projects / platform / core / security / suspicious-activity-monitor.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 89e67a2)
[SECARSP-267] Implement policy collector
authori.metelytsia <i.metelytsia@samsung.com>
Mon, 26 Mar 2018 15:14:47 +0000 (18:14 +0300)
committeri.metelytsia <i.metelytsia@samsung.com>
Mon, 26 Mar 2018 15:15:46 +0000 (18:15 +0300)
device-agent/daemon/dpm/indexed_property_policy.cpp patch | blob | history
device-agent/daemon/dpm/integer_property_policy.cpp patch | blob | history
device-agent/daemon/dpm/policy_enforce.cpp patch | blob | history
device-agent/daemon/dpm/policy_enforce.h patch | blob | history
device-agent/daemon/policyhandler.cpp patch | blob | history
device-agent/utest/test_policy.cpp patch | blob | history

diff --git a/device-agent/daemon/dpm/indexed_property_policy.cpp b/device-agent/daemon/dpm/indexed_property_policy.cpp
index b5289cd..405b448 100644 (file)
--- a/device-agent/daemon/dpm/indexed_property_policy.cpp
+++ b/device-agent/daemon/dpm/indexed_property_policy.cpp
@@ -68,11 +68,10 @@ int IndexedPropertyPolicy::getState(device_policy_manager_h hdpm, Json::Value& p
 
     std::string name = policy.get("name", "").asString();
     std::string key = policy.get("key", "").asString();
-    policy["supported"] = 0;
-    policy["value"] = 0;
 
     if(!m_getter) {
         LOG_E(TAG, "Getting policy [%s] state with key [%s] is not supported", name.c_str(), key.c_str());
+        policy["error"] = TIZEN_ERROR_NOT_SUPPORTED;
         return TIZEN_ERROR_NOT_SUPPORTED;
     }
 
@@ -80,15 +79,15 @@ int IndexedPropertyPolicy::getState(device_policy_manager_h hdpm, Json::Value& p
         int value = 0;
         if((res = m_getter(hdpm, key.c_str(), &value)) != TIZEN_ERROR_NONE) {
             LOG_E(TAG, "Getting policy [%s] state failed with error: %d", name.c_str(), res);
+            policy["error"] = res;
         }
         else {
             LOG_D(TAG, "Policy [%s] with key [%s] state [%d]", name.c_str(), key.c_str(), value);
-            policy["supported"] = 1;
             policy["value"] = value;
         }
     } catch (std::exception& e) {
         LOG_E(TAG, "Getting policy [%s] state failed with exception: %s", name.c_str(), e.what());
-        res = TIZEN_ERROR_UNKNOWN;
+        policy["error"] = (res = TIZEN_ERROR_UNKNOWN);
     }
 
     return res;
diff --git a/device-agent/daemon/dpm/integer_property_policy.cpp b/device-agent/daemon/dpm/integer_property_policy.cpp
index 103ca05..38d1efa 100644 (file)
--- a/device-agent/daemon/dpm/integer_property_policy.cpp
+++ b/device-agent/daemon/dpm/integer_property_policy.cpp
@@ -67,11 +67,10 @@ int IntegerPropertyPolicy::getState(device_policy_manager_h hdpm, Json::Value& p
     }
 
     std::string name = policy.get("name", "").asString();
-    policy["supported"] = 0;
-    policy["value"] = 0;
 
     if(!m_getter) {
         LOG_E(TAG, "Getting policy [%s] state is not supported", name.c_str());
+        policy["error"] = TIZEN_ERROR_NOT_SUPPORTED;
         return TIZEN_ERROR_NOT_SUPPORTED;
     }
 
@@ -79,15 +78,15 @@ int IntegerPropertyPolicy::getState(device_policy_manager_h hdpm, Json::Value& p
         int value = 0;
         if((res = m_getter(hdpm, &value)) != TIZEN_ERROR_NONE) {
             LOG_E(TAG, "Getting policy [%s] state failed with error: %d", name.c_str(), res);
+            policy["error"] = res;
         }
         else {
             LOG_D(TAG, "Policy [%s] state [%d]", name.c_str(), value);
-            policy["supported"] = 1;
             policy["value"] = value;
         }
     } catch (std::exception& e) {
         LOG_E(TAG, "Getting policy [%s] state failed with exception: %s", name.c_str(), e.what());
-        res = TIZEN_ERROR_UNKNOWN;
+        policy["error"] = (res = TIZEN_ERROR_UNKNOWN);
     }
 
     return res;
diff --git a/device-agent/daemon/dpm/policy_enforce.cpp b/device-agent/daemon/dpm/policy_enforce.cpp
index 00615c2..4d65320 100644 (file)
--- a/device-agent/daemon/dpm/policy_enforce.cpp
+++ b/device-agent/daemon/dpm/policy_enforce.cpp
@@ -33,8 +33,7 @@ public:
     {
         dpm_manager_destroy(m_handle);
     }
-    operator device_policy_manager_h () const
-    {
+    operator device_policy_manager_h () const {
         return m_handle;
     }
     operator bool () const {
@@ -87,11 +86,11 @@ void PolicyEnforce::registerPolicy(const std::string& policy_name, IPolicyPtr po
     m_policy_map[policy_name] = policy_applier;
 }
 
-PolicyEnforce::Result PolicyEnforce::parsePolicy(const std::string& jsonString)
+PolicyEnforce::Result PolicyEnforce::applyPolicy(const std::string& jsonString)
 {
     Result result = Result::SUCCESS;
 
-    LOG_D(TAG, "PolicyEnforce::parsePolicy");
+    LOG_D(TAG, "PolicyEnforce::applyPolicy");
 
     try {
         if (jsonString.empty()) {
@@ -118,8 +117,8 @@ PolicyEnforce::Result PolicyEnforce::parsePolicy(const std::string& jsonString)
         }
 
         DropPrivilege priv{this_user, dpm_user};
-        DpmHandle dpmh;
 
+        DpmHandle dpmh;
         if(!dpmh) {
             LOG_E(TAG, "DPM initialization error!");
             return Result::ERROR_DPM;
@@ -147,4 +146,57 @@ PolicyEnforce::Result PolicyEnforce::parsePolicy(const std::string& jsonString)
     return result;
 }
 
+PolicyEnforce::Result PolicyEnforce::getStates(Json::Value& policy)
+{
+    Result result = Result::SUCCESS;
+
+    LOG_D(TAG, "PolicyEnforce::getStates");
+
+    try {
+        if (policy.empty()) {
+            LOG_E(TAG, "Empty policy");
+            return Result::ERROR_PARSING;
+        }
+
+        if (policy["type"].asString() != "state-policy") {
+            LOG_E(TAG, "Invalid policy type");
+            return Result::ERROR_TYPE;
+        }
+
+        Json::Value& data = policy["data"];
+        if (data.empty()) {
+            LOG_E(TAG, "Empty policy data");
+            return Result::ERROR_DATA;
+        }
+
+        DropPrivilege priv{this_user, dpm_user};
+
+        DpmHandle dpmh;
+        if(!dpmh) {
+            LOG_E(TAG, "DPM initialization error!");
+            return Result::ERROR_DPM;
+        }
+
+        for (Json::Value& node : data) {
+            std::string name = node.get("name", "").asString();
+
+            PolicyMap::iterator it = m_policy_map.find(name);
+            if (it == m_policy_map.end()) {
+                LOG_E(TAG, "Policy \"%s\" not found", name.c_str());
+                continue;
+            }
+
+            IPolicy& applier = *(it->second);
+            if (applier.getState((device_policy_manager_h)dpmh, node) != TIZEN_ERROR_NONE) {
+                LOG_E(TAG, "Failed to get policy \"%s\" state", name.c_str());
+            }
+        }
+    } catch (std::exception& e) {
+        LOG_E(TAG, "Failed to get policy state, exception: %s", e.what());
+        result = Result::ERROR_UNKNOWN;
+    }
+
+    return result;
+}
+
 } //namespace dpm
diff --git a/device-agent/daemon/dpm/policy_enforce.h b/device-agent/daemon/dpm/policy_enforce.h
index 0331725..4dbe779 100644 (file)
--- a/device-agent/daemon/dpm/policy_enforce.h
+++ b/device-agent/daemon/dpm/policy_enforce.h
@@ -16,6 +16,7 @@
 #include <string>
 #include <map>
 #include <unistd.h>
+#include <jsoncpp/json/value.h>
 
 namespace dpm
 {
@@ -69,7 +70,14 @@ public:
      * @param policy [in] JSON string with policy configuration
      * @return Error code
      */
-    Result parsePolicy(const std::string& policy);
+    Result applyPolicy(const std::string& jsonString);
+
+    /**
+     * @brief Parse policy and receive policy states
+     * @param policy [in/out] JSON object with policy configuration
+     * @return Error code
+     */
+    Result getStates(Json::Value& policy);
 
 private:
     /**
diff --git a/device-agent/daemon/policyhandler.cpp b/device-agent/daemon/policyhandler.cpp
index 8fb156b..3e9597e 100644 (file)
--- a/device-agent/daemon/policyhandler.cpp
+++ b/device-agent/daemon/policyhandler.cpp
@@ -25,7 +25,7 @@ void PolicyHandler::accept(NetworkManager::Event& event)
         return;
     }
 
-    dpm::PolicyEnforce::Result result = dpm::PolicyEnforce::GetInstance().parsePolicy(event.getContent());
+    dpm::PolicyEnforce::Result result = dpm::PolicyEnforce::GetInstance().applyPolicy(event.getContent());
 
     if (dpm::PolicyEnforce::Result::SUCCESS == result) {
         event.confirm();
diff --git a/device-agent/utest/test_policy.cpp b/device-agent/utest/test_policy.cpp
index 2077289..0adb572 100644 (file)
--- a/device-agent/utest/test_policy.cpp
+++ b/device-agent/utest/test_policy.cpp
@@ -3,6 +3,7 @@
 
 #include <gmock/gmock.h>
 #include <jsoncpp/json/reader.h>
+#include <jsoncpp/json/writer.h>
 
 #include <dpm/device-policy-manager.h>
 #include <dpm/administration.h>
@@ -29,7 +30,8 @@ namespace
 const std::string EMPTY = "";
 const std::string INCORRECT_JSON{"qwerty"};
 const std::string INVALID_POLICY_TYPE = "{\"type\":\"qwerty\"}";
-const std::string EMPTY_POLICY_DATA = "{\"type\":\"policy\",\"data\":[]}";
+const std::string SETTER_EMPTY_POLICY_DATA = "{\"type\":\"policy\",\"data\":[]}";
+const std::string GETTER_EMPTY_POLICY_DATA = "{\"type\":\"state-policy\",\"data\":[]}";
 const std::string INT_POLICY_NAME = "bluetooth";
 const std::string INT_POLICY_EMPTY_VALUE = "{\"type\":\"policy\",\"data\":[{\"name\":\"" + INT_POLICY_NAME + "\"}]}";
 const std::string INT_POLICY_TEST = "{\"type\":\"policy\",\"data\":[{\"name\":\"" + INT_POLICY_NAME + "\",\"value\":1}]}";
@@ -37,16 +39,8 @@ const std::string IDX_POLICY_NAME = "messaging";
 const std::string IDX_POLICY_EMPTY_KEY = "{\"type\":\"policy\",\"data\":[{\"name\":\"" + IDX_POLICY_NAME + "\"}]}";
 const std::string IDX_POLICY_EMPTY_VALUE = "{\"type\":\"policy\",\"data\":[{\"name\":\"" + IDX_POLICY_NAME + "\",\"key\":\"sim_id\"}]}";
 const std::string IDX_POLICY_TEST = "{\"type\":\"policy\",\"data\":[{\"name\":\"" + IDX_POLICY_NAME + "\",\"key\":\"sim_id\",\"value\":1}]}";
-}
-
-TEST(TestPolicy, policy_enforce)
-{
-    auto& pe = dpm::PolicyEnforce::GetInstance();
-
-    EXPECT_EQ(dpm::PolicyEnforce::Result::ERROR_PARSING, pe.parsePolicy(EMPTY));
-    EXPECT_EQ(dpm::PolicyEnforce::Result::ERROR_PARSING, pe.parsePolicy(INCORRECT_JSON));
-    EXPECT_EQ(dpm::PolicyEnforce::Result::ERROR_TYPE, pe.parsePolicy(INVALID_POLICY_TYPE));
-    EXPECT_EQ(dpm::PolicyEnforce::Result::ERROR_DATA, pe.parsePolicy(EMPTY_POLICY_DATA));
+const std::string SETTER_POLICY_TEST = "{\"type\":\"policy\",\"data\":[{\"name\":\"" + INT_POLICY_NAME + "\",\"value\":1},{\"name\":\"" + IDX_POLICY_NAME + "\",\"key\":\"sim_id\",\"value\":1}]}";
+const std::string GETTER_POLICY_TEST = "{\"type\":\"state-policy\",\"data\":[{\"name\":\"" + INT_POLICY_NAME + "\"},{\"name\":\"" + IDX_POLICY_NAME + "\",\"key\":\"sim_id\"}]}";
 }
 
 TEST(TestPolicy, integer_property_policy_setter_incorrect)
@@ -60,7 +54,7 @@ TEST(TestPolicy, integer_property_policy_setter_incorrect)
     EXPECT_CALL(dpmm, dpm_restriction_set_bluetooth_mode_change_state(Eq(1))).Times(0);
     EXPECT_CALL(dpmm, dpm_manager_destroy()).Times(1);
 
-    EXPECT_EQ(dpm::PolicyEnforce::Result::SUCCESS, pe.parsePolicy(INT_POLICY_EMPTY_VALUE));
+    EXPECT_EQ(dpm::PolicyEnforce::Result::SUCCESS, pe.applyPolicy(INT_POLICY_EMPTY_VALUE));
 }
 
 TEST(TestPolicy, integer_property_policy_setter_correct)
@@ -74,7 +68,7 @@ TEST(TestPolicy, integer_property_policy_setter_correct)
     EXPECT_CALL(dpmm, dpm_restriction_set_bluetooth_mode_change_state(Eq(1))).WillOnce(Return(0));
     EXPECT_CALL(dpmm, dpm_manager_destroy()).Times(1);
 
-    EXPECT_EQ(dpm::PolicyEnforce::Result::SUCCESS, pe.parsePolicy(INT_POLICY_TEST));
+    EXPECT_EQ(dpm::PolicyEnforce::Result::SUCCESS, pe.applyPolicy(INT_POLICY_TEST));
 }
 
 TEST(TestPolicy, integer_property_policy_getter_incorrect)
@@ -88,6 +82,7 @@ TEST(TestPolicy, integer_property_policy_getter_incorrect)
     EXPECT_EQ(TIZEN_ERROR_INVALID_PARAMETER, ipp.getState(dpmh, policy));
     policy["name"] = INT_POLICY_NAME;
     EXPECT_EQ(TIZEN_ERROR_NOT_SUPPORTED, ipp.getState(dpmh, policy));
+    EXPECT_EQ(TIZEN_ERROR_NOT_SUPPORTED, policy.get("error", 0).asInt());
 
     dpm_manager_destroy(dpmh);
 }
@@ -102,7 +97,6 @@ TEST(TestPolicy, integer_property_policy_getter_correct)
     Json::Value policy;
     policy["name"] = INT_POLICY_NAME;
     EXPECT_EQ(TIZEN_ERROR_NONE, ipp.getState(dpmh, policy));
-    EXPECT_EQ(1, policy.get("supported", 0).asInt());
     EXPECT_EQ(1, policy.get("value", 0).asInt());
 
     dpm_manager_destroy(dpmh);
@@ -119,8 +113,8 @@ TEST(TestPolicy, indexed_property_policy_setter_incorrect)
     EXPECT_CALL(dpmm, dpm_restriction_set_messaging_state(StrEq("sim_id"),Eq(1))).Times(0);
     EXPECT_CALL(dpmm, dpm_manager_destroy()).Times(2);
 
-    EXPECT_EQ(dpm::PolicyEnforce::Result::SUCCESS, pe.parsePolicy(IDX_POLICY_EMPTY_KEY));
-    EXPECT_EQ(dpm::PolicyEnforce::Result::SUCCESS, pe.parsePolicy(IDX_POLICY_EMPTY_VALUE));
+    EXPECT_EQ(dpm::PolicyEnforce::Result::SUCCESS, pe.applyPolicy(IDX_POLICY_EMPTY_KEY));
+    EXPECT_EQ(dpm::PolicyEnforce::Result::SUCCESS, pe.applyPolicy(IDX_POLICY_EMPTY_VALUE));
 }
 
 TEST(TestPolicy, indexed_property_policy_setter_correct)
@@ -134,7 +128,7 @@ TEST(TestPolicy, indexed_property_policy_setter_correct)
     EXPECT_CALL(dpmm, dpm_restriction_set_messaging_state(StrEq("sim_id"),Eq(1))).WillOnce(Return(0));
     EXPECT_CALL(dpmm, dpm_manager_destroy()).Times(1);
 
-    EXPECT_EQ(dpm::PolicyEnforce::Result::SUCCESS, pe.parsePolicy(IDX_POLICY_TEST));
+    EXPECT_EQ(dpm::PolicyEnforce::Result::SUCCESS, pe.applyPolicy(IDX_POLICY_TEST));
 }
 
 TEST(TestPolicy, indexed_property_policy_getter_incorrect)
@@ -150,6 +144,7 @@ TEST(TestPolicy, indexed_property_policy_getter_incorrect)
     EXPECT_EQ(TIZEN_ERROR_INVALID_PARAMETER, ipp.getState(dpmh, policy));
     policy["key"] = "sim_id";
     EXPECT_EQ(TIZEN_ERROR_NOT_SUPPORTED, ipp.getState(dpmh, policy));
+    EXPECT_EQ(TIZEN_ERROR_NOT_SUPPORTED, policy.get("error", 0).asInt());
 
     dpm_manager_destroy(dpmh);
 }
@@ -165,8 +160,77 @@ TEST(TestPolicy, indexed_property_policy_getter_correct)
     policy["name"] = IDX_POLICY_NAME;
     policy["key"] = "sim_id";
     EXPECT_EQ(TIZEN_ERROR_NONE, ipp.getState(dpmh, policy));
-    EXPECT_EQ(1, policy.get("supported", 0).asInt());
     EXPECT_EQ(1, policy.get("value", 0).asInt());
 
     dpm_manager_destroy(dpmh);
 }
+
+TEST(TestPolicy, policy_enforce_setter_incorrect)
+{
+    auto& pe = dpm::PolicyEnforce::GetInstance();
+
+    EXPECT_EQ(dpm::PolicyEnforce::Result::ERROR_PARSING, pe.applyPolicy(EMPTY));
+    EXPECT_EQ(dpm::PolicyEnforce::Result::ERROR_PARSING, pe.applyPolicy(INCORRECT_JSON));
+    EXPECT_EQ(dpm::PolicyEnforce::Result::ERROR_TYPE, pe.applyPolicy(INVALID_POLICY_TYPE));
+    EXPECT_EQ(dpm::PolicyEnforce::Result::ERROR_DATA, pe.applyPolicy(SETTER_EMPTY_POLICY_DATA));
+}
+
+TEST(TestPolicy, policy_enforce_setter_correct)
+{
+    DPMMock dpmm;
+
+    auto& pe = dpm::PolicyEnforce::GetInstance();
+    dpm::IntegerPropertyPolicy intpp(pe, INT_POLICY_NAME, dpm_restriction_set_bluetooth_mode_change_state);
+    dpm::IndexedPropertyPolicy idxpp(pe, IDX_POLICY_NAME, dpm_restriction_set_messaging_state);
+
+    EXPECT_CALL(dpmm, dpm_manager_create()).WillOnce(Return(&dpmm));
+    EXPECT_CALL(dpmm, dpm_restriction_set_bluetooth_mode_change_state(Eq(1))).WillOnce(Return(0));
+    EXPECT_CALL(dpmm, dpm_restriction_set_messaging_state(StrEq("sim_id"),Eq(1))).WillOnce(Return(0));
+    EXPECT_CALL(dpmm, dpm_manager_destroy()).Times(1);
+
+    EXPECT_EQ(dpm::PolicyEnforce::Result::SUCCESS, pe.applyPolicy(SETTER_POLICY_TEST));
+}
+
+TEST(TestPolicy, policy_enforce_getter_incorrect)
+{
+    auto& pe = dpm::PolicyEnforce::GetInstance();
+
+    Json::Reader reader;
+
+    Json::Value empty;
+    reader.parse(EMPTY, empty);
+    EXPECT_EQ(dpm::PolicyEnforce::Result::ERROR_PARSING, pe.getStates(empty));
+
+    Json::Value invalid_policy_type;
+    reader.parse(INVALID_POLICY_TYPE, invalid_policy_type);
+    EXPECT_EQ(dpm::PolicyEnforce::Result::ERROR_TYPE, pe.getStates(invalid_policy_type));
+
+    Json::Value empty_policy_data;
+    reader.parse(GETTER_EMPTY_POLICY_DATA, empty_policy_data);
+    EXPECT_EQ(dpm::PolicyEnforce::Result::ERROR_DATA, pe.getStates(empty_policy_data));
+}
+
+TEST(TestPolicy, policy_enforce_getter_correct)
+{
+    DPMMock dpmm;
+
+    auto& pe = dpm::PolicyEnforce::GetInstance();
+    dpm::IntegerPropertyPolicy intpp(pe, INT_POLICY_NAME, dpm_restriction_set_bluetooth_mode_change_state, dpm_restriction_get_bluetooth_mode_change_state);
+    dpm::IndexedPropertyPolicy idxpp(pe, IDX_POLICY_NAME, dpm_restriction_set_messaging_state, dpm_restriction_get_messaging_state);
+
+    EXPECT_CALL(dpmm, dpm_manager_create()).WillOnce(Return(&dpmm));
+    EXPECT_CALL(dpmm, dpm_restriction_get_bluetooth_mode_change_state(_)).WillOnce(Return(0));
+    EXPECT_CALL(dpmm, dpm_restriction_get_messaging_state(_,_)).WillOnce(Return(0));
+    EXPECT_CALL(dpmm, dpm_manager_destroy()).Times(1);
+
+    Json::Reader reader;
+    Json::Value policy;
+    reader.parse(GETTER_POLICY_TEST, policy);
+    EXPECT_EQ(dpm::PolicyEnforce::Result::SUCCESS, pe.getStates(policy));
+
+//    Json::Value& data = policy["data"];
+//    EXPECT_FALSE(data.empty());
+//    for (Json::Value& node : data) {
+//        EXPECT_EQ(1, node.get("value", 0).asInt());
+//    }
+}
Domain: Security / Device Policy;