implementation/security/src/security.cpp


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145

// Copyright (C) 2022 Bayerische Motoren Werke Aktiengesellschaft (BMW AG)
// This Source Code Form is subject to the terms of the Mozilla Public
// License, v. 2.0. If a copy of the MPL was not distributed with this
// file, You can obtain one at http://mozilla.org/MPL/2.0/.

#include "../include/security.hpp"
#include "../include/policy_manager_impl.hpp"
#include <vsomeip/internal/logger.hpp>
#ifdef ANDROID
#include "../../configuration/include/internal_android.hpp"
#else
#include "../../configuration/include/internal.hpp"
#endif
#include "../../plugin/include/plugin_manager.hpp"

#include <array>
#include <tuple>

#define VSOMEIP_SEC_SYMDEF(sym) symdef_t{\
    "vsomeip_sec_policy_"#sym, nullptr, reinterpret_cast<void**>(&sym) \
}

namespace vsomeip_v3 {
bool
security::load() {
    using symdef_t = std::tuple<const char*, void*, void**>;
    std::array<symdef_t, 5> symbol_table{
        VSOMEIP_SEC_SYMDEF(initialize),
        VSOMEIP_SEC_SYMDEF(authenticate_router),
        VSOMEIP_SEC_SYMDEF(is_client_allowed_to_offer),
        VSOMEIP_SEC_SYMDEF(is_client_allowed_to_request),
        VSOMEIP_SEC_SYMDEF(is_client_allowed_to_access_member)
    };

    if (auto manager = plugin_manager::get()) {
        if (auto lib = manager->load_library(VSOMEIP_SEC_LIBRARY)) {
            // First we load the symbols into the 2nd tuple element
            for (auto& symdef : symbol_table) {
                auto name = std::get<0>(symdef);
                auto& symbol = std::get<1>(symdef);
                if (!(symbol = manager->load_symbol(lib, name))) {
                    VSOMEIP_ERROR << __func__
                                  << ": security library misses "
                                  << std::quoted(name)
                                  << " function.";
                    manager->unload_library(lib);
                    return false;
                }
            }

            // Now that we have all symbols loaded,
            // assign the 2nd tuple element to the 3rd
            for (auto& symdef : symbol_table) {
                auto symbol = std::get<1>(symdef);
                auto& stub = std::get<2>(symdef);
                *stub = symbol;
            }

            // Symbol loading complete, success!
            return true;
        }
    }

    return false;
}

decltype(security::initialize)
security::initialize = security::default_initialize;

decltype(security::authenticate_router)
security::authenticate_router = security::default_authenticate_router;

decltype(security::is_client_allowed_to_offer)
security::is_client_allowed_to_offer = security::default_is_client_allowed_to_offer;

decltype(security::is_client_allowed_to_request)
security::is_client_allowed_to_request = security::default_is_client_allowed_to_request;

decltype(security::is_client_allowed_to_access_member)
security::is_client_allowed_to_access_member = security::default_is_client_allowed_to_access_member;

//
// Default interface implementation
//
vsomeip_sec_policy_result_t
security::default_initialize(void) {
    return VSOMEIP_SEC_POLICY_OK;
}

vsomeip_sec_acl_result_t
security::default_authenticate_router(
        const vsomeip_sec_client_t *_server) {
    if (_server && _server->client_type == VSOMEIP_CLIENT_TCP)
        return VSOMEIP_SEC_OK;

    if (policy_manager_impl::get()->check_routing_credentials(_server))
        return VSOMEIP_SEC_OK;
    else
        return VSOMEIP_SEC_PERM_DENIED;
}

vsomeip_sec_acl_result_t
security::default_is_client_allowed_to_offer(
        const vsomeip_sec_client_t *_client,
        vsomeip_sec_service_id_t _service,
        vsomeip_sec_instance_id_t _instance) {
    if (_client && _client->client_type == VSOMEIP_CLIENT_TCP)
        return VSOMEIP_SEC_OK;

    if (policy_manager_impl::get()->is_offer_allowed(_client, _service, _instance))
        return VSOMEIP_SEC_OK;
    else
        return VSOMEIP_SEC_PERM_DENIED;
}

vsomeip_sec_acl_result_t
security::default_is_client_allowed_to_request(
        const vsomeip_sec_client_t *_client,
        vsomeip_sec_service_id_t _service,
        vsomeip_sec_instance_id_t _instance) {
    if (_client && _client->client_type == VSOMEIP_CLIENT_TCP)
        return VSOMEIP_SEC_OK;

    if (policy_manager_impl::get()->is_client_allowed(_client, _service, _instance, 0x00, true))
        return VSOMEIP_SEC_OK;
    else
        return VSOMEIP_SEC_PERM_DENIED;
}

vsomeip_sec_acl_result_t
security::default_is_client_allowed_to_access_member(
        const vsomeip_sec_client_t *_client,
        vsomeip_sec_service_id_t _service,
        vsomeip_sec_instance_id_t _instance,
        vsomeip_sec_member_id_t _member) {
    if (_client && _client->client_type == VSOMEIP_CLIENT_TCP)
        return VSOMEIP_SEC_OK;

    if (policy_manager_impl::get()->is_client_allowed(_client, _service, _instance, _member, false))
        return VSOMEIP_SEC_OK;
    else
        return VSOMEIP_SEC_PERM_DENIED;
}

} // namespace vsomeip_v3