summaryrefslogtreecommitdiff
path: root/src/components/policy/policy_regular/src/policy_helper.cc
diff options
context:
space:
mode:
Diffstat (limited to 'src/components/policy/policy_regular/src/policy_helper.cc')
-rw-r--r--src/components/policy/policy_regular/src/policy_helper.cc193
1 files changed, 178 insertions, 15 deletions
diff --git a/src/components/policy/policy_regular/src/policy_helper.cc b/src/components/policy/policy_regular/src/policy_helper.cc
index 26e4984e6d..7ebb66bf2b 100644
--- a/src/components/policy/policy_regular/src/policy_helper.cc
+++ b/src/components/policy/policy_regular/src/policy_helper.cc
@@ -1,4 +1,4 @@
-/*
+/*
Copyright (c) 2013, Ford Motor Company
All rights reserved.
@@ -122,8 +122,12 @@ bool operator!=(const policy_table::ApplicationParams& first,
CheckAppPolicy::CheckAppPolicy(
PolicyManagerImpl* pm,
const std::shared_ptr<policy_table::Table> update,
- const std::shared_ptr<policy_table::Table> snapshot)
- : pm_(pm), update_(update), snapshot_(snapshot) {}
+ const std::shared_ptr<policy_table::Table> snapshot,
+ CheckAppPolicyResults& out_results)
+ : pm_(pm)
+ , update_(update)
+ , snapshot_(snapshot)
+ , out_results_(out_results) {}
bool policy::CheckAppPolicy::HasRevokedGroups(
const policy::AppPoliciesValueType& app_policy,
@@ -332,6 +336,13 @@ bool CheckAppPolicy::NicknamesMatch(
return true;
}
+void CheckAppPolicy::AddResult(const std::string& app_id,
+ PermissionsCheckResult result) {
+ LOG4CXX_AUTO_TRACE(logger_);
+ const auto item = std::make_pair(app_id, result);
+ out_results_.insert(item);
+}
+
bool CheckAppPolicy::operator()(const AppPoliciesValueType& app_policy) {
const std::string app_id = app_policy.first;
@@ -343,13 +354,13 @@ bool CheckAppPolicy::operator()(const AppPoliciesValueType& app_policy) {
if (!IsPredefinedApp(app_policy) && IsAppRevoked(app_policy)) {
SetPendingPermissions(app_policy, RESULT_APP_REVOKED);
- NotifySystem(app_policy);
+ AddResult(app_id, RESULT_APP_REVOKED);
return true;
}
if (!IsPredefinedApp(app_policy) && !NicknamesMatch(app_policy)) {
SetPendingPermissions(app_policy, RESULT_NICKNAME_MISMATCH);
- NotifySystem(app_policy);
+ AddResult(app_id, RESULT_NICKNAME_MISMATCH);
return true;
}
@@ -360,19 +371,18 @@ bool CheckAppPolicy::operator()(const AppPoliciesValueType& app_policy) {
if (is_request_type_changed) {
SetPendingPermissions(app_policy, RESULT_REQUEST_TYPE_CHANGED);
+ AddResult(app_id, RESULT_REQUEST_TYPE_CHANGED);
}
if (is_request_subtype_changed) {
SetPendingPermissions(app_policy, RESULT_REQUEST_SUBTYPE_CHANGED);
- }
-
- if (is_request_type_changed || is_request_subtype_changed) {
- NotifySystem(app_policy);
+ AddResult(app_id, RESULT_REQUEST_SUBTYPE_CHANGED);
}
}
if (RESULT_NO_CHANGES == result) {
LOG4CXX_INFO(
logger_,
"Permissions for application:" << app_id << " wasn't changed.");
+ AddResult(app_id, RESULT_NO_CHANGES);
return true;
}
@@ -381,27 +391,31 @@ bool CheckAppPolicy::operator()(const AppPoliciesValueType& app_policy) {
"Permissions for application:" << app_id << " have been changed.");
if (IsPredefinedApp(app_policy)) {
+ LOG4CXX_DEBUG(logger_, "app id: " << app_id << " is predefined app");
for (const policy_table::ApplicationPolicies::value_type& app :
snapshot_->policy_table.app_policies_section.apps) {
if (app_policy.first == app.second.get_string()) {
if (RESULT_CONSENT_NOT_REQIURED != result) {
SetPendingPermissions(app, result);
- NotifySystem(app);
+ AddResult(app_id, RESULT_CONSENT_NEEDED);
}
- SendPermissionsToApp(app.first, app_policy.second.groups);
+ LOG4CXX_DEBUG(logger_, "Sending permissions for app: " << app_id);
}
}
return true;
}
if (!IsPredefinedApp(app_policy) && RESULT_CONSENT_NOT_REQIURED != result) {
+ LOG4CXX_DEBUG(logger_, "Sending permissions for app: " << app_id);
SetPendingPermissions(app_policy, result);
- NotifySystem(app_policy);
+ AddResult(app_id, RESULT_CONSENT_NEEDED);
}
// Don't sent notification for predefined apps (e.g. default, device etc.)
if (!IsPredefinedApp(app_policy)) {
- SendPermissionsToApp(app_policy.first, app_policy.second.groups);
+ LOG4CXX_DEBUG(logger_, "Sending permissions for app: " << app_id);
+ SetPendingPermissions(app_policy, result);
+ AddResult(app_id, result);
}
return true;
}
@@ -460,8 +474,7 @@ void policy::CheckAppPolicy::SetPendingPermissions(
pm_->app_permissions_diff_lock_.Release();
}
-policy::CheckAppPolicy::PermissionsCheckResult
-policy::CheckAppPolicy::CheckPermissionsChanges(
+policy::PermissionsCheckResult policy::CheckAppPolicy::CheckPermissionsChanges(
const policy::AppPoliciesValueType& app_policy) const {
bool has_revoked_groups = HasRevokedGroups(app_policy);
@@ -469,6 +482,9 @@ policy::CheckAppPolicy::CheckPermissionsChanges(
bool has_new_groups = HasNewGroups(app_policy);
+ const bool encryption_required_flag_changed =
+ IsEncryptionRequiredFlagChanged(app_policy);
+
if (has_revoked_groups && has_consent_needed_groups) {
return RESULT_PERMISSIONS_REVOKED_AND_CONSENT_NEEDED;
} else if (has_revoked_groups) {
@@ -477,6 +493,8 @@ policy::CheckAppPolicy::CheckPermissionsChanges(
return RESULT_CONSENT_NEEDED;
} else if (has_new_groups) {
return RESULT_CONSENT_NOT_REQIURED;
+ } else if (encryption_required_flag_changed) {
+ return RESULT_ENCRYPTION_REQUIRED_FLAG_CHANGED;
}
return RESULT_NO_CHANGES;
@@ -545,6 +563,130 @@ bool CheckAppPolicy::IsRequestSubTypeChanged(
return diff.size();
}
+bool CheckAppPolicy::IsEncryptionRequiredFlagChanged(
+ const AppPoliciesValueType& app_policy) const {
+ auto get_app_encryption_needed =
+ [](const std::string& policy_app_id,
+ policy_table::ApplicationPolicies& policies)
+ -> rpc::Optional<rpc::Boolean> {
+ auto it = policies.find(policy_app_id);
+ if (policies.end() == it) {
+ LOG4CXX_WARN(logger_, "App is not present in policies" << policy_app_id);
+ return rpc::Optional<rpc::Boolean>(false);
+ }
+ return it->second.encryption_required;
+ };
+
+ auto get_app_groups =
+ [](const std::string& policy_app_id,
+ policy_table::ApplicationPolicies& policies) -> policy_table::Strings {
+ policy_table::Strings result;
+ auto it = policies.find(policy_app_id);
+ if (policies.end() == it) {
+ LOG4CXX_WARN(logger_, "App is not present in policies" << policy_app_id);
+ return result;
+ }
+ auto& groups = it->second.groups;
+ std::copy(groups.begin(), groups.end(), std::back_inserter(result));
+ return result;
+ };
+
+ auto get_app_rpcs = [](const std::string group_name,
+ const FunctionalGroupings& groups)
+ -> rpc::Optional<policy_table::Rpcs> {
+ auto it = groups.find(group_name);
+ if (it == groups.end()) {
+ return rpc::Optional<policy_table::Rpcs>();
+ }
+ return rpc::Optional<policy_table::Rpcs>(it->second);
+ };
+
+ const auto snapshot_groups = get_app_groups(
+ app_policy.first, snapshot_->policy_table.app_policies_section.apps);
+ const auto update_groups = get_app_groups(
+ app_policy.first, update_->policy_table.app_policies_section.apps);
+
+ auto get_resulting_encryption_required_flag_for_app_groups =
+ [this, &get_app_rpcs](
+ const rpc::policy_table_interface_base::Strings& app_groups,
+ const std::shared_ptr<rpc::policy_table_interface_base::Table> pt) {
+ for (const auto& group : app_groups) {
+ const auto rpcs =
+ get_app_rpcs(group, pt->policy_table.functional_groupings);
+ if (*rpcs->encryption_required) {
+ return true;
+ }
+ }
+
+ return false;
+ };
+
+ auto group_res_en_flag_changed =
+ [this, &get_resulting_encryption_required_flag_for_app_groups](
+ const rpc::policy_table_interface_base::Strings& snapshot_groups,
+ const rpc::policy_table_interface_base::Strings& update_groups) {
+ return get_resulting_encryption_required_flag_for_app_groups(
+ snapshot_groups, snapshot_) !=
+ get_resulting_encryption_required_flag_for_app_groups(
+ update_groups, update_);
+ };
+
+ const auto snapshot_app_encryption_needed = get_app_encryption_needed(
+ app_policy.first, snapshot_->policy_table.app_policies_section.apps);
+ const auto update_app_encryption_needed = get_app_encryption_needed(
+ app_policy.first, update_->policy_table.app_policies_section.apps);
+
+ const bool app_encryption_needed_changed =
+ (snapshot_app_encryption_needed.is_initialized() !=
+ update_app_encryption_needed.is_initialized()) ||
+ (*snapshot_app_encryption_needed != *update_app_encryption_needed);
+
+ if ((!update_app_encryption_needed.is_initialized() ||
+ *update_app_encryption_needed) &&
+ group_res_en_flag_changed(snapshot_groups, update_groups)) {
+ return true;
+ }
+
+ return app_encryption_needed_changed;
+}
+
+void FillActionsForAppPolicies::operator()(
+ const policy::CheckAppPolicyResults::value_type& value) {
+ const std::string app_id = value.first;
+ const auto app_policy = app_policies_.find(app_id);
+
+ if (app_policies_.end() == app_policy) {
+ return;
+ }
+
+ if (IsPredefinedApp(*app_policy)) {
+ return;
+ }
+
+ switch (value.second) {
+ case RESULT_APP_REVOKED:
+ case RESULT_NICKNAME_MISMATCH:
+ actions_[app_id].is_notify_system = true;
+ return;
+ case RESULT_CONSENT_NEEDED:
+ case RESULT_PERMISSIONS_REVOKED_AND_CONSENT_NEEDED:
+ actions_[app_id].is_consent_needed = true;
+ break;
+ case RESULT_CONSENT_NOT_REQIURED:
+ case RESULT_PERMISSIONS_REVOKED:
+ case RESULT_REQUEST_TYPE_CHANGED:
+ case RESULT_REQUEST_SUBTYPE_CHANGED:
+ case RESULT_ENCRYPTION_REQUIRED_FLAG_CHANGED:
+ break;
+ case RESULT_NO_CHANGES:
+ default:
+ return;
+ }
+
+ actions_[app_id].is_notify_system = true;
+ actions_[app_id].is_send_permissions_to_app = true;
+}
+
FillNotificationData::FillNotificationData(Permissions& data,
GroupConsent group_state,
GroupConsent undefined_group_consent)
@@ -728,10 +870,31 @@ bool ProcessFunctionalGroup::operator()(const StringsValueType& group_name) {
FillNotificationData filler(
data_, GetGroupState(group_name_str), undefined_group_consent_);
std::for_each(rpcs.begin(), rpcs.end(), filler);
+ FillEncryptionFlagForRpcs(rpcs, (*it).second.encryption_required);
}
return true;
}
+void ProcessFunctionalGroup::FillEncryptionFlagForRpcs(
+ const policy_table::Rpc& rpcs,
+ const EncryptionRequired encryption_required) {
+ auto update_encryption_required = [](EncryptionRequired& current,
+ const EncryptionRequired& incoming) {
+ if (!incoming.is_initialized()) {
+ return;
+ }
+ if (current.is_initialized() && *current) {
+ return;
+ }
+ current = incoming;
+ };
+
+ for (const auto& rpc : rpcs) {
+ auto& item = data_[rpc.first];
+ update_encryption_required(item.require_encryption, encryption_required);
+ }
+}
+
GroupConsent ProcessFunctionalGroup::GetGroupState(
const std::string& group_name) {
std::vector<FunctionalGroupPermission>::const_iterator it =
View Lorry Controller Status