replace : iotivity -> iotivity-sec

[platform/upstream/iotivity.git] / resource / csdk / security / src / policyengine.c

diff --git a/resource/csdk/security/src/policyengine.c b/resource/csdk/security/src/policyengine.c
index d5ba721..e38fc38 100644 (file)
--- a/resource/csdk/security/src/policyengine.c
+++ b/resource/csdk/security/src/policyengine.c
@@ -152,7 +152,7 @@ static bool IsRequestFromDevOwner(PEContext_t *context)
 }
 
 
-#ifdef _ENABLE_MULTIPLE_OWNER_
+#ifdef MULTIPLE_OWNER
 /**
  * Compare the request's subject to SubOwner.
  *
@@ -209,8 +209,8 @@ static bool IsValidRequestFromSubOwner(PEContext_t *context)
             }
             break;
         case OIC_R_PSTAT_TYPE:
-            //SubOwner has full permsion for PSTAT
-            isValidRequest = true;
+            //SubOwner has full permsion for PSTAT except RESET
+            isValidRequest = IsValidPstatAccessForSubOwner(context->payload, context->payloadSize);
             break;
         case OIC_R_CRED_TYPE:
             //SubOwner can only access the credential which is registered as the eowner.
@@ -237,7 +237,7 @@ static bool IsValidRequestFromSubOwner(PEContext_t *context)
 
     return isValidRequest;
 }
-#endif //_ENABLE_MULTIPLE_OWNER_
+#endif //MULTIPLE_OWNER
 
 
 // TODO - remove these function placeholders as they are implemented
@@ -262,13 +262,6 @@ OCStackResult GetSaclRownerId(OicUuid_t *rowner)
     return OC_STACK_ERROR;
 }
 
-OCStackResult GetSvcRownerId(OicUuid_t *rowner)
-{
-    OC_UNUSED(rowner);
-    rowner = NULL;
-    return OC_STACK_ERROR;
-}
-
 static GetSvrRownerId_t GetSvrRownerId[OIC_SEC_SVR_TYPE_COUNT] = {
     GetAclRownerId,
     GetAmaclRownerId,
@@ -279,7 +272,6 @@ static GetSvrRownerId_t GetSvrRownerId[OIC_SEC_SVR_TYPE_COUNT] = {
     GetPconfRownerId,
     GetPstatRownerId,
     GetSaclRownerId,
-    GetSvcRownerId
 };
 
 /**
@@ -494,6 +486,17 @@ static void ProcessAccessRequest(PEContext_t *context)
         // Start out assuming subject not found.
         context->retVal = ACCESS_DENIED_SUBJECT_NOT_FOUND;
 
+        char *strUuid = NULL;
+        if (OC_STACK_OK == ConvertUuidToStr(&context->subject, &strUuid))
+        {
+            OIC_LOG_V(DEBUG, TAG, "%s: subject : %s" ,__func__, strUuid);
+            OICFree(strUuid);
+        }
+        else
+        {
+            OIC_LOG(ERROR, TAG, "Can't convert subject uuid to string");
+        }
+
         // Loop through all ACLs with a matching Subject searching for the right
         // ACL for this request.
         do
@@ -587,7 +590,13 @@ SRMAccessResponse_t CheckPermission(PEContext_t     *context,
         {
             context->retVal = ACCESS_GRANTED;
         }
-#ifdef _ENABLE_MULTIPLE_OWNER_
+        // If not granted via DevOwner status and not a subowner,
+        // then check if request is for a SVR and coming from rowner
+        else if (IsRequestFromResourceOwner(context))
+        {
+            context->retVal = ACCESS_GRANTED;
+        }
+#ifdef MULTIPLE_OWNER
         //Then check if request from SubOwner
         else if(IsRequestFromSubOwner(context))
         {
@@ -596,13 +605,7 @@ SRMAccessResponse_t CheckPermission(PEContext_t     *context,
                 context->retVal = ACCESS_GRANTED;
             }
         }
-#endif //_ENABLE_MULTIPLE_OWNER_
-        // If not granted via DevOwner status and not a subowner,
-        // then check if request is for a SVR and coming from rowner
-        else if (IsRequestFromResourceOwner(context))
-        {
-            context->retVal = ACCESS_GRANTED;
-        }
+#endif //MULTIPLE_OWNER
         // Else request is a "normal" request that must be tested against ACL
         else
         {