summaryrefslogtreecommitdiff
path: root/implementation/security/include/security_impl.hpp
blob: dfeea6bd9e208059e245241e61eaa95cfd4760ad (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114

// Copyright (C) 2019 Bayerische Motoren Werke Aktiengesellschaft (BMW AG)
// This Source Code Form is subject to the terms of the Mozilla Public
// License, v. 2.0. If a copy of the MPL was not distributed with this
// file, You can obtain one at http://mozilla.org/MPL/2.0/.

#ifndef VSOMEIP_V3_SECURITY_IMPL_HPP_
#define VSOMEIP_V3_SECURITY_IMPL_HPP_

#include <map>
#include <mutex>
#include <vector>

#include <boost/property_tree/ptree.hpp>

#include "../include/policy.hpp"
#include "../include/security.hpp"

namespace vsomeip_v3 {

class security_impl :
        public security {
public:
    static std::shared_ptr<security_impl> get();

    security_impl();

    void load(const configuration_element &_element);

    bool is_enabled() const;
    bool is_audit() const;

    bool check_credentials(client_t _client, uid_t _uid, gid_t _gid);
    bool check_routing_credentials(client_t _client, uint32_t _uid, uint32_t _gid) const;

    bool is_client_allowed(uint32_t _uid, uint32_t _gid, client_t _client,
            service_t _service, instance_t _instance, method_t _method,
            bool _is_request_service = false) const;
    bool is_offer_allowed(uint32_t _uid, uint32_t _gid, client_t _client,
            service_t _service, instance_t _instance) const;

    void update_security_policy(uint32_t _uid, uint32_t _gid, const std::shared_ptr<policy>& _policy);
    bool remove_security_policy(uint32_t _uid, uint32_t _gid);

    void add_security_credentials(uint32_t _uid, uint32_t _gid,
            const std::shared_ptr<policy>& _credentials_policy, client_t _client);

    bool is_remote_client_allowed() const;

    bool is_policy_update_allowed(uint32_t _uid, std::shared_ptr<policy> &_policy) const;

    bool is_policy_removal_allowed(uint32_t _uid) const;

    bool parse_policy(const byte_t* &_buffer, uint32_t &_buffer_size,
            uint32_t &_uid, uint32_t &_gid, const std::shared_ptr<policy> &_policy) const;

    bool get_uid_gid_to_client_mapping(std::pair<uint32_t, uint32_t> _uid_gid, std::set<client_t> &_clients);
    bool remove_client_to_uid_gid_mapping(client_t _client);

    bool get_client_to_uid_gid_mapping(client_t _client, std::pair<uint32_t, uint32_t> &_uid_gid);
    bool store_client_to_uid_gid_mapping(client_t _client, uint32_t _uid, uint32_t _gid);
    void store_uid_gid_to_client_mapping(uint32_t _uid, uint32_t _gid, client_t _client);

    void get_requester_policies(const std::shared_ptr<policy> _policy,
            std::set<std::shared_ptr<policy> > &_requesters) const;
    void get_clients(uid_t _uid, gid_t _gid, std::unordered_set<client_t> &_clients) const;

private:

    // Configuration
    void load_policies(const configuration_element &_element);
    void load_policy(const boost::property_tree::ptree &_tree);
    void load_policy_body(std::shared_ptr<policy> &_policy,
            const boost::property_tree::ptree::const_iterator &_tree);
    void load_credential(const boost::property_tree::ptree &_tree,
            boost::icl::interval_map<uid_t, boost::icl::interval_set<gid_t> > &_ids);
    bool load_routing_credentials(const configuration_element &_element);
    template<typename T_>
    void load_interval_set(const boost::property_tree::ptree &_tree,
            boost::icl::interval_set<T_> &_range, bool _exclude_margins = false);
    void load_security_update_whitelist(const configuration_element &_element);

private:
    client_t routing_client_;

    mutable std::mutex ids_mutex_;
    mutable std::mutex uid_to_clients_mutex_;

    std::vector<std::shared_ptr<policy> > any_client_policies_;

    mutable std::mutex  any_client_policies_mutex_;
    std::map<client_t, std::pair<uint32_t, uint32_t> > ids_;
    std::map<std::pair<uint32_t, uint32_t>, std::set<client_t> > uid_to_clients_;

    bool policy_enabled_;
    bool check_credentials_;
    bool check_routing_credentials_;
    bool allow_remote_clients_;
    bool check_whitelist_;

    mutable std::mutex service_interface_whitelist_mutex_;
    boost::icl::interval_set<service_t> service_interface_whitelist_;

    mutable std::mutex uid_whitelist_mutex_;
    boost::icl::interval_set<uint32_t> uid_whitelist_;

    mutable std::mutex routing_credentials_mutex_;
    std::pair<uint32_t, uint32_t> routing_credentials_;

    bool is_configured_;
};

} // namespace vsomeip_v3

#endif // VSOMEIP_V3_SECURITY_IMPL_HPP_
View Lorry Controller Status