diff options
Diffstat (limited to 'src/components/application_manager/src/rpc_service_impl.cc')
-rw-r--r-- | src/components/application_manager/src/rpc_service_impl.cc | 93 |
1 files changed, 88 insertions, 5 deletions
diff --git a/src/components/application_manager/src/rpc_service_impl.cc b/src/components/application_manager/src/rpc_service_impl.cc index c7d1bde288..cfd5335a42 100644 --- a/src/components/application_manager/src/rpc_service_impl.cc +++ b/src/components/application_manager/src/rpc_service_impl.cc @@ -31,6 +31,7 @@ */ #include "application_manager/rpc_service_impl.h" +#include "application_manager/rpc_protection_manager_impl.h" #include "application_manager/app_service_manager.h" #include "application_manager/plugin_manager/plugin_keys.h" @@ -48,11 +49,13 @@ RPCServiceImpl::RPCServiceImpl( request_controller::RequestController& request_ctrl, protocol_handler::ProtocolHandler* protocol_handler, hmi_message_handler::HMIMessageHandler* hmi_handler, - CommandHolder& commands_holder) + CommandHolder& commands_holder, + RPCProtectionManagerSPtr rpc_protection_manager) : app_manager_(app_manager) , request_ctrl_(request_ctrl) , protocol_handler_(protocol_handler) , hmi_handler_(hmi_handler) + , rpc_protection_manager_(rpc_protection_manager) , commands_holder_(commands_holder) , messages_to_mobile_("AM ToMobile", this) , messages_to_hmi_("AM ToHMI", this) @@ -61,6 +64,44 @@ RPCServiceImpl::RPCServiceImpl( RPCServiceImpl::~RPCServiceImpl() {} +EncryptionFlagCheckResult RPCServiceImpl::IsEncryptionRequired( + const smart_objects::SmartObject& message, + std::shared_ptr<Application> app, + const bool is_rpc_service_secure) const { + LOG4CXX_AUTO_TRACE(logger_); + const auto function_id = + message[strings::params][strings::function_id].asUInt(); + const auto correlation_id = + message[strings::params][strings::correlation_id].asUInt(); + + const auto message_type = + message[strings::params][strings::message_type].asUInt(); + const bool policy_encryption_flag = + rpc_protection_manager_->CheckPolicyEncryptionFlag( + function_id, app, is_rpc_service_secure); + if (MessageType::kRequest == message_type) { + const bool message_protected = + message[strings::params][strings::protection].asBool(); + + if (!message_protected) { + return policy_encryption_flag + ? EncryptionFlagCheckResult::kError_EncryptionNeeded + : EncryptionFlagCheckResult::kSuccess_NotProtected; + } + + // request is encrypted, so we need to encrypt response regardless of + // policy flag + const auto connection_key = + message[strings::params][strings::connection_key].asUInt(); + rpc_protection_manager_->AddToEncryptionNeededCache(connection_key, + correlation_id); + return EncryptionFlagCheckResult::kSuccess_Protected; + } + return policy_encryption_flag + ? EncryptionFlagCheckResult::kSuccess_Protected + : EncryptionFlagCheckResult::kSuccess_NotProtected; +} + bool RPCServiceImpl::ManageMobileCommand( const commands::MessageSharedPtr message, commands::Command::CommandSource source) { @@ -119,6 +160,19 @@ bool RPCServiceImpl::ManageMobileCommand( SendMessageToMobile(response); return false; } + if (EncryptionFlagCheckResult::kError_EncryptionNeeded == + IsEncryptionRequired( + *message, + app, + protocol_handler_->IsRPCServiceSecure(connection_key))) { + const auto response = MessageHelper::CreateNegativeResponse( + connection_key, + function_id, + correlation_id, + static_cast<int32_t>(mobile_apis::Result::ENCRYPTION_NEEDED)); + SendMessageToMobile(response); + return false; + } // Message for "CheckPermission" must be with attached schema mobile_so_factory().attachSchema(*message, false); @@ -340,6 +394,7 @@ void RPCServiceImpl::Handle(const impl::MessageToHmi message) { } void RPCServiceImpl::Handle(const impl::MessageToMobile message) { + LOG4CXX_AUTO_TRACE(logger_); if (!protocol_handler_) { LOG4CXX_WARN(logger_, "Protocol Handler is not set; cannot send message to mobile."); @@ -364,7 +419,32 @@ void RPCServiceImpl::Handle(const impl::MessageToMobile message) { } } - protocol_handler_->SendMessageToMobileApp(rawMessage, is_final); + const auto correlation_id = message->correlation_id(); + const auto app_id = message->connection_key(); + + const bool is_service_secure = + protocol_handler_->IsRPCServiceSecure(message->connection_key()); + + const bool needs_encryption = + MessageType::kNotification == message->type() + ? rpc_protection_manager_->CheckPolicyEncryptionFlag( + message->function_id(), + app_manager_.application(app_id), + is_service_secure) + : rpc_protection_manager_->IsInEncryptionNeededCache(app_id, + correlation_id); + + if (needs_encryption && !is_service_secure) { + LOG4CXX_WARN(logger_, + "Unable to send rpc that requires encryption without secure " + "rpc service"); + return; + }; + + protocol_handler_->SendMessageToMobileApp( + rawMessage, needs_encryption, is_final); + rpc_protection_manager_->RemoveFromEncryptionNeededCache(app_id, + correlation_id); LOG4CXX_INFO(logger_, "Message for mobile given away"); if (close_session) { @@ -454,6 +534,8 @@ void RPCServiceImpl::SendMessageToMobile( LOG4CXX_WARN(logger_, "Can't send msg to Mobile: failed to create string"); return; } + const auto api_function_id = static_cast<mobile_apis::FunctionID::eType>( + (*message)[strings::params][strings::function_id].asUInt()); smart_objects::SmartObject& msg_to_mobile = *message; // If correlation_id is not present, it is from-HMI message which should be @@ -485,19 +567,20 @@ void RPCServiceImpl::SendMessageToMobile( } } const std::string string_functionID = - MessageHelper::StringifiedFunctionID(function_id); + MessageHelper::StringifiedFunctionID(api_function_id); const mobile_apis::Result::eType check_result = app_manager_.CheckPolicyPermissions( app, window_id, string_functionID, params); if (mobile_apis::Result::SUCCESS != check_result) { LOG4CXX_WARN(logger_, - "Function \"" << string_functionID << "\" (#" << function_id + "Function \"" << string_functionID << "\" (#" + << api_function_id << ") not allowed by policy"); return; } #ifdef EXTERNAL_PROPRIETARY_MODE - if (function_id == mobile_apis::FunctionID::OnSystemRequestID) { + if (api_function_id == mobile_apis::FunctionID::OnSystemRequestID) { mobile_apis::RequestType::eType request_type = static_cast<mobile_apis::RequestType::eType>( (*message)[strings::msg_params][strings::request_type].asUInt()); |