1 files changed, 135 insertions, 5 deletions
diff --git a/implementation/security/src/security.cpp b/implementation/security/src/security.cpp
index 7c7b3f4..e9a6381 100644
--- a/implementation/security/src/security.cpp
+++ b/implementation/security/src/security.cpp
@@ -1,15 +1,145 @@
-// Copyright (C) 2019 Bayerische Motoren Werke Aktiengesellschaft (BMW AG)
+// Copyright (C) 2022 Bayerische Motoren Werke Aktiengesellschaft (BMW AG)
 // This Source Code Form is subject to the terms of the Mozilla Public
 // License, v. 2.0. If a copy of the MPL was not distributed with this
 // file, You can obtain one at http://mozilla.org/MPL/2.0/.
 
-#include "../include/security_impl.hpp"
+#include "../include/security.hpp"
+#include "../include/policy_manager_impl.hpp"
+#include <vsomeip/internal/logger.hpp>
+#ifdef ANDROID
+#include "../../configuration/include/internal_android.hpp"
+#else
+#include "../../configuration/include/internal.hpp"
+#endif
+#include "../../plugin/include/plugin_manager.hpp"
+
+#include <array>
+#include <tuple>
+
+#define VSOMEIP_SEC_SYMDEF(sym) symdef_t{\
+    "vsomeip_sec_policy_"#sym, nullptr, reinterpret_cast<void**>(&sym) \
+}
 
 namespace vsomeip_v3 {
+bool
+security::load() {
+    using symdef_t = std::tuple<const char*, void*, void**>;
+    std::array<symdef_t, 5> symbol_table{
+        VSOMEIP_SEC_SYMDEF(initialize),
+        VSOMEIP_SEC_SYMDEF(authenticate_router),
+        VSOMEIP_SEC_SYMDEF(is_client_allowed_to_offer),
+        VSOMEIP_SEC_SYMDEF(is_client_allowed_to_request),
+        VSOMEIP_SEC_SYMDEF(is_client_allowed_to_access_member)
+    };
+
+    if (auto manager = plugin_manager::get()) {
+        if (auto lib = manager->load_library(VSOMEIP_SEC_LIBRARY)) {
+            // First we load the symbols into the 2nd tuple element
+            for (auto& symdef : symbol_table) {
+                auto name = std::get<0>(symdef);
+                auto& symbol = std::get<1>(symdef);
+                if (!(symbol = manager->load_symbol(lib, name))) {
+                    VSOMEIP_ERROR << __func__
+                                  << ": security library misses "
+                                  << std::quoted(name)
+                                  << " function.";
+                    manager->unload_library(lib);
+                    return false;
+                }
+            }
+
+            // Now that we have all symbols loaded,
+            // assign the 2nd tuple element to the 3rd
+            for (auto& symdef : symbol_table) {
+                auto symbol = std::get<1>(symdef);
+                auto& stub = std::get<2>(symdef);
+                *stub = symbol;
+            }
+
+            // Symbol loading complete, success!
+            return true;
+        }
+    }
+
+    return false;
+}
+
+decltype(security::initialize)
+security::initialize = security::default_initialize;
+
+decltype(security::authenticate_router)
+security::authenticate_router = security::default_authenticate_router;
+
+decltype(security::is_client_allowed_to_offer)
+security::is_client_allowed_to_offer = security::default_is_client_allowed_to_offer;
+
+decltype(security::is_client_allowed_to_request)
+security::is_client_allowed_to_request = security::default_is_client_allowed_to_request;
+
+decltype(security::is_client_allowed_to_access_member)
+security::is_client_allowed_to_access_member = security::default_is_client_allowed_to_access_member;
+
+//
+// Default interface implementation
+//
+vsomeip_sec_policy_result_t
+security::default_initialize(void) {
+    return VSOMEIP_SEC_POLICY_OK;
+}
+
+vsomeip_sec_acl_result_t
+security::default_authenticate_router(
+        const vsomeip_sec_client_t *_server) {
+    if (_server && _server->client_type == VSOMEIP_CLIENT_TCP)
+        return VSOMEIP_SEC_OK;
+
+    if (policy_manager_impl::get()->check_routing_credentials(_server))
+        return VSOMEIP_SEC_OK;
+    else
+        return VSOMEIP_SEC_PERM_DENIED;
+}
+
+vsomeip_sec_acl_result_t
+security::default_is_client_allowed_to_offer(
+        const vsomeip_sec_client_t *_client,
+        vsomeip_sec_service_id_t _service,
+        vsomeip_sec_instance_id_t _instance) {
+    if (_client && _client->client_type == VSOMEIP_CLIENT_TCP)
+        return VSOMEIP_SEC_OK;
+
+    if (policy_manager_impl::get()->is_offer_allowed(_client, _service, _instance))
+        return VSOMEIP_SEC_OK;
+    else
+        return VSOMEIP_SEC_PERM_DENIED;
+}
+
+vsomeip_sec_acl_result_t
+security::default_is_client_allowed_to_request(
+        const vsomeip_sec_client_t *_client,
+        vsomeip_sec_service_id_t _service,
+        vsomeip_sec_instance_id_t _instance) {
+    if (_client && _client->client_type == VSOMEIP_CLIENT_TCP)
+        return VSOMEIP_SEC_OK;
+
+    if (policy_manager_impl::get()->is_client_allowed(_client, _service, _instance, 0x00, true))
+        return VSOMEIP_SEC_OK;
+    else
+        return VSOMEIP_SEC_PERM_DENIED;
+}
+
+vsomeip_sec_acl_result_t
+security::default_is_client_allowed_to_access_member(
+        const vsomeip_sec_client_t *_client,
+        vsomeip_sec_service_id_t _service,
+        vsomeip_sec_instance_id_t _instance,
+        vsomeip_sec_member_id_t _member) {
+    if (_client && _client->client_type == VSOMEIP_CLIENT_TCP)
+        return VSOMEIP_SEC_OK;
 
-std::shared_ptr<security>
-security::get() {
-    return security_impl::get();
+    if (policy_manager_impl::get()->is_client_allowed(_client, _service, _instance, _member, false))
+        return VSOMEIP_SEC_OK;
+    else
+        return VSOMEIP_SEC_PERM_DENIED;
 }
 
 } // namespace vsomeip_v3