_requested_dev_cap_list_t* caps);
-
-// ---------------- Accepted Api featuresk API for installer ----------------
-
-
-ace_return_t ace_set_accepted_feature(ace_widget_handle_t handle,
- const ace_feature_list_t* flist);
-
-ace_return_t ace_rem_accepted_feature(ace_widget_handle_t handle);
-
-// --------------- Widget data setup for installation --------------------------
-
-typedef enum
-{
- WAC20 = 0,
- Tizen
-} ace_widget_type_t;
-
-struct widget_info {
- ace_widget_type_t type;
- ace_string_t id;
- ace_string_t version;
- ace_string_t author;
- ace_string_t shareHerf;
-};
-
-typedef enum
-{
- AUTHOR,
- DISTRIBUTOR,
- UNKNOWN
-} ace_cert_owner_t;
-
-typedef enum
-{
- ROOT,
- ENDENTITY
-} ace_cert_type_t;
-
-typedef struct certificate_data {
- ace_cert_owner_t owner;
- ace_cert_type_t type;
- int chain_id;
- ace_string_t md5_fp;
- ace_string_t sha1_fp;
- ace_string_t common_name;
-} ace_certificate_data;
-
-/*
- * Register widget info into database.
- * @param cert_data NULL terminated list of widget certificates
- */
-
-ace_return_t ace_register_widget(ace_widget_handle_t handle,
- struct widget_info* info,
- ace_certificate_data* cert_data[]);
-
-ace_return_t ace_unregister_widget(ace_widget_handle_t handle);
-
-ace_return_t ace_is_widget_installed(ace_widget_handle_t handle, bool *installed);
-
-/*
- * Gets widget type in 'type'. Use in installer to determine which policy will be used
- * by ACE for this widget.
- * Returns error or ACE_OK
- */
-ace_return_t ace_get_widget_type(ace_widget_handle_t handle,
- ace_widget_type_t* type);
-
-// --------------- Installation time policy check ------------------------------
-
-typedef enum
-{
- ACE_PERMIT,
- ACE_DENY,
- ACE_PROMPT,
- ACE_UNDEFINED
-} ace_policy_result_t;
-
-/*
- * Gets current policy evaluation for given device capability and given widget.
- * Returns error or ACE_OK
- */
-ace_return_t ace_get_policy_result(const ace_resource_t,
- ace_widget_handle_t handle,
- ace_policy_result_t* result);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif // ACE_API_H
+++ /dev/null
-include(FindPkgConfig)
-
-PKG_CHECK_MODULES(ACE_INSTALL_DEPS
- dpl-efl
- dpl-dbus-efl
- REQUIRED
- )
-
-SET(ACE_INSTALL_DIR
- ${PROJECT_SOURCE_DIR}/ace_install
- )
-
-SET(ACE_INSTALL_SRC_DIR
- ${ACE_INSTALL_DIR}/src
- )
-
-SET(ACE_INSTALL_INCLUDE_DIR
- ${ACE_INSTALL_DIR}/include
- )
-
-SET(ACE_INSTALL_SOURCES
- ${COMMUNICATION_CLIENT_SOURCES}
- ${ACE_INSTALL_SRC_DIR}/ace_api_install.cpp
- )
-
-SET(ACE_INSTALL_INCLUDES
- ${COMMUNICATION_CLIENT_INCLUDES}
- ${ACE_INSTALL_DEPS_INCLUDE_DIRS}
- ${ACE_INSTALL_INCLUDE_DIR}
- ${PROJECT_SOURCE_DIR}/ace_common/include
- ${PROJECT_SOURCE_DIR}/ace/include
- ${PROJECT_SOURCE_DIR}/src/services/ace
- ${PROJECT_SOURCE_DIR}/src/services/ace/dbus/api
- ${PROJECT_SOURCE_DIR}/src/daemon/dbus
- )
-
-ADD_DEFINITIONS(${ACE_INSTALL_DEPS_CFLAGS})
-ADD_DEFINITIONS(${ACE_INSTALL_CFLAGS_OTHER})
-
-INCLUDE_DIRECTORIES(${ACE_INSTALL_INCLUDES})
-
-ADD_LIBRARY(${TARGET_ACE_INSTALL_LIB} SHARED ${ACE_INSTALL_SOURCES})
-
-SET_TARGET_PROPERTIES(${TARGET_ACE_INSTALL_LIB} PROPERTIES
- SOVERSION ${API_VERSION}
- VERSION ${VERSION})
-
-SET_TARGET_PROPERTIES(${TARGET_ACE_INSTALL_LIB} PROPERTIES
- COMPILE_FLAGS -fPIC)
-
-TARGET_LINK_LIBRARIES(${TARGET_ACE_INSTALL_LIB}
- ${ACE_INSTALL_DEPS_LIBRARIES}
- ${TARGET_ACE_DAO_RW_LIB}
- )
-
-INSTALL(TARGETS ${TARGET_ACE_INSTALL_LIB}
- DESTINATION lib)
-
-INSTALL(FILES
- ${ACE_INSTALL_INCLUDE_DIR}/ace_api_install.h
- DESTINATION include/ace-install
- )
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/**
- * @file ace_api_install.cpp
- * @author Tomasz Swierczek (t.swierczek@samsung.com)
- * @version 1.0
- * @brief This file contains implementation ACE installator API
- */
-
-#include <string>
-#include <utility>
-#include <string.h>
-#include <dpl/log/log.h>
-#include <dpl/foreach.h>
-#include <dpl/string.h>
-#include "SecurityCommunicationClient.h"
-#include <ace-dao-rw/AceDAO.h>
-#include "ace_server_api.h"
-
-#include "ace_api_install.h"
-
-static WrtSecurity::Communication::Client *communicationClient = NULL;
-
-// helper functions
-
-static AceDB::AppTypes to_db_app_type(ace_widget_type_t widget_type)
-{
- switch (widget_type) {
- case WAC20:
- return AceDB::AppTypes::WAC20;
- case Tizen:
- return AceDB::AppTypes::Tizen;
- default:
- return AceDB::AppTypes::Unknown;
- }
-}
-
-static ace_widget_type_t to_ace_widget_type(AceDB::AppTypes app_type)
-{
- switch (app_type) {
- case AceDB::AppTypes::WAC20:
- return WAC20;
- case AceDB::AppTypes::Tizen:
- return Tizen;
- default:
- LogError("Invalid app type for widget");
- return WAC20;
- }
-}
-
-ace_return_t ace_install_initialize(void)
-{
- if (NULL != communicationClient) {
- LogError("ace_api_install already initialized");
- return ACE_INTERNAL_ERROR;
- }
- AceDB::AceDAO::attachToThreadRW();
- Try {
- communicationClient = new WrtSecurity::Communication::Client(
- WrtSecurity::AceServerApi::INTERFACE_NAME());
- } Catch (WrtSecurity::Communication::Client::Exception::SecurityCommunicationClientException) {
- LogError("Can't connect to daemon");
- return ACE_INTERNAL_ERROR;
- }
- return ACE_OK;
-}
-
-ace_return_t ace_install_shutdown(void)
-{
- if (NULL == communicationClient) {
- LogError("ace_api_install not initialized");
- return ACE_INTERNAL_ERROR;
- }
- delete communicationClient;
- communicationClient = NULL;
- AceDB::AceDAO::detachFromThread();
- return ACE_OK;
-}
-
-ace_return_t ace_update_policy(void)
-{
- Try {
- communicationClient->call(WrtSecurity::AceServerApi::UPDATE_POLICY_METHOD());
- } Catch (WrtSecurity::Communication::Client::Exception::SecurityCommunicationClientException) {
- LogError("Problem with connection to daemon");
- return ACE_INTERNAL_ERROR;
- }
- return ACE_OK;
-}
-
-ace_return_t ace_free_requested_dev_caps(ace_requested_dev_cap_list_t* caps)
-{
- if (NULL == caps || NULL == caps->items) {
- LogError("Invalid arguments");
- return ACE_INVALID_ARGUMENTS;
- }
- unsigned int i;
- for (i = 0; i < caps->count; ++i) {
- delete [] caps->items[i].device_capability;
- }
- delete [] caps->items;
- return ACE_OK;
-}
-
-ace_return_t ace_get_requested_dev_caps(ace_widget_handle_t handle,
- ace_requested_dev_cap_list_t* caps)
-{
- if (NULL == caps) {
- LogError("Invalid arguments");
- return ACE_INVALID_ARGUMENTS;
- }
- AceDB::RequestedDevCapsMap permissions;
- Try {
- AceDB::AceDAO::getRequestedDevCaps(
- handle, &permissions);
- } Catch(AceDB::AceDAOReadOnly::Exception::DatabaseError) {
- return ACE_INTERNAL_ERROR;
- }
- caps->items = new ace_requested_dev_cap_t[permissions.size()];
- caps->count = permissions.size();
- unsigned int i = 0;
- FOREACH (it, permissions) {
- std::string devCapRequested = DPL::ToUTF8String(it->first);
- caps->items[i].device_capability =
- new char[strlen(devCapRequested.c_str())+1];
- strcpy(caps->items[i].device_capability, devCapRequested.c_str());
- caps->items[i].smack_granted = it->second ? ACE_TRUE : ACE_FALSE;
- ++i;
- }
- return ACE_OK;
-}
-
-ace_return_t ace_set_requested_dev_caps(
- ace_widget_handle_t handle,
- const ace_requested_dev_cap_list_t* caps)
-{
- if (NULL == caps) {
- LogError("Invalid arguments");
- return ACE_INVALID_ARGUMENTS;
- }
- AceDB::RequestedDevCapsMap db_permissions;
- unsigned int i;
- for (i = 0; i < caps->count; ++i) {
- std::string devCap = std::string(caps->items[i].device_capability);
- db_permissions.insert(std::make_pair(DPL::FromUTF8String(devCap),
- caps->items[i].smack_granted == ACE_TRUE));
- }
- Try {
- AceDB::AceDAO::setRequestedDevCaps(
- handle, db_permissions);
- } Catch(AceDB::AceDAOReadOnly::Exception::DatabaseError) {
- return ACE_INTERNAL_ERROR;
- }
- return ACE_OK;
-}
-
-ace_return_t ace_set_accepted_feature(
- ace_widget_handle_t handle,
- const ace_feature_list_t *feature)
-{
- if (NULL == feature) {
- LogError("Invalid argument");
- return ACE_INVALID_ARGUMENTS;
- }
- AceDB::FeatureNameVector fvector;
- ace_size_t i;
- for (i = 0; i < feature->count; ++i) {
- fvector.push_back(
- DPL::FromUTF8String(feature->items[i]));
- }
- Try {
- AceDB::AceDAO::setAcceptedFeature(handle, fvector);
- } Catch(AceDB::AceDAOReadOnly::Exception::DatabaseError) {
- return ACE_INTERNAL_ERROR;
- }
- return ACE_OK;
-}
-
-ace_return_t ace_rem_accepted_feature(
- ace_widget_handle_t handle)
-{
- Try {
- AceDB::AceDAO::removeAcceptedFeature(handle);
- } Catch(AceDB::AceDAOReadOnly::Exception::DatabaseError) {
- return ACE_INTERNAL_ERROR;
- }
- return ACE_OK;
-}
-
-ace_return_t ace_register_widget(ace_widget_handle_t handle,
- struct widget_info *info,
- ace_certificate_data* cert_data[])
-{
- LogDebug("enter");
-
- if (NULL == info || AceDB::AceDAOReadOnly::isWidgetInstalled(handle))
- return ACE_INVALID_ARGUMENTS;
-
- AceDB::WidgetRegisterInfo wri;
- wri.type = to_db_app_type(info->type);
-
- if (info->id)
- wri.widget_id = DPL::FromUTF8String(info->id);
- if (info->version)
- wri.version = DPL::FromUTF8String(info->version);
- if (info->author)
- wri.authorName = DPL::FromUTF8String(info->author);
- if (info->shareHerf)
- wri.shareHref = DPL::FromUTF8String(info->shareHerf);
-
- AceDB::WidgetCertificateDataList dataList;
- if (NULL != cert_data) {
- AceDB::WidgetCertificateData wcd;
- ace_certificate_data* cd;
- int i = 0;
- while (cert_data[i] != NULL)
- {
- cd = cert_data[i++]; //increment
- switch(cd->type) {
- case ROOT:
- wcd.type = AceDB::WidgetCertificateData::Type::ROOT;
- break;
- case ENDENTITY:
- wcd.type = AceDB::WidgetCertificateData::Type::ENDENTITY;
- break;
- }
- switch(cd->owner) {
- case AUTHOR:
- wcd.owner = AceDB::WidgetCertificateData::Owner::AUTHOR;
- break;
- case DISTRIBUTOR:
- wcd.owner = AceDB::WidgetCertificateData::Owner::DISTRIBUTOR;
- break;
- case UNKNOWN: default:
- wcd.owner = AceDB::WidgetCertificateData::Owner::UNKNOWN;
- break;
- }
- wcd.chainId = cd->chain_id;
- if (cd->md5_fp)
- wcd.strMD5Fingerprint = cd->md5_fp;
- if (cd->sha1_fp)
- wcd.strSHA1Fingerprint = cd->sha1_fp;
- if (cd->common_name)
- wcd.strCommonName = DPL::FromUTF8String(cd->common_name);
- dataList.push_back(wcd);
- }
- LogDebug("All data set. Inserting into database.");
- }
-
- Try {
- AceDB::AceDAO::registerWidgetInfo((WidgetHandle)(handle), wri, dataList);
- LogDebug("AceDB entry done");
- } Catch(AceDB::AceDAOReadOnly::Exception::DatabaseError) {
- return ACE_INTERNAL_ERROR;
- }
- return ACE_OK;
-}
-
-ace_return_t ace_unregister_widget(ace_widget_handle_t handle)
-{
- Try {
- AceDB::AceDAO::unregisterWidgetInfo((WidgetHandle)(handle));
- } Catch(AceDB::AceDAOReadOnly::Exception::DatabaseError) {
- return ACE_INTERNAL_ERROR;
- }
- return ACE_OK;
-}
-
-ace_return_t ace_is_widget_installed(ace_widget_handle_t handle, bool *installed)
-{
- Try {
- *installed = AceDB::AceDAO::isWidgetInstalled((WidgetHandle)(handle));
- } Catch(AceDB::AceDAOReadOnly::Exception::DatabaseError) {
- return ACE_INTERNAL_ERROR;
- }
- return ACE_OK;
-}
-
-ace_return_t ace_get_widget_type(ace_widget_handle_t handle,
- ace_widget_type_t* type)
-{
- if (NULL == type) {
- LogError("Invalid arguments");
- return ACE_INVALID_ARGUMENTS;
- }
- Try {
- AceDB::AppTypes db_type = AceDB::AceDAO::getWidgetType(handle);
- *type = to_ace_widget_type(db_type);
- } Catch(AceDB::AceDAOReadOnly::Exception::DatabaseError) {
- return ACE_INTERNAL_ERROR;
- }
- return ACE_OK;
-}
-
-ace_return_t ace_get_policy_result(const ace_resource_t resource,
- ace_widget_handle_t handle,
- ace_policy_result_t* result)
-{
- if (NULL == result) {
- LogError("Invalid arguments");
- return ACE_INVALID_ARGUMENTS;
- }
- int serializedPolicyResult = 0;
- Try {
- std::string resource_str(resource);
- communicationClient->call(WrtSecurity::AceServerApi::CHECK_ACCESS_INSTALL_METHOD(),
- handle,
- resource_str,
- &serializedPolicyResult);
- } Catch (WrtSecurity::Communication::Client::Exception::SecurityCommunicationClientException) {
- LogError("Can't connect to daemon");
- return ACE_INTERNAL_ERROR;
- }
- PolicyResult policyResult = PolicyResult::
- deserialize(serializedPolicyResult);
- OptionalPolicyEffect effect = policyResult.getEffect();
- if (effect.IsNull()) {
- *result = ACE_UNDEFINED;
- } else if (*effect == PolicyEffect::DENY) {
- *result = ACE_DENY;
- } else if (*effect == PolicyEffect::PERMIT) {
- *result = ACE_PERMIT;
- } else if (*effect == PolicyEffect::PROMPT_ONESHOT ||
- *effect == PolicyEffect::PROMPT_BLANKET ||
- *effect == PolicyEffect::PROMPT_SESSION){
- *result = ACE_PROMPT;
- } else {
- *result = ACE_UNDEFINED;
- }
-
- return ACE_OK;
-}
+++ /dev/null
-ADD_SUBDIRECTORY(src)
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file ace_popup_validation_api.h
- * @author Tomasz Swierczek (t.swierczek@samsung.com)
- * @version 1.0
- * @brief This is C api for Access Control Engine (ACE), popup
- * validation library.
- *
- */
-
-#ifndef ACE_API_H
-#define ACE_API_H
-
-#include <ace_api_common.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-// --------------- Initialization and deinitialization -------------------------
-
-/*
- * Initializes the library.
- *
- * Returns error or ACE_OK.
- */
-ace_return_t ace_popup_validation_initialize(void);
-
-/*
- * Deinitializes the library.
- *
- * Returns error or ACE_OK.
- */
-ace_return_t ace_popup_validation_shutdown(void);
-
-// --------------- Popup answer validation API ---------------------------------
-
-/*
- * Validation of popup answer. This API must be called by implementation of
- * UI handler. The call must be made from safe process, specially labelled by
- * SMACK. If returned value is ACE_OK, 'validation_result' holds validation
- * result that needs to be passed by UI handler as validation result. Otherwise
- * value of 'validation_result' is undefined.
- *
- * See header ace_api_client.h for more details on where this function needs to
- * be called and what arguments need to be passed here.
- *
- * Returns error or ACE_OK.
- */
-ace_return_t ace_validate_answer(ace_bool_t answer,
- ace_validity_t validity,
- const ace_resource_t resource_name,
- const ace_session_id_t session_id,
- const ace_param_list_t* param_list,
- ace_widget_handle_t handle,
- ace_bool_t* validation_result);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif // ACE_API_H
+++ /dev/null
-include(FindPkgConfig)
-
-PKG_CHECK_MODULES(ACE_POPUP_VALIDATION_DEPS
- dpl-efl
- dpl-dbus-efl
- REQUIRED
- )
-
-SET(ACE_POPUP_VALIDATION_DIR
- ${PROJECT_SOURCE_DIR}/ace_popup_validation
- )
-
-SET(ACE_POPUP_VALIDATION_SRC_DIR
- ${ACE_POPUP_VALIDATION_DIR}/src
- )
-
-SET(ACE_POPUP_VALIDATION_INCLUDE_DIR
- ${ACE_POPUP_VALIDATION_DIR}/include
- )
-
-SET(ACE_POPUP_VALIDATION_SOURCES
- ${COMMUNICATION_CLIENT_SOURCES}
- ${ACE_POPUP_VALIDATION_SRC_DIR}/ace_api_popup_validation.cpp
- )
-
-SET(ACE_POPUP_VALIDATION_INCLUDES
- ${COMMUNICATION_CLIENT_INCLUDES}
- ${ACE_POPUP_VALIDATION_DEPS_INCLUDE_DIRS}
- ${ACE_POPUP_VALIDATION_INCLUDE_DIR}
- ${PROJECT_SOURCE_DIR}/ace_common/include
- ${PROJECT_SOURCE_DIR}/ace/include
- ${PROJECT_SOURCE_DIR}/src/services/ace/dbus/api
- ${PROJECT_SOURCE_DIR}/src/services/ace
- ${PROJECT_SOURCE_DIR}/src/services/popup/
- ${PROJECT_SOURCE_DIR}/src/daemon/dbus
- )
-
-ADD_DEFINITIONS(${ACE_POPUP_VALIDATION_DEPS_CFLAGS})
-ADD_DEFINITIONS(${ACE_POPUP_VALIDATION_CFLAGS_OTHER})
-
-INCLUDE_DIRECTORIES(${ACE_POPUP_VALIDATION_INCLUDES})
-
-ADD_LIBRARY(${TARGET_ACE_POPUP_VALIDATION_LIB} SHARED ${ACE_POPUP_VALIDATION_SOURCES})
-
-SET_TARGET_PROPERTIES(${TARGET_ACE_POPUP_VALIDATION_LIB} PROPERTIES
- SOVERSION ${API_VERSION}
- VERSION ${VERSION})
-
-SET_TARGET_PROPERTIES(${TARGET_ACE_POPUP_VALIDATION_LIB} PROPERTIES
- COMPILE_FLAGS -fPIC)
-
-TARGET_LINK_LIBRARIES(${TARGET_ACE_POPUP_VALIDATION_LIB}
- ${ACE_POPUP_VALIDATION_DEPS_LIBRARIES} ${ACE_POPUP_VALIDATION_DEPS_LDFLAGS}
- )
-
-INSTALL(TARGETS ${TARGET_ACE_POPUP_VALIDATION_LIB}
- DESTINATION lib)
-
-INSTALL(FILES
- ${ACE_POPUP_VALIDATION_INCLUDE_DIR}/ace_api_popup_validation.h
- DESTINATION include/ace-popup-validation
- )
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/**
- * @file ace_api_popup_validation.cpp
- * @author Tomasz Swierczek (t.swierczek@samsung.com)
- * @version 1.0
- * @brief This file contains implementation of ACE popup validation API.
- */
-
-#include <string>
-#include <vector>
-#include <dpl/log/log.h>
-#include "SecurityCommunicationClient.h"
-#include "popup_response_server_api.h"
-#include "security_daemon_dbus_config.h"
-#include "ace_api_popup_validation.h"
-
-namespace {
-static WrtSecurity::Communication::Client *communicationClient = NULL;
-static const int VALIDITY_ONCE_VALUE = 0;
-static const int VALIDITY_SESSION_VALUE = 1;
-static const int VALIDITY_ALWAYS_VALUE = 1;
-} // anonymous
-
-ace_return_t ace_popup_validation_initialize(void)
-{
- if (NULL != communicationClient) {
- LogError("ace_api_popup_validation already initialized");
- return ACE_INTERNAL_ERROR;
- }
- Try {
- communicationClient = new WrtSecurity::Communication::Client(
- WrtSecurity::PopupServerApi::INTERFACE_NAME());
- } Catch (WrtSecurity::Communication::Client::Exception::SecurityCommunicationClientException) {
- LogError("Can't connect to daemon");
- return ACE_INTERNAL_ERROR;
- }
-
- return ACE_OK;
-}
-
-ace_return_t ace_popup_validation_shutdown(void)
-{
- if (NULL == communicationClient) {
- LogError("ace_api_popup_validation not initialized");
- return ACE_INTERNAL_ERROR;
- }
- delete communicationClient;
- communicationClient = NULL;
-
- return ACE_OK;
-}
-
-ace_return_t ace_validate_answer(ace_bool_t answer,
- ace_validity_t validity,
- const ace_resource_t resource_name,
- const ace_session_id_t session_id,
- const ace_param_list_t* param_list,
- ace_widget_handle_t handle,
- ace_bool_t* validation_result)
-{
- if (NULL == resource_name ||
- NULL == session_id ||
- NULL == param_list ||
- NULL == validation_result)
- {
- LogError("NULL argument(s) passed");
- return ACE_INVALID_ARGUMENTS;
- }
-
- bool dbusAnswer = answer == ACE_TRUE;
- int dbusValidity = 0;
-
- switch (validity) {
- case ACE_ONCE: {
- dbusValidity = VALIDITY_ONCE_VALUE;
- //static_cast<int>(Prompt::Validity::ONCE);
- break; }
- case ACE_SESSION: {
- dbusValidity = VALIDITY_SESSION_VALUE;
- //static_cast<int>(Prompt::Validity::SESSION);
- break; }
- case ACE_ALWAYS: {
- dbusValidity = VALIDITY_ALWAYS_VALUE;
- //static_cast<int>(Prompt::Validity::ALWAYS);
- break; }
- default: {
- LogError("Invalid validity passed");
- return ACE_INVALID_ARGUMENTS; }
- }
-
- std::string subjectId;
- std::string resourceId(resource_name);
- std::string sessionId(session_id);
- std::vector<std::string> keys, values;
- unsigned int i;
- for (i = 0; i < param_list->count; ++i) {
- keys.push_back(std::string(param_list->items[i].name));
- values.push_back(std::string(param_list->items[i].value));
- }
-
- bool response = false;
- Try{
- communicationClient->call(WrtSecurity::PopupServerApi::VALIDATION_METHOD(),
- dbusAnswer,
- dbusValidity,
- handle,
- subjectId,
- resourceId,
- keys,
- values,
- sessionId,
- &response);
- } Catch (WrtSecurity::Communication::Client::Exception::SecurityCommunicationClientException) {
- LogError("Can't call daemon");
- return ACE_INTERNAL_ERROR;
- }
-
- *validation_result = response ? ACE_TRUE : ACE_FALSE;
-
- return ACE_OK;
-}
+++ /dev/null
-ADD_SUBDIRECTORY(src)
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file ace_api_settings.h
- * @author Tomasz Swierczek (t.swierczek@samsung.com)
- * @version 1.0
- * @brief This is header for ACE settings API (RW part).
- */
-
-#ifndef ACE_API_SETTINGS_H
-#define ACE_API_SETTINGS_H
-
-#include <ace_api_common.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/*
- * API defined in this header should be used only from one thread. If used
- * otherwise, unexpected behaviour may occur, including segmentation faults and
- * escalation of global warming. Be warned.
- */
-
-// --------------- Initialization ----------------------------------------------
-
-/*
- * Initializes ACE - connects (RW) to the database. Must be called only once.
- * Returns ACE_OK or error
- */
-ace_return_t ace_settings_initialize(void);
-
-/*
- * Deinitializes ACE - deinitialize internal structures, detach DB, etc.
- * Must be called only once.
- * Returns ACE_OK or error
- */
-ace_return_t ace_settings_shutdown(void);
-
-// --------------- Resource settings API ---------------------------------------
-
-/*
- * Order and values of enum constants are part of API
- */
-typedef enum
-{
- ACE_PREFERENCE_PERMIT,
- ACE_PREFERENCE_DENY,
- ACE_PREFERENCE_DEFAULT, // means: not set
- ACE_PREFERENCE_BLANKET_PROMPT,
- ACE_PREFERENCE_SESSION_PROMPT,
- ACE_PREFERENCE_ONE_SHOT_PROMPT
-} ace_preference_t;
-
-/*
- * Returns error or ACE_OK
- * If return value is ACE_OK, 'prerefence' value is the queried one, otherwise
- * 'preference' value is undefined
- */
-ace_return_t ace_get_widget_resource_preference(ace_widget_handle_t handle,
- const ace_resource_t resource,
- ace_preference_t* preference);
-
-/*
- * Returns error or ACE_OK
- * If return value is ACE_OK, 'prerefence' value is the queried one, otherwise
- * 'preference' value is undefined
- */
-ace_return_t ace_get_global_resource_preference(const ace_resource_t resource,
- ace_preference_t* preference);
-
-/*
- * To reset setting, pass ACE_PREFERENCE_DEFAULT
- * Returns error or ACE_OK
- */
-ace_return_t ace_set_widget_resource_preference(ace_widget_handle_t handle,
- const ace_resource_t resource,
- ace_preference_t preference);
-
-/*
- * To reset setting, pass ACE_PREFERENCE_DEFAULT
- * Returns error or ACE_OK
- */
-ace_return_t ace_set_global_resource_preference(const ace_resource_t resource,
- ace_preference_t preference);
-
-/*
- * Resets per widget resource settings to ACE_PREFERENCE_DEFAULT
- */
-ace_return_t ace_reset_widget_resource_settings(void);
-
-/*
- * Resets global resource settings to ACE_PREFERENCE_DEFAULT
- */
-ace_return_t ace_reset_global_resource_settings(void);
-
-/*
- * After execution, is_privacy_api is ACE_TRUE if resource_name is the name
- * of Privacy API
- */
-ace_return_t ace_is_private_api(const ace_resource_t resource_name,
- ace_bool_t* is_private_api);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif // ACE_API_SETTINGS_H
+++ /dev/null
-include(FindPkgConfig)
-
-PKG_CHECK_MODULES(ACE_SETTINGS_DEPS
- dpl-efl
- REQUIRED
- )
-
-SET(ACE_SETTINGS_DIR
- ${PROJECT_SOURCE_DIR}/ace_settings
- )
-
-SET(ACE_SETTINGS_SRC_DIR
- ${ACE_SETTINGS_DIR}/src
- )
-
-SET(ACE_SETTINGS_INCLUDE_DIR
- ${ACE_SETTINGS_DIR}/include
- )
-
-SET(ACE_SETTINGS_SOURCES
- ${ACE_SETTINGS_SRC_DIR}/ace_api_settings.cpp
- )
-
-SET(ACE_SETTINGS_INCLUDES
- ${ACE_SETTINGS_DEPS_INCLUDE_DIRS}
- ${ACE_SETTINGS_INCLUDE_DIR}
- ${PROJECT_SOURCE_DIR}/ace_common/include
- ${PROJECT_SOURCE_DIR}/ace/include
- )
-
-ADD_DEFINITIONS(${ACE_SETTINGS_DEPS_CFLAGS})
-ADD_DEFINITIONS(${ACE_SETTINGS_CFLAGS_OTHER})
-
-INCLUDE_DIRECTORIES(${ACE_SETTINGS_INCLUDES})
-
-ADD_LIBRARY(${TARGET_ACE_SETTINGS_LIB} SHARED ${ACE_SETTINGS_SOURCES})
-
-SET_TARGET_PROPERTIES(${TARGET_ACE_SETTINGS_LIB} PROPERTIES
- SOVERSION ${API_VERSION}
- VERSION ${VERSION})
-
-SET_TARGET_PROPERTIES(${TARGET_ACE_SETTINGS_LIB} PROPERTIES
- COMPILE_FLAGS -fPIC)
-
-TARGET_LINK_LIBRARIES(${TARGET_ACE_SETTINGS_LIB}
- ${ACE_SETTINGS_DEPS_LIBRARIES}
- ${TARGET_ACE_DAO_RW_LIB}
- )
-
-INSTALL(TARGETS ${TARGET_ACE_SETTINGS_LIB}
- DESTINATION lib)
-
-INSTALL(FILES
- ${ACE_SETTINGS_INCLUDE_DIR}/ace_api_settings.h
- DESTINATION include/ace-settings
- )
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/**
- * @file ace_api_settings.cpp
- * @author Tomasz Swierczek (t.swierczek@samsung.com)
- * @version 1.0
- * @brief This file contains implementation ACE settings API
- */
-
-#include <string>
-#include <dpl/log/log.h>
-#include <ace-dao-rw/AceDAO.h>
-
-#include "ace_api_settings.h"
-
-// helper functions
-static ace_preference_t to_ace_preference(const AceDB::PreferenceTypes& db_preference)
-{
- switch (db_preference) {
- case AceDB::PreferenceTypes::PREFERENCE_BLANKET_PROMPT: {
- return ACE_PREFERENCE_BLANKET_PROMPT; }
- case AceDB::PreferenceTypes::PREFERENCE_DEFAULT: {
- return ACE_PREFERENCE_DEFAULT;}
- case AceDB::PreferenceTypes::PREFERENCE_DENY: {
- return ACE_PREFERENCE_DENY;}
- case AceDB::PreferenceTypes::PREFERENCE_ONE_SHOT_PROMPT: {
- return ACE_PREFERENCE_ONE_SHOT_PROMPT;}
- case AceDB::PreferenceTypes::PREFERENCE_PERMIT: {
- return ACE_PREFERENCE_PERMIT;}
- case AceDB::PreferenceTypes::PREFERENCE_SESSION_PROMPT: {
- return ACE_PREFERENCE_SESSION_PROMPT;}
- default: {
- return ACE_PREFERENCE_DEFAULT;}
- }
-}
-
-
-static AceDB::PreferenceTypes to_ace_db_preference(const ace_preference_t& preference)
-{
- switch (preference) {
- case ACE_PREFERENCE_BLANKET_PROMPT: {
- return AceDB::PreferenceTypes::PREFERENCE_BLANKET_PROMPT; }
- case ACE_PREFERENCE_DEFAULT: {
- return AceDB::PreferenceTypes::PREFERENCE_DEFAULT;}
- case ACE_PREFERENCE_DENY: {
- return AceDB::PreferenceTypes::PREFERENCE_DENY;}
- case ACE_PREFERENCE_ONE_SHOT_PROMPT: {
- return AceDB::PreferenceTypes::PREFERENCE_ONE_SHOT_PROMPT;}
- case ACE_PREFERENCE_PERMIT: {
- return AceDB::PreferenceTypes::PREFERENCE_PERMIT;}
- case ACE_PREFERENCE_SESSION_PROMPT: {
- return AceDB::PreferenceTypes::PREFERENCE_SESSION_PROMPT;}
- default: {
- return AceDB::PreferenceTypes::PREFERENCE_DEFAULT;}
- }
-}
-
-ace_return_t ace_settings_initialize(void)
-{
- AceDB::AceDAO::attachToThreadRW();
- return ACE_OK;
-}
-
-ace_return_t ace_settings_shutdown(void)
-{
- AceDB::AceDAO::detachFromThread();
- return ACE_OK;
-}
-
-ace_return_t ace_get_widget_resource_preference(ace_widget_handle_t handle,
- const ace_resource_t resource,
- ace_preference_t* preference)
-{
- if (NULL == resource || NULL == preference) {
- LogError("NULL argument(s) passed");
- return ACE_INVALID_ARGUMENTS;
- }
- Try {
- std::string resource_str(resource);
- AceDB::PreferenceTypes db_preference =
- AceDB::AceDAO::getWidgetDevCapSetting(resource_str, handle);
- *preference = to_ace_preference(db_preference);
- } Catch(AceDB::AceDAOReadOnly::Exception::DatabaseError) {
- return ACE_INTERNAL_ERROR;
- }
- return ACE_OK;
-}
-
-ace_return_t ace_get_global_resource_preference(const ace_resource_t resource,
- ace_preference_t* preference)
-{
- if (NULL == resource || NULL == preference) {
- LogError("NULL argument(s) passed");
- return ACE_INVALID_ARGUMENTS;
- }
- Try {
- AceDB::PreferenceTypes db_preference =
- AceDB::AceDAO::getDevCapSetting(resource);
- *preference = to_ace_preference(db_preference);
- } Catch(AceDB::AceDAOReadOnly::Exception::DatabaseError) {
- return ACE_INTERNAL_ERROR;
- }
- return ACE_OK;
-}
-
-ace_return_t ace_set_widget_resource_preference(ace_widget_handle_t handle,
- const ace_resource_t resource,
- ace_preference_t preference)
-{
- if (NULL == resource) {
- LogError("NULL argument passed");
- return ACE_INVALID_ARGUMENTS;
- }
- Try {
- AceDB::AceDAO::addResource(resource);
- AceDB::PreferenceTypes db_preference = to_ace_db_preference(preference);
- AceDB::AceDAO::removeWidgetDevCapSetting(resource, handle);
- AceDB::AceDAO::setWidgetDevCapSetting(resource, handle, db_preference);
- } Catch(AceDB::AceDAO::Exception::DatabaseError) {
- return ACE_INTERNAL_ERROR;
- }
- return ACE_OK;
-}
-
-ace_return_t ace_set_global_resource_preference(const ace_resource_t resource,
- ace_preference_t preference)
-{
- if (NULL == resource) {
- LogError("NULL argument passed");
- return ACE_INVALID_ARGUMENTS;
- }
- Try {
- AceDB::AceDAO::addResource(resource);
- AceDB::PreferenceTypes db_preference = to_ace_db_preference(preference);
- AceDB::AceDAO::setDevCapSetting(resource, db_preference);
- } Catch(AceDB::AceDAO::Exception::DatabaseError) {
- return ACE_INTERNAL_ERROR;
- }
- return ACE_OK;
-}
-
-ace_return_t ace_reset_widget_resource_settings()
-{
- Try {
- AceDB::AceDAO::clearWidgetDevCapSettings();
- } Catch(AceDB::AceDAO::Exception::DatabaseError) {
- return ACE_INTERNAL_ERROR;
- }
- return ACE_OK;
-}
-
-ace_return_t ace_reset_global_resource_settings(void)
-{
- Try {
- AceDB::AceDAO::clearDevCapSettings();
- } Catch(AceDB::AceDAO::Exception::DatabaseError) {
- return ACE_INTERNAL_ERROR;
- }
- return ACE_OK;
-}
-
-ace_return_t ace_is_private_api(const ace_resource_t resource_name, ace_bool_t* is_private_api)
-{
- static const char * const private_api[] = {
- "bluetooth.admin",
- "bluetooth.gap",
- "bluetooth.spp",
- "calendar.read",
- "calendar.write",
- "callhistory.read",
- "callhistory.write",
- "contact.read",
- "contact.write",
- "nfc.admin",
- "nfc.common",
- "nfc.cardemulation",
- "nfc.p2p",
- "nfc.tag",
- NULL
- };
-
- *is_private_api = ACE_TRUE;
- for (int i=0; private_api[i]; ++i)
- if (!strcmp(resource_name, private_api[i]))
- return ACE_OK;
-
- *is_private_api = ACE_FALSE;
- return ACE_OK;
-}
-
# @file CMakeLists.txt
# @author Tomasz Swierczek (t.swierczek@samsung.com)
#
-ADD_SUBDIRECTORY(ace)
-ADD_SUBDIRECTORY(ace_client)
-ADD_SUBDIRECTORY(ace_settings)
-ADD_SUBDIRECTORY(ace_install)
-ADD_SUBDIRECTORY(ace_popup_validation)
-ADD_SUBDIRECTORY(communication_client)
-ADD_SUBDIRECTORY(wrt-security)
+
ADD_SUBDIRECTORY(security-server)
-ADD_SUBDIRECTORY(wrt_ocsp)
+++ /dev/null
-# Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# @file CMakeLists.txt
-# @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
-# @author Tomasz Swierczek (t.swierczek@samsung.com)
-# @brief
-#
-
-CONFIGURE_FILE(security-dao-ro.pc.in security-dao-ro.pc @ONLY)
-CONFIGURE_FILE(security-dao-rw.pc.in security-dao-rw.pc @ONLY)
-CONFIGURE_FILE(security.pc.in security.pc @ONLY)
-INSTALL(FILES
- ${CMAKE_BINARY_DIR}/build/ace/security-dao-ro.pc
- ${CMAKE_BINARY_DIR}/build/ace/security-dao-rw.pc
- ${CMAKE_BINARY_DIR}/build/ace/security.pc
- DESTINATION
- lib/pkgconfig
- )
-
+++ /dev/null
-prefix=@CMAKE_INSTALL_PREFIX@
-exec_prefix=${prefix}
-libdir=${prefix}/lib
-includedir=${prefix}/include
-
-Name: ace-dao-ro
-Description: ace-dao-ro
-Version: @VERSION@
-Requires: dpl-efl openssl
-Libs: -lace-dao-ro -L${libdir}
-Cflags: -I${includedir}
+++ /dev/null
-prefix=@CMAKE_INSTALL_PREFIX@
-exec_prefix=${prefix}
-libdir=${prefix}/lib
-includedir=${prefix}/include
-
-Name: aco-dao-rw
-Description: ace-dao-rw
-Version: @VERSION@
-Requires: security-dao-ro
-Libs: -lace-dao-rw -L${libdir}
-Cflags: -I${includedir}
+++ /dev/null
-prefix=@CMAKE_INSTALL_PREFIX@
-exec_prefix=${prefix}
-libdir=${prefix}/lib
-includedir=${prefix}/include
-
-Name: ace
-Description: ace
-Version: @VERSION@
-Requires: dpl-efl openssl
-Libs: -lace -L${libdir}
-Cflags: -I${includedir}
+++ /dev/null
-# Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# @file CMakeLists.txt
-# @author Tomasz Swierczek (t.swierczek@samsung.com)
-# @brief
-#
-
-CONFIGURE_FILE(security-client.pc.in security-client.pc @ONLY)
-INSTALL(FILES
- ${CMAKE_BINARY_DIR}/build/ace_client/security-client.pc
- DESTINATION
- lib/pkgconfig
- )
-
+++ /dev/null
-prefix=@CMAKE_INSTALL_PREFIX@
-exec_prefix=${prefix}
-libdir=${prefix}/lib
-includedir=${prefix}/include
-
-Name: ace-client
-Description: ACE thin client library
-Version: @VERSION@
-Requires: dpl-wrt-dao-ro dpl-efl dpl-event-efl dpl-dbus-efl security-dao-ro
-Libs: -lace-client -L${libdir}
-Cflags: -I${includedir}/ace-client -I${includedir}/ace-common
+++ /dev/null
-# Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# @file CMakeLists.txt
-# @author Tomasz Swierczek (t.swierczek@samsung.com)
-# @brief
-#
-
-CONFIGURE_FILE(security-install.pc.in security-install.pc @ONLY)
-INSTALL(FILES
- ${CMAKE_BINARY_DIR}/build/ace_install/security-install.pc
- DESTINATION
- lib/pkgconfig
- )
-
+++ /dev/null
-prefix=@CMAKE_INSTALL_PREFIX@
-exec_prefix=${prefix}
-libdir=${prefix}/lib
-includedir=${prefix}/include
-
-Name: ace-install
-Description: ACE insall library to be used by installer
-Version: @VERSION@
-Requires: dpl-efl dpl-dbus-efl security-dao-rw
-Libs: -lace-install -L${libdir}
-Cflags: -I${includedir}/ace-install -I${includedir}/ace-common
+++ /dev/null
-# Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# @file CMakeLists.txt
-# @author Tomasz Swierczek (t.swierczek@samsung.com)
-# @brief
-#
-
-CONFIGURE_FILE(security-popup-validation.pc.in security-popup-validation.pc @ONLY)
-INSTALL(FILES
- ${CMAKE_BINARY_DIR}/build/ace_popup_validation/security-popup-validation.pc
- DESTINATION
- lib/pkgconfig
- )
-
+++ /dev/null
-prefix=@CMAKE_INSTALL_PREFIX@
-exec_prefix=${prefix}
-libdir=${prefix}/lib
-includedir=${prefix}/include
-
-Name: ace-popup-validation
-Description: ACE popup validation library
-Version: @VERSION@
-Requires: dpl-efl dpl-dbus-efl
-Libs: -lace-popup-validation -L${libdir}
-Cflags: -I${includedir}/ace-popup-validation -I${includedir}/ace-common
+++ /dev/null
-# Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# @file CMakeLists.txt
-# @author Tomasz Swierczek (t.swierczek@samsung.com)
-# @brief
-#
-
-CONFIGURE_FILE(security-settings.pc.in security-settings.pc @ONLY)
-INSTALL(FILES
- ${CMAKE_BINARY_DIR}/build/ace_settings/security-settings.pc
- DESTINATION
- lib/pkgconfig
- )
-
+++ /dev/null
-prefix=@CMAKE_INSTALL_PREFIX@
-exec_prefix=${prefix}
-libdir=${prefix}/lib
-includedir=${prefix}/include
-
-Name: ace-settings
-Description: ACE settings library
-Version: @VERSION@
-Requires:
-Libs: -lace-settings -lace-dao-rw -L${libdir}
-Cflags: -I${includedir}/ace-settings -I${includedir}/ace-common
+++ /dev/null
-# Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# @file CMakeLists.txt
-# @author Zofia Abramowska (z.abramowska@samsung.com)
-# @brief
-#
-
-CONFIGURE_FILE(security-communication-client.pc.in security-communication-client.pc @ONLY)
-INSTALL(FILES
- ${CMAKE_BINARY_DIR}/build/communication_client/security-communication-client.pc
- DESTINATION
- lib/pkgconfig
- )
-
+++ /dev/null
-prefix=@CMAKE_INSTALL_PREFIX@
-exec_prefix=${prefix}
-libdir=${prefix}/lib
-includedir=${prefix}/include
-
-Name: communication-client
-Description: Security communication client library
-Version: @VERSION@
-Requires: dpl-efl dpl-dbus-efl
-Libs: -lcommunication-client -L${libdir}
-Cflags: -I${includedir}/communication-client
+++ /dev/null
-# Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# @file CMakeLists.txt
-# @author Tomasz Swierczek (t.swierczek@samsung.com)
-#
-CONFIGURE_FILE(security-core.pc.in security-core.pc @ONLY)
-INSTALL(FILES ${CMAKE_BINARY_DIR}/build/wrt-security/security-core.pc DESTINATION lib/pkgconfig)
+++ /dev/null
-prefix=@CMAKE_INSTALL_PREFIX@
-exec_prefix=${prefix}
-libdir=${prefix}/lib
-includedir=${prefix}/include/wrt-security
-
-Name: wrt-security
-Description: wrt-security
-Version: @VERSION@
-Requires: dpl-efl dpl-wrt-dao-rw dpl-dbus-efl
-Libs: -L${libdir} -ldpl-dbus-efl
-Cflags: -I${includedir}
+++ /dev/null
-# Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# @file CMakeLists.txt
-# @author Zofia Abramowska (z.abramowska@samsung.com)
-# @brief
-#
-
-CONFIGURE_FILE(security-wrt-ocsp.pc.in security-wrt-ocsp.pc @ONLY)
-INSTALL(FILES
- ${CMAKE_BINARY_DIR}/build/wrt_ocsp/security-wrt-ocsp.pc
- DESTINATION
- lib/pkgconfig
- )
-
+++ /dev/null
-prefix=@CMAKE_INSTALL_PREFIX@
-exec_prefix=${prefix}
-libdir=${prefix}/lib
-includedir=${prefix}/include
-
-Name: wrt-ocsp
-Description: WRT OCSP library to be used by wrt-client
-Version: @VERSION@
-Requires: dpl-efl dpl-dbus-efl
-Libs: -lwrt-ocsp -L${libdir}
-Cflags: -I${includedir}/wrt-ocsp
+++ /dev/null
-/*
- * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file SecurityCommunicationClient.h
- * @author Zofia Abramowska (z.abramowska@samsung.com)
- * @version 1.0
- * @brief This is header of class used by IPC client with implemented templates
- *
- */
-
-/*
- * This class hides implementation of specific communication types
- * and enables switching between them by #defined macros.
- *
- * supported types : DBUS_CONNECTION
- *
- * IMPORTANT : Exactly ONE type MUST be defined.
- *
- */
-
-#ifndef SECURITYCOMMUNICATIONCLIENT_H_
-#define SECURITYCOMMUNICATIONCLIENT_H_
-
-#include <dpl/dbus/dbus_client.h>
-#include <dpl/log/log.h>
-#include <dpl/scoped_ptr.h>
-#include "SecuritySocketClient.h"
-#include <string>
-#include <memory>
-
-
-namespace WrtSecurity {
-namespace Communication {
-class Client
-{
-public:
- class Exception
- {
- public:
- DECLARE_EXCEPTION_TYPE(DPL::Exception, Base)
- DECLARE_EXCEPTION_TYPE(Base, SecurityCommunicationClientException)
- };
-
- explicit Client(const std::string &intefaceName);
-
-
-
- template<typename ... Args>
- void call(const char* methodName, const Args& ... args)
- {
-
- connect();
- Try{
- #ifdef DBUS_CONNECTION
- m_dbusClient->call(methodName, args...);
- } Catch (DPL::DBus::Client::Exception::DBusClientException){
- #endif //DBUS_CONNECTION
- #ifdef SOCKET_CONNECTION
- m_socketClient->call(methodName, args...);
- } Catch (SecuritySocketClient::Exception::SecuritySocketClientException){
- #endif //SOCKET_CONNECTION
- LogError("Error getting response");
- disconnect();
- ReThrowMsg(Exception::SecurityCommunicationClientException,
- "Error getting response");
- }
- LogInfo("Call served");
- disconnect();
- }
-
- template<typename ...Args>
- void call(std::string methodName, const Args&... args)
- {
- call(methodName.c_str(), args...);
- }
-
-
-private:
-
- void connect();
- void disconnect();
-
- std::string m_interfaceName;
- #ifdef DBUS_CONNECTION
- std::unique_ptr<DPL::DBus::Client> m_dbusClient;
- #endif
-
- #ifdef SOCKET_CONNECTION
- std::unique_ptr<SecuritySocketClient> m_socketClient;
- #endif
-};
-} // namespace Communication
-} // namespace WrtSecurity
-
-#endif /* SECURITYCOMMUNICATIONCLIENT_H_ */
+++ /dev/null
-/*
- * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file SecurityCommunicationClient.h
- * @author Zofia Abramowska (z.abramowska@samsung.com)
- * @version 1.0
- * @brief This is implementation of class used IPC client
- */
-
-
-#include "SecurityCommunicationClient.h"
-
-#ifdef DBUS_CONNECTION
-#include "security_daemon_dbus_config.h"
-#endif
-
-namespace WrtSecurity{
-namespace Communication{
-
- Client::Client(const std::string& interfaceName){
- #if DBUS_CONNECTION
- LogInfo("DBus create");
- Try {
- m_dbusClient.reset(new DPL::DBus::Client(WrtSecurity::SecurityDaemonConfig::OBJECT_PATH(),
- WrtSecurity::SecurityDaemonConfig::SERVICE_NAME(),
- interfaceName));
- } Catch (DPL::DBus::Client::Exception::DBusClientException) {
- LogError("Error getting connection");
- ReThrowMsg(Exception::SecurityCommunicationClientException,
- "Error getting connection");
- }
- if(NULL == m_dbusClient.get()){
- LogError("Couldn't get client");
- ThrowMsg(Exception::SecurityCommunicationClientException,
- "Error getting client");
- }
- #endif //DBUS_CONNECTION
-
- #ifdef SOCKET_CONNECTION
- m_socketClient.reset(new SecuritySocketClient(interfaceName));
- if(NULL == m_socketClient.get()){
- LogError("Couldn't get client");
- ThrowMsg(Exception::SecurityCommunicationClientException,
- "Error getting client");
- }
- #endif //SOCKET_CONNECTION
- LogInfo("Created communication client");
- }
-
- void Client::connect(){
- #ifdef SOCKET_CONNECTION
- Try {
- m_socketClient->connect();
- } Catch(SecuritySocketClient::Exception::SecuritySocketClientException){
- LogError("Couldn't connect");
- ReThrowMsg(Exception::SecurityCommunicationClientException,
- "Error connecting");
- }
-
- #endif //SOCKET_CONNECTION
- LogInfo("Connected");
- }
-
- void Client::disconnect(){
-
- #ifdef SOCKET_CONNECTION
- m_socketClient->disconnect();
- #endif //SOCKET_CONNECTION
- LogInfo("Disconnected");
- }
-
-
-} // namespace Communication
-
-} // namespace WrtSecurity
-
+++ /dev/null
-
-SET(ETC_DIR ${PROJECT_SOURCE_DIR}/etc)
-
- INSTALL(FILES
- ${ETC_DIR}/wrt_security_create_clean_db.sh
- ${ETC_DIR}/wrt_security_change_policy.sh
- DESTINATION /usr/bin
- )
-
-INSTALL(FILES
- ${ETC_DIR}/schema.xsd
- DESTINATION share/wrt-engine
- )
-
-INSTALL(FILES
- ${ETC_DIR}/fingerprint_list.xsd
- DESTINATION share/wrt-engine/
- )
-
-INSTALL(FILES
- ${ETC_DIR}/fingerprint_list.xml
- DESTINATION share/wrt-engine/
- )
-
-ADD_SUBDIRECTORY(certificates)
+++ /dev/null
-# Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# @file CMakeLists.txt
-# @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
-# @author Yunchan Cho (yunchan.cho@samsung.com)
-# @version 1.0
-# @brief
-#
-
-SET(CERT_DIR ${PROJECT_SOURCE_DIR}/etc/certificates)
-
-INSTALL(FILES
- ${CERT_DIR}/wac.root.preproduction.pem
- ${CERT_DIR}/wac.root.production.pem
- ${CERT_DIR}/wac.publisherid.pem
- ${CERT_DIR}/tizen.root.preproduction.cert.pem
- ${CERT_DIR}/tizen-developer-root-ca.pem
- ${CERT_DIR}/tizen-distributor-root-ca-partner.pem
- ${CERT_DIR}/tizen-distributor-root-ca-public.pem
- DESTINATION /opt/share/cert-svc/certs/code-signing/wac/
- )
+++ /dev/null
------BEGIN CERTIFICATE-----
-MIICVTCCAb6gAwIBAgIETdzAMDANBgkqhkiG9w0BAQUFADBvMQswCQYDVQQGEwJHQjERMA8GA1UE
-CBMITm9ybWFuZHkxDTALBgNVBAcTBENBRU4xDzANBgNVBAoTBk9yYW5nZTETMBEGA1UECxMKT3Jh
-bmdlTGFiczEYMBYGA1UEAxMPT3JhbmdlTGFicyBDQUVOMB4XDTExMDUyNTA4MzkxMloXDTM2MDUx
-ODA4MzkxMlowbzELMAkGA1UEBhMCR0IxETAPBgNVBAgTCE5vcm1hbmR5MQ0wCwYDVQQHEwRDQUVO
-MQ8wDQYDVQQKEwZPcmFuZ2UxEzARBgNVBAsTCk9yYW5nZUxhYnMxGDAWBgNVBAMTD09yYW5nZUxh
-YnMgQ0FFTjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAj9130ZtpXp/679/2pmFldFgjz5tN
-CjLT6CEWC9yketyKgyV1c0DBMcy4PNLdOb0VxhfcNXNYoBylCp6mPj3mWRM5VSet03XA8k6/L0T4
-dYicYGaIojowhzBBfaIXnBDvMQD5kanC5CDd6HtFzQbBkN73NIdGrR/aFqNtC/wopFECAwEAATAN
-BgkqhkiG9w0BAQUFAAOBgQCIjZYXTdsMCpIYENX6UyD/EM+SZBkVvoB2R8ghRZbKHOcr58ZyGvdH
-i/Y0hp5zNN7bUQurEMWtIxF+s3oaYH0x9xwXCd5UEV9Y+dmD1/qlK7lfSlC7mwynHs3bhMEGOJF2
-TlDzZyVYBIT3LQjfq6G18bGHkwU3uTsxZMSgtz5LgQ==
------END CERTIFICATE-----
+++ /dev/null
------BEGIN CERTIFICATE-----
-MIICnzCCAggCCQCn+GGT4zh+BjANBgkqhkiG9w0BAQUFADCBkzELMAkGA1UEBhMC
-S1IxDjAMBgNVBAgMBVN1d29uMQ4wDAYDVQQHDAVTdXdvbjEWMBQGA1UECgwNVGl6
-ZW4gVGVzdCBDQTElMCMGA1UECwwcVGl6ZW4gVGVzdCBEZXZlbG9wZXIgUm9vdCBD
-QTElMCMGA1UEAwwcVGl6ZW4gVGVzdCBEZXZlbG9wZXIgUm9vdCBDQTAeFw0xMjEw
-MjYwOTUwMTNaFw0yMjEwMjQwOTUwMTNaMIGTMQswCQYDVQQGEwJLUjEOMAwGA1UE
-CAwFU3V3b24xDjAMBgNVBAcMBVN1d29uMRYwFAYDVQQKDA1UaXplbiBUZXN0IENB
-MSUwIwYDVQQLDBxUaXplbiBUZXN0IERldmVsb3BlciBSb290IENBMSUwIwYDVQQD
-DBxUaXplbiBUZXN0IERldmVsb3BlciBSb290IENBMIGfMA0GCSqGSIb3DQEBAQUA
-A4GNADCBiQKBgQDWT6ZH5JyGadTUK1QmNwU8j+py4WtuElJE+4/wPFP8/KBmvvmI
-rGVjhUbKXToKIo8N6C/0SLxGEWuRAIoZHhg5JVbw1Ay7smgJJHizDUAqMTmV6LI9
-yTFbBV+OlO2Dir4LVdQ/XDBiqqslr7pqXgsg1V2g7x+tOI/f3dn2kWoVZQIDAQAB
-MA0GCSqGSIb3DQEBBQUAA4GBADGJYMtzUBDK+KKLZQ6zYmrKb+OWLlmEr/t/c2af
-KjTKUtommcz8VeTPqrDBOwxlVPdxlbhisCYzzvwnWeZk1aeptxxU3kdW9N3/wocN
-5nBzgqkkHJnj/ptqjrH2v/m0Z3hBuI4/akHIIfCBF8mUHwqcxYsRdcCIrkgp2Aiv
-bSaM
------END CERTIFICATE-----
+++ /dev/null
------BEGIN CERTIFICATE-----
-MIICozCCAgwCCQD9IBoOxzq2hjANBgkqhkiG9w0BAQUFADCBlTELMAkGA1UEBhMC
-S1IxDjAMBgNVBAgMBVN1d29uMQ4wDAYDVQQHDAVTdXdvbjEWMBQGA1UECgwNVGl6
-ZW4gVGVzdCBDQTEiMCAGA1UECwwZVGl6ZW4gRGlzdHJpYnV0b3IgVGVzdCBDQTEq
-MCgGA1UEAwwhVGl6ZW4gUGFydG5lciBEaXN0cmlidXRvciBSb290IENBMB4XDTEy
-MTAyNjA4MTIzMVoXDTIyMTAyNDA4MTIzMVowgZUxCzAJBgNVBAYTAktSMQ4wDAYD
-VQQIDAVTdXdvbjEOMAwGA1UEBwwFU3V3b24xFjAUBgNVBAoMDVRpemVuIFRlc3Qg
-Q0ExIjAgBgNVBAsMGVRpemVuIERpc3RyaWJ1dG9yIFRlc3QgQ0ExKjAoBgNVBAMM
-IVRpemVuIFBhcnRuZXIgRGlzdHJpYnV0b3IgUm9vdCBDQTCBnzANBgkqhkiG9w0B
-AQEFAAOBjQAwgYkCgYEAnIBA2qQEaMzGalP0kzvwUxdCC6ybSC/fb+M9iGvt8QXp
-ic2yARQB+bIhfbEu1XHwE1jCAGxKd6uT91b4FWr04YwnBPoRX4rBGIYlqo/dg+pS
-rGyFjy7vfr0BOdWp2+WPlTe7SOS6bVauncrSoHxX0spiLaU5LU686BKr7YaABV0C
-AwEAATANBgkqhkiG9w0BAQUFAAOBgQAX0Tcfmxcs1TUPBdr1U1dx/W/6Y4PcAF7n
-DnMrR0ZNRPgeSCiVLax1bkHxcvW74WchdKIb24ZtAsFwyrsmUCRV842YHdfddjo6
-xgUu7B8n7hQeV3EADh6ft/lE8nalzAl9tALTxAmLtYvEYA7thvDoKi1k7bN48izL
-gS9G4WEAUg==
------END CERTIFICATE-----
+++ /dev/null
------BEGIN CERTIFICATE-----
-MIICozCCAgwCCQD9XW6kNg4bbjANBgkqhkiG9w0BAQUFADCBlTELMAkGA1UEBhMC
-S1IxDjAMBgNVBAgMBVN1d29uMQ4wDAYDVQQHDAVTdXdvbjEWMBQGA1UECgwNVGl6
-ZW4gVGVzdCBDQTEjMCEGA1UECwwaVFRpemVuIERpc3RyaWJ1dG9yIFRlc3QgQ0Ex
-KTAnBgNVBAMMIFRpemVuIFB1YmxpYyBEaXN0cmlidXRvciBSb290IENBMB4XDTEy
-MTAyNjA4MDAyN1oXDTIyMTAyNDA4MDAyN1owgZUxCzAJBgNVBAYTAktSMQ4wDAYD
-VQQIDAVTdXdvbjEOMAwGA1UEBwwFU3V3b24xFjAUBgNVBAoMDVRpemVuIFRlc3Qg
-Q0ExIzAhBgNVBAsMGlRUaXplbiBEaXN0cmlidXRvciBUZXN0IENBMSkwJwYDVQQD
-DCBUaXplbiBQdWJsaWMgRGlzdHJpYnV0b3IgUm9vdCBDQTCBnzANBgkqhkiG9w0B
-AQEFAAOBjQAwgYkCgYEA8o0kPY1U9El1BbBUF1k4jCq6mH8a6MmDJdjgsz+hILAY
-sPWimRTXUcW8GAUWhZWgm1Fbb49xWcasA8b4bIJabC/6hLb8uWiozzpRXyQJbe7k
-//RocskRqDmFOky8ANFsCCww72/Xbq8BFK1sxlGdmOWQiGwDWBDlS2Lw1XOMqb0C
-AwEAATANBgkqhkiG9w0BAQUFAAOBgQBUotZqTNFr+SNyqeZqhOToRsg3ojN1VJUa
-07qdlVo5I1UObSE+UTJPJ0NtSj7OyTY7fF3E4xzUv/w8aUoabQP1erEmztY/AVD+
-phHaPytkZ/Dx+zDZ1u5e9bKm5zfY4dQs/A53zDQta5a/NkZOEF97Dj3+bzAh2bP7
-KOszlocFYw==
------END CERTIFICATE-----
+++ /dev/null
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number:
- b3:cb:d1:5b:de:6e:66:95
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C=KR, ST=Suwon, O=Samsung Electronics, OU=SLP, CN=SLP WebApp Temporary CA/emailAddress=yunchan.cho@samsung.com
- Validity
- Not Before: Dec 8 10:27:32 2011 GMT
- Not After : Nov 30 10:27:32 2021 GMT
- Subject: C=KR, ST=Suwon, O=Samsung Electronics, OU=SLP, CN=SLP WebApp Temporary CA/emailAddress=yunchan.cho@samsung.com
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- Public-Key: (1024 bit)
- Modulus:
- 00:cb:46:b8:94:81:b1:83:d7:29:05:2a:33:01:9e:
- 66:15:f8:be:bb:95:17:dd:7a:c4:c2:f5:d9:e4:aa:
- fd:c8:8d:a9:48:65:fc:3d:dc:47:d7:2a:2f:5e:c7:
- 1f:22:ed:e0:98:e6:43:6d:74:82:ca:7d:22:9c:60:
- 44:18:cd:ca:d6:6b:16:ca:ed:63:c9:7a:f1:00:df:
- e4:6b:33:47:2f:78:75:61:d7:c9:29:3e:a9:ee:76:
- dd:2e:fe:9d:e7:3c:0d:02:f4:e9:2d:46:74:49:52:
- ef:a0:d6:9d:4d:08:65:ea:6b:35:72:a5:08:d8:46:
- 46:03:99:7c:66:8c:60:c4:91
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Subject Key Identifier:
- 47:A8:8F:CD:1F:22:BA:69:85:13:55:21:2D:C2:19:2D:5F:FF:DC:03
- X509v3 Authority Key Identifier:
- keyid:47:A8:8F:CD:1F:22:BA:69:85:13:55:21:2D:C2:19:2D:5F:FF:DC:03
-
- X509v3 Basic Constraints:
- CA:TRUE
- Signature Algorithm: sha1WithRSAEncryption
- c2:c4:62:f2:ec:6f:2b:05:9c:09:cc:ae:e9:77:a9:1d:66:6b:
- 03:7b:01:3a:e6:29:bb:2a:b8:15:d8:a1:7d:9b:05:b4:8c:cb:
- ae:c7:eb:68:c0:e3:29:c7:e7:5a:ca:1a:0c:3a:ab:91:80:4f:
- 9b:36:d4:45:b4:7b:2c:ef:f3:fd:cb:84:84:85:42:3d:ec:18:
- 3f:5f:9e:b1:1f:8d:0a:57:89:51:e4:eb:7e:da:e9:79:82:61:
- 38:ad:ca:94:43:71:00:73:13:b9:e9:ef:bc:68:c5:ff:5e:0a:
- f6:b9:2a:3d:1d:21:77:22:d0:4e:e7:ad:da:31:0b:51:fa:44:
- cd:fa
------BEGIN CERTIFICATE-----
-MIIC9jCCAl+gAwIBAgIJALPL0VvebmaVMA0GCSqGSIb3DQEBBQUAMIGTMQswCQYD
-VQQGEwJLUjEOMAwGA1UECAwFU3V3b24xHDAaBgNVBAoME1NhbXN1bmcgRWxlY3Ry
-b25pY3MxDDAKBgNVBAsMA1NMUDEgMB4GA1UEAwwXU0xQIFdlYkFwcCBUZW1wb3Jh
-cnkgQ0ExJjAkBgkqhkiG9w0BCQEWF3l1bmNoYW4uY2hvQHNhbXN1bmcuY29tMB4X
-DTExMTIwODEwMjczMloXDTIxMTEzMDEwMjczMlowgZMxCzAJBgNVBAYTAktSMQ4w
-DAYDVQQIDAVTdXdvbjEcMBoGA1UECgwTU2Ftc3VuZyBFbGVjdHJvbmljczEMMAoG
-A1UECwwDU0xQMSAwHgYDVQQDDBdTTFAgV2ViQXBwIFRlbXBvcmFyeSBDQTEmMCQG
-CSqGSIb3DQEJARYXeXVuY2hhbi5jaG9Ac2Ftc3VuZy5jb20wgZ8wDQYJKoZIhvcN
-AQEBBQADgY0AMIGJAoGBAMtGuJSBsYPXKQUqMwGeZhX4vruVF916xML12eSq/ciN
-qUhl/D3cR9cqL17HHyLt4JjmQ210gsp9IpxgRBjNytZrFsrtY8l68QDf5GszRy94
-dWHXySk+qe523S7+nec8DQL06S1GdElS76DWnU0IZeprNXKlCNhGRgOZfGaMYMSR
-AgMBAAGjUDBOMB0GA1UdDgQWBBRHqI/NHyK6aYUTVSEtwhktX//cAzAfBgNVHSME
-GDAWgBRHqI/NHyK6aYUTVSEtwhktX//cAzAMBgNVHRMEBTADAQH/MA0GCSqGSIb3
-DQEBBQUAA4GBAMLEYvLsbysFnAnMrul3qR1mawN7ATrmKbsquBXYoX2bBbSMy67H
-62jA4ynH51rKGgw6q5GAT5s21EW0eyzv8/3LhISFQj3sGD9fnrEfjQpXiVHk637a
-6XmCYTitypRDcQBzE7np77xoxf9eCva5Kj0dIXci0E7nrdoxC1H6RM36
------END CERTIFICATE-----
+++ /dev/null
------BEGIN CERTIFICATE-----
-MIID9DCCAtygAwIBAgIOZscBAQACO65mNg72468wDQYJKoZIhvcNAQEFBQAwgZQx
-CzAJBgNVBAYTAkRFMRwwGgYDVQQKExNUQyBUcnVzdENlbnRlciBHbWJIMTEwLwYD
-VQQLEyhQcmUtUHJvZHVjdGlvbiBUQyBUcnVzdENlbnRlciBDbGFzcyAyIENBMTQw
-MgYDVQQDEytQcmUtUHJvZHVjdGlvbiBUQyBUcnVzdENlbnRlciBDbGFzcyAyIENB
-IElJMB4XDTA2MDYwODE0MTYwMVoXDTI1MTIzMTIyNTk1OVowgZQxCzAJBgNVBAYT
-AkRFMRwwGgYDVQQKExNUQyBUcnVzdENlbnRlciBHbWJIMTEwLwYDVQQLEyhQcmUt
-UHJvZHVjdGlvbiBUQyBUcnVzdENlbnRlciBDbGFzcyAyIENBMTQwMgYDVQQDEytQ
-cmUtUHJvZHVjdGlvbiBUQyBUcnVzdENlbnRlciBDbGFzcyAyIENBIElJMIIBIjAN
-BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3Ewnr8E24AqXnf1Lu7w/g79Hht+W
-lvWQg7cPC7685oj0htT0SmDy94uQaC3qRzBJktLKCyuniABykhdTr04rGWgzqD8n
-EzcFCt5k0gF39l3ND/JL+S2YJK/f/xc884hjcLsHUU7cAd6mDlVkOszFK86DNbu0
-noz0y1y462RIOvPCjkYl/GJ5zL62bdDbgFqrWMPZ54JFG0Rj1v575ygfOd2LwOXe
-xjzqfYI4JOx9frKWakPTehW+0UY5UdF0cMvHuLJie9H0vOobR4vtkenbS283b6j7
-0WCoU/BeAr4qskvMs9WwkwDquO4XnzYQDsEVgjBu4H2W0ihNUYJbRo8wtQIDAQAB
-o0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAdBgNVHQ4EFgQU
-DTX6+fYyziPR1HZxViaGOj66QOYwDQYJKoZIhvcNAQEFBQADggEBALZ0pfjOfePn
-D/6QDCt+cjQ5+U4eKcOlJMXrpEAlnC6oAnN1hqbOQaj44aIAbNap36E/Hl9s0Uga
-c4nz73o5uPvdDmbWzNnMz6ey5NU0XXNzHxQWFdb0+Z7Cho5txoZjjynYXmyQc3RJ
-rrPI+6Uej6sEv15ZGirjABza6pNJ+2NLojLyUb+8et3OCLS+wJ4qrX/5uwgL50Lt
-0M2iPdZv+gjZwNmNWYIflYrSXa3ujclH+EAkkk/G1JxPzhVI3cII3y2DUZQAPCcX
-XQDXIX2zJo7bYaUYJhlEeiGX17cdXMXDT1tbXKKg2mRIga1K4lknn9U/vzkjMJXL
-GA38dUZRZ2Y=
------END CERTIFICATE-----
+++ /dev/null
------BEGIN CERTIFICATE-----
-MIIDijCCAnKgAwIBAgIOMwoBAQAuBBKsIqIni7QwDQYJKoZIhvcNAQELBQAwYDEL
-MAkGA1UEBhMCR0IxJTAjBgNVBAoMHFdBQyBBcHBsaWNhdGlvbiBTZXJ2aWNlcyBM
-dGQxKjAoBgNVBAMMIVdBQyBBcHBsaWNhdGlvbiBTZXJ2aWNlcyBMdGQgVEVTVDAe
-Fw0xMTAzMDMxNTA3MTlaFw0zNjAzMDMxNTA3MTlaMGAxCzAJBgNVBAYTAkdCMSUw
-IwYDVQQKDBxXQUMgQXBwbGljYXRpb24gU2VydmljZXMgTHRkMSowKAYDVQQDDCFX
-QUMgQXBwbGljYXRpb24gU2VydmljZXMgTHRkIFRFU1QwggEiMA0GCSqGSIb3DQEB
-AQUAA4IBDwAwggEKAoIBAQC1PB3UrpAQgLSVqHRPhHqdDJsjKQe/CT9oS4lA+mI/
-vkhAvam/EvcNrNHcLVvSph+Mj0d2Y2J9wkcNW7fS3qZJXtpMNU36r7XdBk9kiYhc
-PwJbckCo9Pp8YFxkuR6xV6Cc4o54mO2mumxDQ1hbwCsc5CT7yQz0FVVhCE01X6JJ
-D61DvqmAzCUpehmEXthNV/s/o8fL+I2mD75p8vNDyIZHSJX59czO3PriT3tH2h+0
-tQx7NEWG70fQEU2CzcH9UngPYU7xXqNOhT9GmI/yL3HTeYGNH3i5VHrBjxeTF11t
-IWSUDWQX1W0Y7TbN06XcGcuqPgjZ9xMcV7S4OiCBJz5nAgMBAAGjQjBAMA8GA1Ud
-EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBQp5dzy2tJEArpT
-qcQWNXG6J7y5WTANBgkqhkiG9w0BAQsFAAOCAQEAoXuyi8AjMx2yKVpss7xpVi5v
-aUjcHU3AlptjNCFrXI6Bw+KJGNo8ydYlEASRd5dL/pJ6/V+UuUt9EngjUSdYOZGB
-OgCeB2sJI8EZSay2LLhOCmkAxltC94Y/KRzkKqsYvNc6yvF85d+d4gbokf4APjmR
-1TSlZLZsVhwfR0k0mer2rHQGE5Ljezdk7ZGeEMLdn6WFScwjo980EI0OqEoJU3on
-+1TTBYudZ4o3qMgHiFwJafUJ6i3zuYbi9x86zMqeI4dJTbsTKLM0QV8vIdzI9fkV
-t1tO/uBBAsNFUv8PAYwP4AFyGvyJbR4uxwxuQZKrltgjSTkPGYR14JtrGk7Y9g==
------END CERTIFICATE-----
-
+++ /dev/null
------BEGIN CERTIFICATE-----
-MIIDgTCCAmmgAwIBAgIPAKTxAAEALtiV8/+rhB6+MA0GCSqGSIb3DQEBCwUAMFsx
-CzAJBgNVBAYTAkdCMSUwIwYDVQQKDBxXQUMgQXBwbGljYXRpb24gU2VydmljZXMg
-THRkMSUwIwYDVQQDDBxXQUMgQXBwbGljYXRpb24gU2VydmljZXMgTHRkMB4XDTEx
-MDMxNDE0MDEwNFoXDTM2MDMxNDE0MDEwNFowWzELMAkGA1UEBhMCR0IxJTAjBgNV
-BAoMHFdBQyBBcHBsaWNhdGlvbiBTZXJ2aWNlcyBMdGQxJTAjBgNVBAMMHFdBQyBB
-cHBsaWNhdGlvbiBTZXJ2aWNlcyBMdGQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
-ggEKAoIBAQDCf6RHUPVBUY4YXYMdrmt5yO95eRCOG6vJtI9w0UM2w/2fihD5SMYa
-3cCVam4j6F8FSspMIx+4CTCwdDSUixBGENwGEhD4qxqqV3KTObmxmYbELa97S1IP
-qwoFelzUX6e+qHmYHi+eu/hONeiZaPBLtUtCd6ppCd5ACrD/kf/Ug/tfUtngozjG
-sJ1UB10Ezi3fKs3OkkZMuecJvjWmDpRAyvIeeV8xfzeyn+DMpvhnI9RrSY0j4huE
-ud6Lzzg0jV8+m54v0j7hv9klyNcGiZ+bmHr0LIyAtT+uktcms/4p3V9j01SI9Tmw
-HcHKDXnM6kuThWpr6DR9KFSZ8zD2Nx5nAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMB
-Af8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBT5bKdU2+CGE17R+o/rMCZHHMn+
-WzANBgkqhkiG9w0BAQsFAAOCAQEAXmO+J5suIGuzbfYBoTdr8gahFfWEbhm1y6mJ
-eZAc+Mf5L+In20p+Oj5uy6LsTmJsE9VE/+gi1eALKl9EhgYhET2ZlAzRFCN5dTWv
-NTAFxJfGMkn2U5iW+luJ+lejyYBqEEFRpzwhXZbVDZQLim4CU75H75KzFkUgTulG
-5M6U/Plt6S1rKgMkeYiR27W4C2NZMFXYqctt0m+eKEa3ueZE9pYUxqVcvQKSI017
-Nbc1kSkcuSKFV2Bk2T5dh5jQvywykdWLubAe6XiiC5CIT31kcSX6AlVhgNxWRRKP
-QFO7lWqxnQMR2Or38ve7oSg1oL5Sx80fcbp3ovaYSKt5jnVWfg==
------END CERTIFICATE-----
-
+++ /dev/null
-<CertificateSet>
- <CertificateDomain name="wacpublisher"> <!-- this domain is used to verify author-signatures -->
- <FingerprintSHA1>AF:90:29:D2:B2:E1:6F:D6:7E:7E:EC:8E:BE:74:FA:4C:00:9C:49:FE</FingerprintSHA1><!-- root.cert.pem w3c signature tests -->
- <FingerprintSHA1>A6:00:BC:53:AC:37:5B:6A:03:C3:7A:8A:E0:1B:87:8B:82:94:9B:C2</FingerprintSHA1><!-- wac.publisher.pem -->
- <FingerprintSHA1>C2:C4:B5:72:9A:CF:D9:72:C5:DE:C1:E1:30:FF:74:7F:7A:AF:27:12</FingerprintSHA1><!-- root_cacert.pem certificate for internal tests -->
- <FingerprintSHA1>2B:A0:20:7D:40:90:1D:00:04:89:60:00:3B:DE:34:89:21:BE:D4:4F</FingerprintSHA1><!-- tizen-developer-root-ca.pem -->
- </CertificateDomain>
- <CertificateDomain name="wacroot">
- <FingerprintSHA1>AF:90:29:D2:B2:E1:6F:D6:7E:7E:EC:8E:BE:74:FA:4C:00:9C:49:FE</FingerprintSHA1><!-- root.cert.pem w3c signature tests -->
- <FingerprintSHA1>C2:C4:B5:72:9A:CF:D9:72:C5:DE:C1:E1:30:FF:74:7F:7A:AF:27:12</FingerprintSHA1><!-- root_cacert.pem certificate for internal tests -->
- <FingerprintSHA1>A0:59:D3:37:E8:C8:2E:7F:38:84:7D:21:A9:9E:19:A9:8E:EC:EB:E1</FingerprintSHA1><!-- wac.root.production.pem -->
- <FingerprintSHA1>8D:1F:CB:31:68:11:DA:22:59:26:58:13:6C:C6:72:C9:F0:DE:84:2A</FingerprintSHA1><!-- wac.root.preproduction.pem -->
- <FingerprintSHA1>84:A8:85:67:1C:D9:A9:C9:8C:7C:C3:BC:7F:EB:A6:7D:44:94:D9:8F</FingerprintSHA1><!-- tizen-distributor-root-ca-public.pem -->
- </CertificateDomain>
- <CertificateDomain name="developer">
- <FingerprintSHA1>4A:9D:7A:4B:3B:29:D4:69:0A:70:B3:80:EC:A9:44:6B:03:7C:9A:38</FingerprintSHA1><!-- operator.root.cert.pem internal tests-->
- </CertificateDomain>
- <CertificateDomain name="wacmember">
- </CertificateDomain>
- <CertificateDomain name="tizenmember"> <!-- used to verify tizen widgets -->
- <FingerprintSHA1>67:37:DE:B7:B9:9D:D2:DB:A5:2C:42:DE:CB:2F:2C:3E:33:97:E1:85</FingerprintSHA1><!-- tizen-distributor-root-ca-partner.pem -->
- <FingerprintSHA1>04:C5:A6:1D:75:BB:F5:5C:0F:A2:66:F6:09:4D:9B:2B:5F:3B:44:AE</FingerprintSHA1><!-- tizen-distributor-root-ca-public.pem -->
- <FingerprintSHA1>AD:A1:44:89:6A:35:6D:17:01:E9:6F:46:C6:00:7B:78:BE:2E:D9:4E</FingerprintSHA1><!-- tizen.root.preproduction.cert.pem for internal test of SDK -->
- <FingerprintSHA1>FE:11:C7:FB:38:2E:90:3A:F4:41:80:EE:28:40:61:C2:56:7D:0B:BD</FingerprintSHA1><!-- orange.production.pem - hash from it is encoded on sim cards -->
- </CertificateDomain>
- <CertificateDomain name="orangelegacy">
- <FingerprintSHA1>FE:11:C7:FB:38:2E:90:3A:F4:41:80:EE:28:40:61:C2:56:7D:0B:BD</FingerprintSHA1><!-- orange.production.pem - This certificate requires special treatment during verification process -->
- </CertificateDomain>
-</CertificateSet>
+++ /dev/null
-<?xml version="1.0" encoding="utf-8"?>
-<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema">
-
-<xs:element name="CertificateSet" type="CertificateSetType" />
-<xs:complexType name="CertificateSetType">
- <xs:sequence>
- <xs:element ref="CertificateDomain" minOccurs="0" maxOccurs="unbounded" />
- </xs:sequence>
-</xs:complexType>
-
-<xs:element name="CertificateDomain" type="CertificateDomainType" />
-<xs:complexType name="CertificateDomainType">
- <xs:sequence>
- <xs:element ref="FingerprintSHA1" minOccurs="0" maxOccurs="unbounded" />
- </xs:sequence>
- <xs:attribute name="name" type="xs:string" use="required" />
-</xs:complexType>
-
-<xs:element name="FingerprintSHA1" type="xs:string"/>
-
-</xs:schema>
+++ /dev/null
-<?xml version="1.0" encoding="utf-8"?>
-<!DOCTYPE schema
- PUBLIC "-//W3C//DTD XMLSchema 200102//EN" "http://www.w3.org/2001/XMLSchema.dtd"
- [
- <!ATTLIST schema
- xmlns:ds CDATA #FIXED "http://www.w3.org/2000/09/xmldsig#">
- <!ENTITY dsig 'http://www.w3.org/2000/09/xmldsig#'>
- <!ENTITY % p ''>
- <!ENTITY % s ''>
- ]>
-
-<!-- Schema for XML Signatures
- http://www.w3.org/2000/09/xmldsig#
- $Revision: 1.1 $ on $Date: 2002/02/08 20:32:26 $ by $Author: reagle $
-
- Copyright 2001 The Internet Society and W3C (Massachusetts Institute
- of Technology, Institut National de Recherche en Informatique et en
- Automatique, Keio University). All Rights Reserved.
- http://www.w3.org/Consortium/Legal/
-
- This document is governed by the W3C Software License [1] as described
- in the FAQ [2].
-
- [1] http://www.w3.org/Consortium/Legal/copyright-software-19980720
- [2] http://www.w3.org/Consortium/Legal/IPR-FAQ-20000620.html#DTD
--->
-
-
-<schema xmlns="http://www.w3.org/2001/XMLSchema"
- xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
- targetNamespace="http://www.w3.org/2000/09/xmldsig#"
- version="0.1" elementFormDefault="qualified">
-
-<!-- Basic Types Defined for Signatures -->
-
-<simpleType name="CryptoBinary">
- <restriction base="base64Binary">
- </restriction>
-</simpleType>
-
-<!-- Start Signature -->
-
-<element name="Signature" type="ds:SignatureType"/>
-<complexType name="SignatureType">
- <sequence>
- <element ref="ds:SignedInfo"/>
- <element ref="ds:SignatureValue"/>
- <element ref="ds:KeyInfo" minOccurs="0"/>
- <element ref="ds:Object" minOccurs="0" maxOccurs="unbounded"/>
- </sequence>
- <attribute name="Id" type="ID" use="optional"/>
-</complexType>
-
- <element name="SignatureValue" type="ds:SignatureValueType"/>
- <complexType name="SignatureValueType">
- <simpleContent>
- <extension base="base64Binary">
- <attribute name="Id" type="ID" use="optional"/>
- </extension>
- </simpleContent>
- </complexType>
-
-<!-- Start SignedInfo -->
-
-<element name="SignedInfo" type="ds:SignedInfoType"/>
-<complexType name="SignedInfoType">
- <sequence>
- <element ref="ds:CanonicalizationMethod"/>
- <element ref="ds:SignatureMethod"/>
- <element ref="ds:Reference" maxOccurs="unbounded"/>
- </sequence>
- <attribute name="Id" type="ID" use="optional"/>
-</complexType>
-
- <element name="CanonicalizationMethod" type="ds:CanonicalizationMethodType"/>
- <complexType name="CanonicalizationMethodType" mixed="true">
- <sequence>
- <any namespace="##any" minOccurs="0" maxOccurs="unbounded"/>
- <!-- (0,unbounded) elements from (1,1) namespace -->
- </sequence>
- <attribute name="Algorithm" type="anyURI" use="required"/>
- </complexType>
-
- <element name="SignatureMethod" type="ds:SignatureMethodType"/>
- <complexType name="SignatureMethodType" mixed="true">
- <sequence>
- <element name="HMACOutputLength" minOccurs="0" type="ds:HMACOutputLengthType"/>
- <any namespace="##other" minOccurs="0" maxOccurs="unbounded"/>
- <!-- (0,unbounded) elements from (1,1) external namespace -->
- </sequence>
- <attribute name="Algorithm" type="anyURI" use="required"/>
- </complexType>
-
-<!-- Start Reference -->
-
-<element name="Reference" type="ds:ReferenceType"/>
-<complexType name="ReferenceType">
- <sequence>
- <element ref="ds:Transforms" minOccurs="0"/>
- <element ref="ds:DigestMethod"/>
- <element ref="ds:DigestValue"/>
- </sequence>
- <attribute name="Id" type="ID" use="optional"/>
- <attribute name="URI" type="anyURI" use="optional"/>
- <attribute name="Type" type="anyURI" use="optional"/>
-</complexType>
-
- <element name="Transforms" type="ds:TransformsType"/>
- <complexType name="TransformsType">
- <sequence>
- <element ref="ds:Transform" maxOccurs="unbounded"/>
- </sequence>
- </complexType>
-
- <element name="Transform" type="ds:TransformType"/>
- <complexType name="TransformType" mixed="true">
- <choice minOccurs="0" maxOccurs="unbounded">
- <any namespace="##other" processContents="lax"/>
- <!-- (1,1) elements from (0,unbounded) namespaces -->
- <element name="XPath" type="string"/>
- </choice>
- <attribute name="Algorithm" type="anyURI" use="required"/>
- </complexType>
-
-<!-- End Reference -->
-
-<element name="DigestMethod" type="ds:DigestMethodType"/>
-<complexType name="DigestMethodType" mixed="true">
- <sequence>
- <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
- </sequence>
- <attribute name="Algorithm" type="anyURI" use="required"/>
-</complexType>
-
-<element name="DigestValue" type="ds:DigestValueType"/>
-<simpleType name="DigestValueType">
- <restriction base="base64Binary"/>
-</simpleType>
-
-<!-- End SignedInfo -->
-
-<!-- Start KeyInfo -->
-
-<element name="KeyInfo" type="ds:KeyInfoType"/>
-<complexType name="KeyInfoType" mixed="true">
- <choice maxOccurs="unbounded">
- <element ref="ds:KeyName"/>
- <element ref="ds:KeyValue"/>
- <element ref="ds:RetrievalMethod"/>
- <element ref="ds:X509Data"/>
- <element ref="ds:PGPData"/>
- <element ref="ds:SPKIData"/>
- <element ref="ds:MgmtData"/>
- <any processContents="lax" namespace="##other"/>
- <!-- (1,1) elements from (0,unbounded) namespaces -->
- </choice>
- <attribute name="Id" type="ID" use="optional"/>
-</complexType>
-
- <element name="KeyName" type="string"/>
- <element name="MgmtData" type="string"/>
-
- <element name="KeyValue" type="ds:KeyValueType"/>
- <complexType name="KeyValueType" mixed="true">
- <choice>
- <element ref="ds:DSAKeyValue"/>
- <element ref="ds:RSAKeyValue"/>
- <element ref="ds:ECKeyValue"/>
- <any namespace="##other" processContents="lax"/>
- </choice>
- </complexType>
-
-<!-- ECDSA KEY DEFINITIONS -->
-
- <element name="ECKeyValue" type="ds:ECKeyValueType"/>
- <complexType name="ECKeyValueType">
- <sequence>
- <choice>
- <element name="ECParameters" type="ds:ECParametersType"/>
- <element name="NamedCurve" type="ds:NamedCurveType"/>
- </choice>
- <element name="PublicKey" type="ds:ECPointType"/>
- </sequence>
- <attribute name="Id" type="ID" use="optional"/>
- </complexType>
-
- <complexType name="NamedCurveType">
- <attribute name="URI" type="anyURI" use="required"/>
- </complexType>
-
- <simpleType name="ECPointType">
- <restriction base="ds:CryptoBinary"/>
- </simpleType>
-
- <element name="RetrievalMethod" type="ds:RetrievalMethodType"/>
- <complexType name="RetrievalMethodType">
- <sequence>
- <element ref="ds:Transforms" minOccurs="0"/>
- </sequence>
- <attribute name="URI" type="anyURI"/>
- <attribute name="Type" type="anyURI" use="optional"/>
- </complexType>
-
- <complexType name="ECParametersType">
- <sequence>
- <element name="FieldID" type="ds:FieldIDType"/>
- <element name="Curve" type="ds:CurveType"/>
- <element name="Base" type="ds:ECPointType"/>
- <element name="Order" type="ds:CryptoBinary"/>
- <element name="CoFactor" type="integer" minOccurs="0"/>
- <element name="ValidationData" type="ds:ECValidationDataType" minOccurs="0"/>
- </sequence>
- </complexType>
-
- <complexType name="FieldIDType">
- <choice>
- <element ref="ds:Prime"/>
- <element ref="ds:TnB"/>
- <element ref="ds:PnB"/>
- <element ref="ds:GnB"/>
- <any namespace="##other" processContents="lax"/>
- </choice>
- </complexType>
-
- <element name="Prime" type="ds:PrimeFieldParamsType"/>
- <complexType name="PrimeFieldParamsType">
- <sequence>
- <element name="P" type="ds:CryptoBinary"/>
- </sequence>
- </complexType>
-
- <element name="GnB" type="ds:CharTwoFieldParamsType"/>
- <complexType name="CharTwoFieldParamsType">
- <sequence>
- <element name="M" type="positiveInteger"/>
- </sequence>
- </complexType>
-
- <element name="TnB" type="ds:TnBFieldParamsType"/>
- <complexType name="TnBFieldParamsType">
- <complexContent>
- <extension base="ds:CharTwoFieldParamsType">
- <sequence>
- <element name="K" type="positiveInteger"/>
- </sequence>
- </extension>
- </complexContent>
- </complexType>
-
- <element name="PnB" type="ds:PnBFieldParamsType"/>
- <complexType name="PnBFieldParamsType">
- <complexContent>
- <extension base="ds:CharTwoFieldParamsType">
- <sequence>
- <element name="K1" type="positiveInteger"/>
- <element name="K2" type="positiveInteger"/>
- <element name="K3" type="positiveInteger"/>
- </sequence>
- </extension>
- </complexContent>
- </complexType>
-
- <complexType name="CurveType">
- <sequence>
- <element name="A" type="ds:CryptoBinary"/>
- <element name="B" type="ds:CryptoBinary"/>
- </sequence>
- </complexType>
-
- <complexType name="ECValidationDataType">
- <sequence>
- <element name="seed" type="ds:CryptoBinary"/>
- </sequence>
- <attribute name="hashAlgorithm" type="anyURI" use="required"/>
- </complexType>
-
-
-<!-- Start X509Data -->
-
-<element name="X509Data" type="ds:X509DataType"/>
-<complexType name="X509DataType">
- <sequence maxOccurs="unbounded">
- <choice>
- <element name="X509IssuerSerial" type="ds:X509IssuerSerialType"/>
- <element name="X509SKI" type="base64Binary"/>
- <element name="X509SubjectName" type="string"/>
- <element name="X509Certificate" type="base64Binary"/>
- <element name="X509CRL" type="base64Binary"/>
- <any namespace="##other" processContents="lax"/>
- </choice>
- </sequence>
-</complexType>
-
-<complexType name="X509IssuerSerialType">
- <sequence>
- <element name="X509IssuerName" type="string"/>
- <element name="X509SerialNumber" type="integer"/>
- </sequence>
-</complexType>
-
-<!-- End X509Data -->
-
-<!-- Begin PGPData -->
-
-<element name="PGPData" type="ds:PGPDataType"/>
-<complexType name="PGPDataType">
- <choice>
- <sequence>
- <element name="PGPKeyID" type="base64Binary"/>
- <element name="PGPKeyPacket" type="base64Binary" minOccurs="0"/>
- <any namespace="##other" processContents="lax" minOccurs="0"
- maxOccurs="unbounded"/>
- </sequence>
- <sequence>
- <element name="PGPKeyPacket" type="base64Binary"/>
- <any namespace="##other" processContents="lax" minOccurs="0"
- maxOccurs="unbounded"/>
- </sequence>
- </choice>
-</complexType>
-
-<!-- End PGPData -->
-
-<!-- Begin SPKIData -->
-
-<element name="SPKIData" type="ds:SPKIDataType"/>
-<complexType name="SPKIDataType">
- <sequence maxOccurs="unbounded">
- <element name="SPKISexp" type="base64Binary"/>
- <any namespace="##other" processContents="lax" minOccurs="0"/>
- </sequence>
-</complexType>
-
-<!-- End SPKIData -->
-
-<!-- End KeyInfo -->
-
-<!-- Start Object (Manifest, SignatureProperty) -->
-
-<element name="Object" type="ds:ObjectType"/>
-<complexType name="ObjectType" mixed="true">
- <sequence minOccurs="0" maxOccurs="unbounded">
- <any namespace="##any" processContents="lax"/>
- </sequence>
- <attribute name="Id" type="ID" use="optional"/>
- <attribute name="MimeType" type="string" use="optional"/> <!-- add a grep facet -->
- <attribute name="Encoding" type="anyURI" use="optional"/>
-</complexType>
-
-<element name="Manifest" type="ds:ManifestType"/>
-<complexType name="ManifestType">
- <sequence>
- <element ref="ds:Reference" maxOccurs="unbounded"/>
- </sequence>
- <attribute name="Id" type="ID" use="optional"/>
-</complexType>
-
-<element name="SignatureProperties" type="ds:SignaturePropertiesType"/>
-<complexType name="SignaturePropertiesType">
- <sequence>
- <element ref="ds:SignatureProperty" maxOccurs="unbounded"/>
- </sequence>
- <attribute name="Id" type="ID" use="optional"/>
-</complexType>
-
- <element name="SignatureProperty" type="ds:SignaturePropertyType"/>
- <complexType name="SignaturePropertyType" mixed="true">
- <choice maxOccurs="unbounded">
- <any namespace="##other" processContents="lax"/>
- <!-- (1,1) elements from (1,unbounded) namespaces -->
- </choice>
- <attribute name="Target" type="anyURI" use="required"/>
- <attribute name="Id" type="ID" use="optional"/>
- </complexType>
-
-<!-- End Object (Manifest, SignatureProperty) -->
-
-<!-- Start Algorithm Parameters -->
-
-<simpleType name="HMACOutputLengthType">
- <restriction base="integer"/>
-</simpleType>
-
-<!-- Start KeyValue Element-types -->
-
-<element name="DSAKeyValue" type="ds:DSAKeyValueType"/>
-<complexType name="DSAKeyValueType">
- <sequence>
- <sequence minOccurs="0">
- <element name="P" type="ds:CryptoBinary"/>
- <element name="Q" type="ds:CryptoBinary"/>
- </sequence>
- <element name="G" type="ds:CryptoBinary" minOccurs="0"/>
- <element name="Y" type="ds:CryptoBinary"/>
- <element name="J" type="ds:CryptoBinary" minOccurs="0"/>
- <sequence minOccurs="0">
- <element name="Seed" type="ds:CryptoBinary"/>
- <element name="PgenCounter" type="ds:CryptoBinary"/>
- </sequence>
- </sequence>
-</complexType>
-
-<element name="RSAKeyValue" type="ds:RSAKeyValueType"/>
-<complexType name="RSAKeyValueType">
- <sequence>
- <element name="Modulus" type="ds:CryptoBinary"/>
- <element name="Exponent" type="ds:CryptoBinary"/>
- </sequence>
-</complexType>
-
-<!-- End KeyValue Element-types -->
-
-<!-- End Signature -->
-
-</schema>
+++ /dev/null
-#!/bin/sh
-# Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
-#Uncomment this when IPC is set to DBus
-#dbus-send --system --print-reply --dest=org.tizen.SecurityDaemon /org/tizen/SecurityDaemon org.tizen.AceCheckAccessInterface.update_policy
-
-#Uncomment this when IPC is set to sockets
-echo "delete from AcePolicyResult where 1==1;" | sqlite3 /opt/dbspace/.ace.db
-echo "delete from AceAttribute where 1==1;" | sqlite3 /opt/dbspace/.ace.db
-echo "delete from AcePromptDecision where 1==1;" | sqlite3 /opt/dbspace/.ace.db
-pkill -9 security-ser
-sleep 3
-
+++ /dev/null
-#!/bin/sh
-# Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-for name in ace
-do
- rm -f /opt/dbspace/.$name.db
- rm -f /opt/dbspace/.$name.db-journal
- SQL="PRAGMA journal_mode = PERSIST;"
- sqlite3 /opt/dbspace/.$name.db "$SQL"
- SQL=".read /usr/share/wrt-engine/"$name"_db.sql"
- sqlite3 /opt/dbspace/.$name.db "$SQL"
- touch /opt/dbspace/.$name.db-journal
- chown 0:6026 /opt/dbspace/.$name.db
- chown 0:6026 /opt/dbspace/.$name.db-journal
- chmod 660 /opt/dbspace/.$name.db
- chmod 660 /opt/dbspace/.$name.db-journal
-done
-
-
#sbs-git:slp/pkgs/s/security-server security-server 0.0.37
Name: security-server
Summary: Security server and utilities
-Version: 0.0.61
+Version: 0.0.62
Release: 1
Group: TO_BE/FILLED_IN
License: Apache License, Version 2.0
%description -n libsecurity-server-client
Security server package (client)
+#%package -n wrt-security
+#Summary: wrt-security-daemon and client libraries.
+#Group: Development/Libraries
+#Requires(post): /sbin/ldconfig
+#Requires(postun): /sbin/ldconfig
+#
+#%description -n wrt-security
+#Wrt-security-daemon and client libraries.
+#
+#%package -n wrt-security-devel
+#Summary: Header files for client libraries.
+#Group: Development/Libraries
+#Requires: wrt-security = %{version}-%{release}
+#
+#%description -n wrt-security-devel
+#Developer files for client libraries.
%package -n libsecurity-server-client-devel
Summary: Security server (client-devel)
ln -s /etc/rc.d/init.d/security-serverd /etc/rc.d/rc3.d/S10security-server
ln -s /etc/rc.d/init.d/security-serverd /etc/rc.d/rc5.d/S10security-server
-if [ -z ${2} ]; then
- echo "This is new install of wrt-security"
- echo "Calling /usr/bin/wrt_security_create_clean_db.sh"
- /usr/bin/wrt_security_create_clean_db.sh
-else
- # Find out old and new version of databases
- ACE_OLD_DB_VERSION=`sqlite3 /opt/dbspace/.ace.db ".tables" | grep "DB_VERSION_"`
- ACE_NEW_DB_VERSION=`cat /usr/share/wrt-engine/ace_db.sql | tr '[:blank:]' '\n' | grep DB_VERSION_`
- echo "OLD ace database version ${ACE_OLD_DB_VERSION}"
- echo "NEW ace database version ${ACE_NEW_DB_VERSION}"
-
- if [ ${ACE_OLD_DB_VERSION} -a ${ACE_NEW_DB_VERSION} ]
- then
- if [ ${ACE_NEW_DB_VERSION} = ${ACE_OLD_DB_VERSION} ]
- then
- echo "Equal database detected so db installation ignored"
- else
- echo "Calling /usr/bin/wrt_security_create_clean_db.sh"
- /usr/bin/wrt_security_create_clean_db.sh
- fi
- else
- echo "Calling /usr/bin/wrt_security_create_clean_db.sh"
- /usr/bin/wrt_security_create_clean_db.sh
- fi
-fi
-
-echo "[WRT] wrt-security postinst done ..."
-
%postun
systemctl daemon-reload
rm -f /etc/rc.d/rc3.d/S10security-server
%postun -n libsecurity-server-client -p /sbin/ldconfig
-
%files -n security-server
%manifest %{_datadir}/security-server.manifest
%defattr(-,root,root,-)
#/etc/rc.d/rc3.d/S10security-server
#/etc/rc.d/rc5.d/S10security-server
%attr(755,root,root) /usr/bin/security-server
-#/usr/bin/sec-svr-util
-%{_libdir}/libace*.so
-%{_libdir}/libace*.so.*
-%{_libdir}/libwrt-ocsp.so
-%{_libdir}/libwrt-ocsp.so.*
-/usr/share/wrt-engine/*
-%attr(755,root,root) %{_bindir}/wrt_security_create_clean_db.sh
-%attr(755,root,root) %{_bindir}/wrt_security_change_policy.sh
-%attr(664,root,root) %{_datadir}/dbus-1/services/*
-%attr(664,root,root) /usr/etc/ace/bondixml*
-%attr(664,root,root) /usr/etc/ace/UnrestrictedPolicy.xml
-%attr(664,root,root) /usr/etc/ace/WAC2.0Policy.xml
-%attr(664,root,root) /usr/etc/ace/TizenPolicy.xml
+%attr(755,root,root) /etc/rc.d/init.d/security-serverd
+/usr/share/security-server/mw-list
%{_datadir}/license/%{name}
-#%files -n security-server-certs
-%attr(664,root,root) /opt/share/cert-svc/certs/code-signing/wac/wac.publisherid.pem
-%attr(664,root,root) /opt/share/cert-svc/certs/code-signing/wac/tizen.root.preproduction.cert.pem
-%attr(664,root,root) /opt/share/cert-svc/certs/code-signing/wac/wac.root.production.pem
-%attr(664,root,root) /opt/share/cert-svc/certs/code-signing/wac/wac.root.preproduction.pem
-%attr(664,root,root) /opt/share/cert-svc/certs/code-signing/wac/tizen-developer-root-ca.pem
-%attr(664,root,root) /opt/share/cert-svc/certs/code-signing/wac/tizen-distributor-root-ca-partner.pem
-%attr(664,root,root) /opt/share/cert-svc/certs/code-signing/wac/tizen-distributor-root-ca-public.pem
-
%files -n libsecurity-server-client
%manifest %{_datadir}/libsecurity-server-client.manifest
%defattr(-,root,root,-)
%defattr(-,root,root,-)
/usr/lib/libsecurity-server-client.so
/usr/include/security-server/security-server.h
-/usr/lib/pkgconfig/security-server.pc
-%{_includedir}/wrt-security/*
-%{_includedir}/ace/*
-%{_includedir}/ace-client/*
-%{_includedir}/ace-settings/*
-%{_includedir}/ace-install/*
-%{_includedir}/ace-common/*
-%{_includedir}/ace-popup-validation/*
-%{_includedir}/wrt-ocsp/*
%{_libdir}/pkgconfig/*.pc
+++ /dev/null
-/*
- * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/**
- * @file SecuritySocketClient.cpp
- * @author Zofia Abramowska (z.abramowska@samsung.com)
- * @version 1.0
- * @brief Implemtation of socket client class.
- */
-
-#include <sys/socket.h>
-#include <string.h>
-#include <fcntl.h>
-#include <sys/types.h>
-#include <sys/un.h>
-#include <errno.h>
-
-#include "SecuritySocketClient.h"
-#include "security_daemon_socket_config.h"
-
-void SecuritySocketClient::throwWithErrnoMessage(const std::string& specificInfo){
- LogError(specificInfo << " : " << strerror(errno));
- ThrowMsg(Exception::SecuritySocketClientException, specificInfo << " : " << strerror(errno));
-}
-
-SecuritySocketClient::SecuritySocketClient(const std::string& interfaceName) {
- m_interfaceName = interfaceName;
- m_serverAddress = WrtSecurity::SecurityDaemonSocketConfig::SERVER_ADDRESS();
- LogInfo("Client created");
-}
-
-void SecuritySocketClient::connect(){
- struct sockaddr_un remote;
- if(-1 == (m_socketFd = socket(AF_UNIX, SOCK_STREAM,0))){
- throwWithErrnoMessage("socket()");
- }
-
- //socket needs to be nonblocking, because read can block after select
- int flags;
- if (-1 == (flags = fcntl(m_socketFd, F_GETFL, 0)))
- flags = 0;
- if(-1 == (fcntl(m_socketFd, F_SETFL, flags | O_NONBLOCK))){
- throwWithErrnoMessage("fcntl");
- }
-
- bzero(&remote, sizeof(remote));
- remote.sun_family = AF_UNIX;
- strcpy(remote.sun_path, m_serverAddress.c_str());
- if(-1 == ::connect(m_socketFd, (struct sockaddr *)&remote, SUN_LEN(&remote))){
- throwWithErrnoMessage("connect()");
- }
-
- m_socketConnector.reset(new SocketConnection(m_socketFd));
-
- LogInfo("Client connected");
-}
-
-void SecuritySocketClient::disconnect(){
- //Socket should be already closed by server side,
- //even though we should close it in case of any errors
- close(m_socketFd);
- LogInfo("Client disconnected");
-}
+++ /dev/null
-/*
- * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/**
- * @file SecuritySocketClient.h
- * @author Zofia Abramowska (z.abramowska@samsung.com)
- * @version 1.0
- * @brief Header of socket client class.
- */
-
-#ifndef SECURITYSOCKETCLIENT_H_
-#define SECURITYSOCKETCLIENT_H_
-
-#include <memory>
-#include <string>
-#include <dpl/log/log.h>
-#include "SocketConnection.h"
-
-/* IMPORTANT:
- * Methods connect(), call() and disconnected() should be called one by one.
- * Between connect() and disconnect() you can use call() only once.
- * It is because of timeout on call, e.g. to avoid waiting for corrupted data.
- */
-
-/* USAGE:
- * Class should be used according to this scheme:
- * SecuritySocketClient client("Interface Name");
- * (...)
- * client.connect();
- * client.call("Method name", in_arg1, in_arg2, ..., in_argN,
- * out_arg1, out_arg2, ..., out_argM);
- * client.disconnect();
- * (...)
- *
- * input parameters of the call are passed with reference,
- * output ones are passed as pointers - parameters MUST be passed this way.
- *
- * Currently client supports serialization and deserialization of simple types
- * (int, char, float, unsigned), strings (std::string and char*) and
- * some STL containers (std::vector, std::list, std::map, std::pair).
- * Structures and classes are not (yet) supported.
- */
-
-class SecuritySocketClient {
-public:
- class Exception
- {
- public:
- DECLARE_EXCEPTION_TYPE(DPL::Exception, Base)
- DECLARE_EXCEPTION_TYPE(Base, SecuritySocketClientException)
- };
-
- SecuritySocketClient(const std::string &interfaceName);
- void connect();
- void disconnect();
-
- void call(std::string methodName){
- make_call(m_interfaceName);
- make_call(methodName);
- }
-
- template<typename ...Args>
- void call(std::string methodName, const Args&... args){
- make_call(m_interfaceName);
- make_call(methodName);
- make_call(args...);
- }
-
-private:
- template<typename T, typename ...Args>
- void make_call(const T& invalue, const Args&... args){
- make_call(invalue);
- make_call(args...);
- }
-
- template<typename T>
- void make_call(const T& invalue){
- Try {
- m_socketConnector->write(invalue);
- }
- Catch (SocketConnection::Exception::SocketConnectionException){
- LogError("Socket connection write error");
- ReThrowMsg(Exception::SecuritySocketClientException,"Socket connection write error");
- }
- }
-
- template<typename T, typename ...Args>
- void make_call(const T* invalue, const Args&... args){
- make_call(invalue);
- make_call(args...);
- }
-
- template<typename T>
- void make_call(const T* invalue){
- Try {
- m_socketConnector->write(invalue);
- }
- Catch (SocketConnection::Exception::SocketConnectionException){
- LogError("Socket connection write error");
- ReThrowMsg(Exception::SecuritySocketClientException,"Socket connection write error");
- }
- }
-
- template<typename T, typename ...Args>
- void make_call(T * outvalue, const Args&... args){
- make_call(outvalue);
- make_call(args...);
- }
-
- template<typename T>
- void make_call(T* outvalue){
- Try {
- m_socketConnector->read(outvalue);
- }
- Catch (SocketConnection::Exception::SocketConnectionException){
- LogError("Socket connection read error");
- ReThrowMsg(Exception::SecuritySocketClientException,"Socket connection read error");
- }
- }
-
-
-private:
- void throwWithErrnoMessage(const std::string& specificInfo);
- std::string m_serverAddress;
- std::string m_interfaceName;
- std::unique_ptr<SocketConnection> m_socketConnector;
- int m_socketFd;
-};
-
-#endif /* SECURITYSOCKETCLIENT_H_ */
+++ /dev/null
-/*
- * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file SocketConnection.cpp
- * @author Zofia Abramowska (z.abramowska@samsung.com)
- * @version 1.0
- */
-
-#include "SocketConnection.h"
-
-//
-// Note:
-//
-// The file here is left blank to enable precompilation
-// of templates in corresponding header file.
-// Do not remove this file.
-//
+++ /dev/null
-/*
- * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file SocketConnection.h
- * @author Zofia Abramowska (z.abramowska@samsung.com)
- * @version 1.0
- * @brief This file is a header of Socket Connection class with implemented templates
- */
-
-#ifndef SOCKETCONNECTION_H_
-#define SOCKETCONNECTION_H_
-
-#include <dpl/serialization.h>
-#include <dpl/log/log.h>
-#include <new>
-#include "SocketStream.h"
-
-/*
- * This class implements interface for generic read and write from given socket.
- * It does not maintain socket descriptor, so any connecting and disconnecting should be
- * done above calls to this class.
- */
-
-/*
- * Throws SocketConnectionException when read/write will not succeed or if any bad allocation
- * exception occurs during read.
- */
-
-class SocketConnection {
-
-public:
-
- class Exception
- {
- public:
- DECLARE_EXCEPTION_TYPE(DPL::Exception, Base)
- DECLARE_EXCEPTION_TYPE(Base, SocketConnectionException)
- };
-
- explicit SocketConnection(int socket_fd) : m_socketStream(socket_fd){
- LogInfo("Created");
- }
-
- template<typename T, typename ...Args>
- void read(T* out, const Args&... args ){
- read(out);
- read(args...);
- }
-
- template<typename T>
- void read(T* out){
- Try {
- DPL::Deserialization::Deserialize(m_socketStream, *out);
- }
-
- Catch (std::bad_alloc){
- LogError("Bad allocation error");
- ThrowMsg(Exception::SocketConnectionException, "Bad allocation error");
- }
-
- Catch (SocketStream::Exception::SocketStreamException) {
- LogError("Socket stream error");
- ReThrowMsg(Exception::SocketConnectionException, "Socket stream error");
- }
- }
-
- template<typename T, typename ...Args>
- void write(const T& in, const Args&... args){
- write(in);
- write(args...);
- }
-
- template<typename T>
- void write(const T& in){
- Try {
- DPL::Serialization::Serialize(m_socketStream, in);
- } Catch (SocketStream::Exception::SocketStreamException) {
- LogError("Socket stream error");
- ReThrowMsg(Exception::SocketConnectionException, "Socket stream error");
- }
- }
-
- template<typename T, typename ...Args>
- void write(const T* in, const Args&... args){
- write(in);
- write(args...);
- }
-
- template<typename T>
- void write(const T* in){
- Try {
- DPL::Serialization::Serialize(m_socketStream, in);
- } Catch (SocketStream::Exception::SocketStreamException) {
- LogError("Socket stream error");
- ReThrowMsg(Exception::SocketConnectionException, "Socket stream error");
- }
- }
-
-private:
- SocketStream m_socketStream;
-};
-
-#endif /* SOCKETCONNECTION_H_ */
+++ /dev/null
-/*
- * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/**
- * @file SocketStream.cpp
- * @author Zofia Abramowska (z.abramowska@samsung.com)
- * @version 1.0
- * @brief Implementation of socket stream class
- */
-
-
-#include <sys/socket.h>
-#include <sys/select.h>
-#include <errno.h>
-#include <cstring>
-#include <dpl/log/log.h>
-#include "SocketStream.h"
-
-#define READ_TIEMOUT_SEC 1
-#define READ_TIMEUOT_NSEC 0
-#define WRITE_TIMEOUT_SEC 0
-#define WRITE_TIMEOUT_NSEC 100000000
-#define MAX_BUFFER 10240
-
-void SocketStream::throwWithErrnoMessage(std::string function_name){
- LogError(function_name << " : " << strerror(errno));
- ThrowMsg(Exception::SocketStreamException, function_name << " : " << strerror(errno));
-}
-
-void SocketStream::Read(size_t num, void * bytes){
-
- if(NULL == bytes){
- LogError("Null pointer to buffer");
- ThrowMsg(Exception::SocketStreamException, "Null pointer to buffer");
- }
-
- m_bytesRead += num;
-
- if(m_bytesRead > MAX_BUFFER){
- LogError("Too big buffer requested!");
- ThrowMsg(Exception::SocketStreamException, "Too big buffer requested!");
- }
-
- char part_buffer[MAX_BUFFER];
- std::string whole_buffer;
-
- fd_set rset, allset;
- int max_fd;
- ssize_t bytes_read = 0, bytes_to_read = (ssize_t) num;
-
- timespec timeout;
-
- max_fd = m_socketFd;
- ++max_fd;
-
- FD_ZERO(&allset);
- FD_SET(m_socketFd, &allset);
-
- int returned_value;
-
- while(bytes_to_read != 0){
- timeout.tv_sec = READ_TIEMOUT_SEC;
- timeout.tv_nsec = READ_TIMEUOT_NSEC;
- rset = allset;
-
- if(-1 == (returned_value = pselect(max_fd, &rset, NULL, NULL, &timeout, NULL))){
- if(errno == EINTR) continue;
- throwWithErrnoMessage("pselect()");
- }
- if(0 == returned_value){
- //This means pselect got timedout
- //This is not a proper behavior in reading data from UDS
- //And could mean we got corrupted connection
- LogError("Couldn't read whole data");
- ThrowMsg(Exception::SocketStreamException, "Couldn't read whole data");
- }
- if(FD_ISSET(m_socketFd, &rset)){
- bytes_read = read(m_socketFd, part_buffer, num);
- if(bytes_read <= 0){
- if(errno == ECONNRESET || errno == ENOTCONN || errno == ETIMEDOUT){
- LogInfo("Connection closed : " << strerror(errno));
- ThrowMsg(Exception::SocketStreamException,
- "Connection closed : " << strerror(errno) << ". Couldn't read whole data");
- }else if (errno != EAGAIN && errno != EWOULDBLOCK){
- throwWithErrnoMessage("read()");
- }
- }
-
- whole_buffer.append(part_buffer, bytes_read);
- bytes_to_read-=bytes_read;
- bytes_read = 0;
- continue;
- }
-
- }
- memcpy(bytes, whole_buffer.c_str(), num);
-}
-
-void SocketStream::Write(size_t num, const void * bytes){
-
- if(NULL == bytes){
- LogError("Null pointer to buffer");
- ThrowMsg(Exception::SocketStreamException, "Null pointer to buffer");
- }
-
- m_bytesWrote += num;
-
- if(m_bytesWrote > MAX_BUFFER){
- LogError("Too big buffer requested!");
- ThrowMsg(Exception::SocketStreamException, "Too big buffer requested!");
- }
-
- fd_set wset, allset;
- int max_fd;
-
- timespec timeout;
-
- max_fd = m_socketFd;
- ++max_fd;
-
- FD_ZERO(&allset);
- FD_SET(m_socketFd, &allset);
-
- int returned_value;
-
- int write_res, bytes_to_write = num;
- unsigned int current_offset = 0;
-
- while(current_offset != num){
- timeout.tv_sec = WRITE_TIMEOUT_SEC;
- timeout.tv_nsec = WRITE_TIMEOUT_NSEC;
- wset = allset;
-
- if(-1 == (returned_value = pselect(max_fd, NULL, &wset, NULL, &timeout, NULL))){
- if(errno == EINTR) continue;
- throwWithErrnoMessage("pselect()");
- }
-
- if(FD_ISSET(m_socketFd, &wset)){
- if(-1 == (write_res = write(m_socketFd, reinterpret_cast<const char *>(bytes) + current_offset, bytes_to_write))){
- if(errno == ECONNRESET || errno == EPIPE){
- LogInfo("Connection closed : " << strerror(errno));
- ThrowMsg(Exception::SocketStreamException,
- "Connection closed : " << strerror(errno) << ". Couldn't write whole data");
-
- }else if(errno != EAGAIN && errno != EWOULDBLOCK){
- throwWithErrnoMessage("write()");
- }
- }
- current_offset += write_res;
- bytes_to_write -= write_res;
- }
- }
-}
+++ /dev/null
-/*
- * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/**
- * @file SocketStream.h
- * @author Zofia Abramowska (z.abramowska@samsung.com)
- * @version 1.0
- * @brief Header of socket stream class.
- */
-
-#ifndef SOCKETSTREAM_H_
-#define SOCKETSTREAM_H_
-
-#include <string>
-#include <sys/socket.h>
-#include <sys/select.h>
-#include <dpl/serialization.h>
-#include <dpl/log/log.h>
-
-/*
- * This class implements binary read/write from socket used for DPL serialization and deserialization
- * It can read or write buffers of max *total* size 10kB.
- * I does not maintain socket descriptor.
- */
-
-/*
- * Throws SocketStreamException when buffer is null or its size exceeds max size or when
- * there is an error during read or write.
- */
-
-
-
-class SocketStream : public DPL::IStream {
-public:
- class Exception
- {
- public:
- DECLARE_EXCEPTION_TYPE(DPL::Exception, Base)
- DECLARE_EXCEPTION_TYPE(Base, SocketStreamException)
- };
-
- explicit SocketStream(int socket_fd) : m_socketFd(socket_fd),
- m_bytesRead(0),
- m_bytesWrote(0)
- {
- LogInfo("Created");
- }
- void Read(size_t num, void * bytes);
- void Write(size_t num, const void * bytes);
-private:
- void throwWithErrnoMessage(std::string specificInfo);
- int m_socketFd;
- int m_bytesRead;
- int m_bytesWrote;
-};
-
-#endif /* SOCKETSTREAM_H_ */
# @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
#
-SET(DAEMON_BASIC_DEP
- dpl-efl
- dpl-dbus-efl
- dpl-utils-efl
- libsoup-2.4
- dlog
- openssl
- libsmack
- )
-
-IF(SMACK_ENABLE)
- LIST(APPEND DAEMON_BASIC_DEP libprivilege-control)
-ENDIF(SMACK_ENABLE)
-
-PKG_CHECK_MODULES(DAEMON_DEP
- ${DAEMON_BASIC_DEP}
- REQUIRED)
-
-SET(DAEMON_SOURCES_PATH ${PROJECT_SOURCE_DIR}/src)
-
-SET(DAEMON_SOURCES
- #socket connection
- ${PROJECT_SOURCE_DIR}/socket_connection/connection/SocketConnection.cpp
- ${PROJECT_SOURCE_DIR}/socket_connection/connection/SocketStream.cpp
- #caller
- ${DAEMON_SOURCES_PATH}/services/caller/security_caller.cpp
- #daemon
- ${DAEMON_SOURCES_PATH}/daemon/dbus/security_dbus_service.cpp
- ${DAEMON_SOURCES_PATH}/daemon/sockets/security_socket_service.cpp
- ${DAEMON_SOURCES_PATH}/daemon/security_daemon.cpp
- ${DAEMON_SOURCES_PATH}/main.cpp
- #ocsp
- ${DAEMON_SOURCES_PATH}/services/ocsp/dbus/ocsp_server_dbus_interface.cpp
- ${DAEMON_SOURCES_PATH}/services/ocsp/socket/ocsp_service_callbacks.cpp
- ${DAEMON_SOURCES_PATH}/services/ocsp/ocsp_service.cpp
- #ace
- ${DAEMON_SOURCES_PATH}/services/ace/dbus/ace_server_dbus_interface.cpp
- ${DAEMON_SOURCES_PATH}/services/ace/socket/ace_service_callbacks.cpp
- ${DAEMON_SOURCES_PATH}/services/ace/ace_service.cpp
- ${DAEMON_SOURCES_PATH}/services/ace/logic/security_controller.cpp
- ${DAEMON_SOURCES_PATH}/services/ace/logic/attribute_facade.cpp
- ${DAEMON_SOURCES_PATH}/services/ace/logic/security_logic.cpp
- ${DAEMON_SOURCES_PATH}/services/ace/logic/simple_roaming_agent.cpp
- #popup
- ${DAEMON_SOURCES_PATH}/services/popup/dbus/popup_response_dbus_interface.cpp
- ${DAEMON_SOURCES_PATH}/services/popup/socket/popup_service_callbacks.cpp
- )
-
-SET_SOURCE_FILES_PROPERTIES(${DAEMON_SOURCES} PROPERTIES COMPILE_FLAGS "-std=c++0x")
-
-SET(LEGACY_DAEMON_SOURCES
- #security-server
- ${DAEMON_SOURCES_PATH}/security-srv/communication/security-server-comm.c
- ${DAEMON_SOURCES_PATH}/security-srv/server/security-server-cookie.c
- ${DAEMON_SOURCES_PATH}/security-srv/server/security-server-main.c
- ${DAEMON_SOURCES_PATH}/security-srv/server/security-server-password.c
- ${DAEMON_SOURCES_PATH}/security-srv/util/security-server-util-common.c)
-
-SET_SOURCE_FILES_PROPERTIES(${LEGACY_DAEMON_SOURCES}
- PROPERTIES COMPILE_FLAGS "-DSECURITY_SERVER_DEBUG_DLOG")
-
-SET(DAEMON_SOURCES
- ${DAEMON_SOURCES}
- #security-server
- ${LEGACY_DAEMON_SOURCES})
-
-SET_SOURCE_FILES_PROPERTIES(
- ${DAEMON_SOURCES_PATH}/security-srv/communication/security-server-comm.c
- PROPERTIES COMPILE_FLAGS "-D_GNU_SOURCE")
-
-
-############################# Lets start compilation process ##################
-#ace library
-INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/ace/include)
-#socket connection library
-INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/socket_connection/connection)
-#daemon
-INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src)
-INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/daemon)
-INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/daemon/dbus)
-INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/daemon/sockets/api)
-INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/daemon/sockets)
-#caller
-INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/services/caller)
-#ace
-INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/services/ace)
-INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/services/ace/dbus)
-INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/services/ace/socket)
-INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/services/ace/socket/api)
-INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/services/ace/logic)
-#ocsp
-INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/services/ocsp)
-INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/services/ocsp/dbus)
-INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/services/ocsp/socket)
-INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/services/ocsp/socket/api)
-INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/services/ocsp/logic)
-#popup
-INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/services/popup)
-INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/services/popup/dbus)
-INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/services/popup/socket)
-INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/services/popup/socket/api)
-INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/services/popup/logic)
-INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/ace/include)
-INCLUDE_DIRECTORIES(${DAEMON_DEP_INCLUDE_DIRS})
-#security-server
-INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/security-srv/include)
-
-
-
-ADD_EXECUTABLE(${TARGET_DAEMON}
- ${DAEMON_SOURCES})
-
-TARGET_LINK_LIBRARIES(${TARGET_DAEMON}
- ${DAEMON_DEP_LIBRARIES}
- ${TARGET_ACE_LIB}
- ${TARGET_ACE_DAO_RW_LIB})
-
-
-
-###################################################################################################
-## for libsecurity-server-client.so (library)
-pkg_check_modules(pkgs REQUIRED dlog openssl libsmack)
-
-SET(VERSION_MAJOR 1)
-SET(VERSION ${VERSION_MAJOR}.0.1)
-
-SET(libsecurity-server-client_SOURCES
- ${DAEMON_SOURCES_PATH}/security-srv/client/security-server-client.c
- ${DAEMON_SOURCES_PATH}/security-srv/communication/security-server-comm.c)
-SET(libsecurity-server-client_LDFLAGS " -module -avoid-version")
-SET(libsecurity-server-client_CFLAGS " ${CFLAGS} -fPIC -I${sec_svr_include_dir} ${debug_type} -D_GNU_SOURCE ")
-#SET(libsecurity-server-client_LIBADD "")
-
-ADD_LIBRARY(security-server-client SHARED ${libsecurity-server-client_SOURCES})
-TARGET_LINK_LIBRARIES(security-server-client ${pkgs_LDFLAGS})
-SET_TARGET_PROPERTIES(security-server-client PROPERTIES SOVERSION ${VERSION_MAJOR})
-SET_TARGET_PROPERTIES(security-server-client PROPERTIES VERSION ${VERSION})
-SET_TARGET_PROPERTIES(security-server-client PROPERTIES COMPILE_FLAGS "${libsecurity-server-client_CFLAGS}")
-###################################################################################################
-
-INSTALL(TARGETS ${TARGET_DAEMON}
- DESTINATION bin)
-
-INSTALL(FILES
- ${PROJECT_SOURCE_DIR}/src/daemon/dbus/org.tizen.SecurityDaemon.service
- DESTINATION /usr/share/dbus-1/services
- )
-
-INSTALL(FILES
- ${PROJECT_SOURCE_DIR}/src/services/ace/ace_server_api.h
- ${PROJECT_SOURCE_DIR}/src/services/ocsp/ocsp_server_api.h
- ${PROJECT_SOURCE_DIR}/src/services/popup/popup_response_server_api.h
- ${PROJECT_SOURCE_DIR}/src/services/popup/popup_ace_data_types.h
- ${PROJECT_SOURCE_DIR}/src/daemon/dbus/security_daemon_dbus_config.h
- DESTINATION /usr/include/wrt-security
- )
-
-INSTALL(FILES
- ${PROJECT_SOURCE_DIR}/src/security-srv/include/security-server.h
- DESTINATION /usr/include/security-server
- )
-
-INSTALL(FILES
- ${PROJECT_SOURCE_DIR}/src/security-srv/mw-list
- DESTINATION /usr/share/security-server/)
-
-INSTALL(FILES
- ${PROJECT_SOURCE_DIR}/src/security-srv/security-serverd
- DESTINATION /etc/rc.d/init.d)
-
-INSTALL(TARGETS security-server-client DESTINATION lib)
+#SET(DAEMON_BASIC_DEP
+# dpl-efl
+# dpl-dbus-efl
+# dpl-utils-efl
+# libsoup-2.4
+# openssl
+# libsmack
+# )
+#
+#IF(SMACK_ENABLE)
+# LIST(APPEND DAEMON_BASIC_DEP libprivilege-control)
+#ENDIF(SMACK_ENABLE)
+#
+#PKG_CHECK_MODULES(DAEMON_DEP
+# ${DAEMON_BASIC_DEP}
+# REQUIRED)
+#
+#SET(DAEMON_SOURCES_PATH ${PROJECT_SOURCE_DIR}/src)
+#
+#SET(DAEMON_SOURCES
+# #socket connection
+# ${PROJECT_SOURCE_DIR}/socket_connection/connection/SocketConnection.cpp
+# ${PROJECT_SOURCE_DIR}/socket_connection/connection/SocketStream.cpp
+# #caller
+# ${DAEMON_SOURCES_PATH}/services/caller/security_caller.cpp
+# #daemon
+# ${DAEMON_SOURCES_PATH}/daemon/dbus/security_dbus_service.cpp
+# ${DAEMON_SOURCES_PATH}/daemon/sockets/security_socket_service.cpp
+# ${DAEMON_SOURCES_PATH}/daemon/security_daemon.cpp
+# ${DAEMON_SOURCES_PATH}/main.cpp
+# #ocsp
+# ${DAEMON_SOURCES_PATH}/services/ocsp/dbus/ocsp_server_dbus_interface.cpp
+# ${DAEMON_SOURCES_PATH}/services/ocsp/socket/ocsp_service_callbacks.cpp
+# ${DAEMON_SOURCES_PATH}/services/ocsp/ocsp_service.cpp
+# #ace
+# ${DAEMON_SOURCES_PATH}/services/ace/dbus/ace_server_dbus_interface.cpp
+# ${DAEMON_SOURCES_PATH}/services/ace/socket/ace_service_callbacks.cpp
+# ${DAEMON_SOURCES_PATH}/services/ace/ace_service.cpp
+# ${DAEMON_SOURCES_PATH}/services/ace/logic/security_controller.cpp
+# ${DAEMON_SOURCES_PATH}/services/ace/logic/attribute_facade.cpp
+# ${DAEMON_SOURCES_PATH}/services/ace/logic/security_logic.cpp
+# ${DAEMON_SOURCES_PATH}/services/ace/logic/simple_roaming_agent.cpp
+# #popup
+# ${DAEMON_SOURCES_PATH}/services/popup/dbus/popup_response_dbus_interface.cpp
+# ${DAEMON_SOURCES_PATH}/services/popup/socket/popup_service_callbacks.cpp
+# )
+#
+#SET_SOURCE_FILES_PROPERTIES(${DAEMON_SOURCES} PROPERTIES COMPILE_FLAGS "-std=c++0x")
+#
+############################## Lets start compilation process ##################
+##ace library
+#INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/ace/include)
+##socket connection library
+#INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/socket_connection/connection)
+##daemon
+#INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src)
+#INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/daemon)
+#INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/daemon/dbus)
+#INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/daemon/sockets/api)
+#INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/daemon/sockets)
+##caller
+#INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/services/caller)
+##ace
+#INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/services/ace)
+#INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/services/ace/dbus)
+#INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/services/ace/socket)
+#INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/services/ace/socket/api)
+#INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/services/ace/logic)
+##ocsp
+#INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/services/ocsp)
+#INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/services/ocsp/dbus)
+#INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/services/ocsp/socket)
+#INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/services/ocsp/socket/api)
+#INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/services/ocsp/logic)
+##popup
+#INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/services/popup)
+#INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/services/popup/dbus)
+#INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/services/popup/socket)
+#INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/services/popup/socket/api)
+#INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/services/popup/logic)
+#INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/ace/include)
+#INCLUDE_DIRECTORIES(${DAEMON_DEP_INCLUDE_DIRS})
+#
+#ADD_EXECUTABLE(${TARGET_DAEMON}
+# ${DAEMON_SOURCES})
+#
+#TARGET_LINK_LIBRARIES(${TARGET_DAEMON}
+# ${DAEMON_DEP_LIBRARIES}
+# ${TARGET_ACE_LIB}
+# ${TARGET_ACE_DAO_RW_LIB})
+#
+#INSTALL(TARGETS ${TARGET_DAEMON}
+# DESTINATION bin)
+#
+#INSTALL(FILES
+# ${PROJECT_SOURCE_DIR}/src/daemon/dbus/org.tizen.SecurityDaemon.service
+# DESTINATION /usr/share/dbus-1/services
+# )
+#
+#INSTALL(FILES
+# ${PROJECT_SOURCE_DIR}/src/services/ace/ace_server_api.h
+# ${PROJECT_SOURCE_DIR}/src/services/ocsp/ocsp_server_api.h
+# ${PROJECT_SOURCE_DIR}/src/services/popup/popup_response_server_api.h
+# ${PROJECT_SOURCE_DIR}/src/services/popup/popup_ace_data_types.h
+# ${PROJECT_SOURCE_DIR}/src/daemon/dbus/security_daemon_dbus_config.h
+# DESTINATION /usr/include/wrt-security
+# )
+#
+ADD_SUBDIRECTORY(security-srv)
static const std::string DAEMON_INSTANCE_UUID =
"5ebf3f24-dad6-4a27-88b4-df7970efe7a9";
-extern "C" void *security_server_main_thread(void *data);
-
int main(int argc, char* argv[])
{
-
- pthread_t main_thread;
-
- if (0 != pthread_create(&main_thread, NULL, security_server_main_thread, NULL)) {
- LogError("Cannot create security server thread");
- return -1;
- }
-
DPL::SingleInstance instance;
try {
if (!instance.TryLock(DAEMON_INSTANCE_UUID)) {
--- /dev/null
+PKG_CHECK_MODULES(SECURITY_SERVER_DEP
+ dlog
+ openssl
+ libsmack
+ REQUIRED
+ )
+
+SET(SECURITY_SERVER_PATH ${PROJECT_SOURCE_DIR}/src/security-srv)
+
+SET(SECURITY_SERVER_SOURCES
+ ${SECURITY_SERVER_PATH}/communication/security-server-comm.c
+ ${SECURITY_SERVER_PATH}/server/security-server-cookie.c
+ ${SECURITY_SERVER_PATH}/server/security-server-main.c
+ ${SECURITY_SERVER_PATH}/server/security-server-password.c
+ ${SECURITY_SERVER_PATH}/util/security-server-util-common.c
+ )
+
+SET_SOURCE_FILES_PROPERTIES(
+ ${SECURITY_SERVER_SOURCES}
+ PROPERTIES
+ COMPILE_FLAGS "-D_GNU_SOURCE -DSECURITY_SERVER_DEBUG_DLOG")
+
+INCLUDE_DIRECTORIES(
+ ${SECURITY_SERVER_PATH}/include
+ ${SECURITY_SERVER_DEP_INCLUDE_DIRS}
+ )
+
+ADD_EXECUTABLE(${TARGET_SECURITY_SERVER} ${SECURITY_SERVER_SOURCES})
+
+TARGET_LINK_LIBRARIES(${TARGET_SECURITY_SERVER}
+ ${SECURITY_SERVER_DEP_LIBRARIES}
+ )
+
+################################################################################
+
+SET(SECURITY_CLIENT_VERSION_MAJOR 1)
+SET(SECURITY_CLIENT_VERSION ${SECURITY_CLIENT_VERSION_MAJOR}.0.1)
+
+SET(SECURITY_CLIENT_SOURCES
+ ${SECURITY_SERVER_PATH}/client/security-server-client.c
+ ${SECURITY_SERVER_PATH}/communication/security-server-comm.c
+ )
+
+ADD_LIBRARY(${TARGET_SECURITY_CLIENT} SHARED ${SECURITY_CLIENT_SOURCES})
+
+SET_TARGET_PROPERTIES(
+ ${TARGET_SECURITY_CLIENT}
+ PROPERTIES
+ LINK_FLAGS "-module -avoid-version"
+ COMPILE_FLAGS "-D_GNU_SOURCE -DSECURITY_SERVER_DEBUG_DLOG -fPIC"
+ SOVERSION ${SECURITY_CLIENT_VERSION_MAJOR}
+ VERSION ${SECURITY_CLIENT_VERSION}
+ )
+
+TARGET_LINK_LIBRARIES(${TARGET_SECURITY_CLIENT}
+ ${SECURITY_SERVER_DEP_LIBRARIES}
+ )
+
+################################################################################
+
+INSTALL(TARGETS ${TARGET_SECURITY_CLIENT} DESTINATION lib)
+
+INSTALL(TARGETS ${TARGET_SECURITY_SERVER} DESTINATION bin)
+
+INSTALL(FILES
+ ${SECURITY_SERVER_PATH}/include/security-server.h
+ DESTINATION /usr/include/security-server
+ )
+
+INSTALL(FILES
+ ${SECURITY_SERVER_PATH}/mw-list
+ DESTINATION /usr/share/security-server
+ )
+
+INSTALL(FILES
+ ${SECURITY_SERVER_PATH}/security-serverd
+ DESTINATION /etc/rc.d/init.d
+ )
+
+################################################################################
+
+#CONFIGURE_FILE(security-server.pc.in security-server.pc @ONLY)
+#INSTALL
+
+################################################################################
+++ /dev/null
-SET(PREFIX ${CMAKE_INSTALL_PREFIX})
-SET(EXEC_PREFIX "\${prefix}")
-SET(LIBDIR "\${prefix}/lib")
-SET(INCLUDEDIR "\${prefix}/include")
-SET(VERSION_MAJOR 1)
-SET(VERSION ${VERSION_MAJOR}.0.1)
-
-#Verbose
-#SET(CMAKE_VERBOSE_MAKEFILE ON)
-
-INCLUDE_DIRECTORIES(${CMAKE_SOURCE_DIR}/include)
-
-INCLUDE(FindPkgConfig)
-pkg_check_modules(pkgs REQUIRED dlog openssl libsmack)
-
-FOREACH(flag ${pkgs_CFLAGS})
- SET(EXTRA_CFLAGS "${EXTRA_CFLAGS} ${flag}")
-ENDFOREACH(flag)
-
-SET(sec_svr_dir "./")
-SET(sec_svr_include_dir "./include")
-SET(sec_svr_src_dir "./src")
-SET(sec_svr_test_dir "./testcases")
-
-## Additional flag
-#SET(debug_type "-DSECURITY_SERVER_DEBUG_TO_CONSOLE")
-SET(debug_type "-DSECURITY_SERVER_DEBUG_DLOG")
-#SET(debug_type "")
-
-SET(EXTRA_CFLAGS "${EXTRA_CFLAGS} -fvisibility=hidden")
-SET(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} ${EXTRA_CFLAGS}")
-
-###################################################################################################
-## for libsecurity-server-client.so (library)
-SET(libsecurity-server-client_SOURCES ${sec_svr_src_dir}/client/security-server-client.c ${sec_svr_src_dir}/communication/security-server-comm.c)
-SET(libsecurity-server-client_LDFLAGS " -module -avoid-version")
-SET(libsecurity-server-client_CFLAGS " ${CFLAGS} -fPIC -I${sec_svr_include_dir} ${debug_type} -D_GNU_SOURCE ")
-#SET(libsecurity-server-client_LIBADD "")
-
-ADD_LIBRARY(security-server-client SHARED ${libsecurity-server-client_SOURCES})
-TARGET_LINK_LIBRARIES(security-server-client ${pkgs_LDFLAGS})
-SET_TARGET_PROPERTIES(security-server-client PROPERTIES SOVERSION ${VERSION_MAJOR})
-SET_TARGET_PROPERTIES(security-server-client PROPERTIES VERSION ${VERSION})
-SET_TARGET_PROPERTIES(security-server-client PROPERTIES COMPILE_FLAGS "${libsecurity-server-client_CFLAGS}")
-###################################################################################################
-
-###################################################################################################
-## for security-server (binary)
-SET(security-server_SOURCES ${sec_svr_src_dir}/server/security-server-main.c ${sec_svr_src_dir}/communication/security-server-comm.c ${sec_svr_src_dir}/server/security-server-cookie.c ${sec_svr_src_dir}/server/security-server-password.c ${sec_svr_src_dir}/util/security-server-util-common.c )
-SET(security-server_CFLAGS " -I/usr/include -I. -I${sec_svr_include_dir} ${debug_type} -D_GNU_SOURCE ")
-SET(security-server_LDFLAGS ${pkgs_LDFLAGS} -lpthread)
-
-ADD_EXECUTABLE(security-server ${security-server_SOURCES})
-TARGET_LINK_LIBRARIES(security-server ${pkgs_LDFLAGS})
-SET_TARGET_PROPERTIES(security-server PROPERTIES COMPILE_FLAGS "${security-server_CFLAGS}")
-####################################################################################################
-
-##FOR TEST METHOD ONLY. MUST BE DELETED ON RELEASE ############################################################
-## for security-server util (binary)
-SET(sec-svr-util_SOURCES ${sec_svr_src_dir}/util/security-server-util.c ${sec_svr_src_dir}/communication/security-server-comm.c ${sec_svr_src_dir}/util/security-server-util-common.c ${sec_svr_src_dir}/server/security-server-cookie.c)
-SET(sec-svr-util_CFLAGS " -I/usr/include -I. -I${sec_svr_include_dir} ${debug_type} -D_GNU_SOURCE ")
-SET(sec-svr-util_LDFLAGS ${pkgs_LDFLAGS})
-
-ADD_EXECUTABLE(sec-svr-util ${sec-svr-util_SOURCES})
-TARGET_LINK_LIBRARIES(sec-svr-util ${pkgs_LDFLAGS})
-SET_TARGET_PROPERTIES(sec-svr-util PROPERTIES COMPILE_FLAGS "${sec-svr-util_CFLAGS}")
-####################################################################################################
-
-CONFIGURE_FILE(security-server.pc.in security-server.pc @ONLY)
-
-INSTALL(TARGETS security-server-client DESTINATION lib)
-
-INSTALL(PROGRAMS ${CMAKE_BINARY_DIR}/security-server DESTINATION bin)
-INSTALL(PROGRAMS ${CMAKE_BINARY_DIR}/sec-svr-util DESTINATION bin)
-INSTALL(FILES ${CMAKE_CURRENT_BINARY_DIR}/security-server.pc DESTINATION lib/pkgconfig)
-INSTALL(FILES ${CMAKE_CURRENT_SOURCE_DIR}/include/security-server.h DESTINATION include/security-server)
-INSTALL(FILES ${CMAKE_CURRENT_SOURCE_DIR}/mw-list DESTINATION share/security-server)
-INSTALL(PROGRAMS ${CMAKE_CURRENT_SOURCE_DIR}/security-serverd DESTINATION /etc/rc.d/init.d)
# start secure-storage server
/usr/bin/security-server &
+set_pmon -p security-server
pthread_exit(NULL);
}
-/*
int main(int argc, char* argv[])
{
int res;
pthread_exit(NULL);
return 0;
}
-*/
+
+++ /dev/null
-ADD_SUBDIRECTORY(src)
\ No newline at end of file
+++ /dev/null
-/*
- * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file wrt_oscp_api.h
- * @author Zofia Abramowska (z.abramowska@samsung.com)
- * @version 1.0
- * @brief This is C api for WRT OCSP
- */
-#ifndef WRT_OCSP_API_H
-#define WRT_OCSP_API_H
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-typedef enum{
- WRT_OCSP_OK,
- WRT_OCSP_INVALID_ARGUMENTS,
- WRT_OCSP_INTERNAL_ERROR
-}wrt_ocsp_return_t;
-
-typedef int wrt_ocsp_widget_handle_t;
-typedef enum {
- //The certificate has not been revoked.
- WRT_OCSP_WIDGET_VERIFICATION_STATUS_GOOD,
-
- //The certificate has been revoked.
- WRT_OCSP_WIDGET_VERIFICATION_STATUS_REVOKED
-
-
-}wrt_ocsp_widget_verification_status_t;
-
-//-------------Initialization and shutdown-------------------
-/*
- * Establishes connection to security server. Must be called only once.
- * Returns WRT_OCSP_OK or error
- */
-wrt_ocsp_return_t wrt_ocsp_initialize(void);
-
-/*
- * Deinitializes internal structures. Must be called only once.
- * Returns WRT_OCSP_OK or error
- */
-
-wrt_ocsp_return_t wrt_ocsp_shutdown(void);
-
-//-------------Widget verification------------------------------
-/*
- * Requests verification for widget identified with 'handle'.
- * 'status holds server response.
- * Returns WRT_OCSP_OK or error
- */
-
-wrt_ocsp_return_t wrt_ocsp_verify_widget(wrt_ocsp_widget_handle_t handle,
- wrt_ocsp_widget_verification_status_t* status);
-
-
-#ifdef __cplusplus
-}
-#endif
-#endif //WRT_OCSP_API_H
+++ /dev/null
-include(FindPkgConfig)
-
-PKG_CHECK_MODULES(WRT_OCSP_DEPS
- dpl-efl
- dpl-dbus-efl
- REQUIRED
- )
-
-SET(WRT_OCSP_DIR
- ${PROJECT_SOURCE_DIR}/wrt_ocsp
- )
-
-SET(WRT_OCSP_SRC_DIR
- ${WRT_OCSP_DIR}/src
- )
-
-SET(WRT_OCSP_INCLUDE_DIR
- ${WRT_OCSP_DIR}/include
- )
-
-SET(WRT_OCSP_SOURCES
- ${COMMUNICATION_CLIENT_SOURCES}
- ${WRT_OCSP_SRC_DIR}/wrt_ocsp_api.cpp
- )
-
-SET(WRT_OCSP_INCLUDES
- ${WRT_OCSP_DEPS_INCLUDE_DIRS}
- ${WRT_OCSP_INCLUDE_DIR}
- ${COMMUNICATION_CLIENT_INCLUDES}
- ${PROJECT_SOURCE_DIR}/src/services/ocsp
- ${PROJECT_SOURCE_DIR}/src/services/ocsp/dbus/api
- ${PROJECT_SOURCE_DIR}/src/daemon/dbus
- )
-
-ADD_DEFINITIONS(${WRT_OCSP_DEPS_CFLAGS})
-ADD_DEFINITIONS(${WRT__CFLAGS_OTHER})
-
-INCLUDE_DIRECTORIES(${WRT_OCSP_INCLUDES})
-
-ADD_LIBRARY(${TARGET_WRT_OCSP_LIB} SHARED ${WRT_OCSP_SOURCES})
-
-SET_TARGET_PROPERTIES(${TARGET_WRT_OCSP_LIB} PROPERTIES
- SOVERSION ${API_VERSION}
- VERSION ${VERSION})
-
-SET_TARGET_PROPERTIES(${TARGET_WRT_OCSP_LIB} PROPERTIES
- COMPILE_FLAGS -fPIC)
-
-TARGET_LINK_LIBRARIES(${TARGET_WRT_OCSP_LIB}
- ${WRT_OCSP_DEPS_LIBRARIES}
- ${WRT_OCSP_DEPS_LDFLAGS}
- )
-
-INSTALL(TARGETS ${TARGET_WRT_OCSP_LIB}
- DESTINATION lib)
-
-INSTALL(FILES
- ${WRT_OCSP_INCLUDE_DIR}/wrt_ocsp_api.h
- DESTINATION include/wrt-ocsp
- )
+++ /dev/null
-/*
- * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/**
- * @file wrt_ocsp_api.cpp
- * @author Zofia Abramowska (z.abramowska@samsung.com)
- * @version 1.0
- * @brief This file contains implementation of WRT OCSP api
- */
-
-#include <dpl/log/log.h>
-#include <dpl/dbus/dbus_client.h>
-#include "ocsp_server_api.h"
-#include "SecurityCommunicationClient.h"
-
-#include "wrt_ocsp_api.h"
-
-static WrtSecurity::Communication::Client *communicationClient = NULL;
-
-wrt_ocsp_return_t wrt_ocsp_initialize(void){
- if (NULL != communicationClient) {
- LogError("wrt_ocsp_api already initialized");
- return WRT_OCSP_INTERNAL_ERROR;
- }
-
- Try {
- communicationClient = new WrtSecurity::Communication::Client(WrtSecurity::OcspServerApi::INTERFACE_NAME());
- } Catch (WrtSecurity::Communication::Client::Exception::SecurityCommunicationClientException) {
- LogError("Can't connect to daemon");
- return WRT_OCSP_INTERNAL_ERROR;
- }
- LogInfo("Initialized");
- return WRT_OCSP_OK;
-}
-
-wrt_ocsp_return_t wrt_ocsp_shutdown(void){
- if (NULL == communicationClient) {
- LogError("wrt_ocsp_api not initialized");
- return WRT_OCSP_INTERNAL_ERROR;
- }
- delete communicationClient;
- communicationClient = NULL;
- LogInfo("Shutdown");
- return WRT_OCSP_OK;
-}
-
-wrt_ocsp_return_t wrt_ocsp_verify_widget(wrt_ocsp_widget_handle_t handle,
- wrt_ocsp_widget_verification_status_t* status){
-
- LogInfo("Verifying");
- if (NULL == status) {
- LogError("Invalid arguments");
- return WRT_OCSP_INVALID_ARGUMENTS;
- }
- int intResponse;
-
- Try {
- communicationClient->call(WrtSecurity::OcspServerApi::CHECK_ACCESS_METHOD(),
- handle,
- &intResponse);
- } Catch (WrtSecurity::Communication::Client::Exception::SecurityCommunicationClientException) {
- LogError("Problem with connection to daemon");
- return WRT_OCSP_INTERNAL_ERROR;
- }
- (*status) = static_cast<wrt_ocsp_widget_verification_status_t>(intResponse);
- LogInfo("Widget verified with response " << intResponse);
- return WRT_OCSP_OK;
-}