diff options
Diffstat (limited to 'implementation/security/include')
-rw-r--r-- | implementation/security/include/policy.hpp | 87 | ||||
-rw-r--r-- | implementation/security/include/security.hpp | 9 | ||||
-rw-r--r-- | implementation/security/include/security_impl.hpp | 34 |
3 files changed, 101 insertions, 29 deletions
diff --git a/implementation/security/include/policy.hpp b/implementation/security/include/policy.hpp index f8727f8..82f3eb9 100644 --- a/implementation/security/include/policy.hpp +++ b/implementation/security/include/policy.hpp @@ -1,4 +1,4 @@ -// Copyright (C) 2014-2017 Bayerische Motoren Werke Aktiengesellschaft (BMW AG) +// Copyright (C) 2014-2020 Bayerische Motoren Werke Aktiengesellschaft (BMW AG) // This Source Code Form is subject to the terms of the Mozilla Public // License, v. 2.0. If a copy of the MPL was not distributed with this // file, You can obtain one at http://mozilla.org/MPL/2.0/. @@ -9,8 +9,11 @@ #include <cstring> #include <map> #include <mutex> -#include <set> #include <utility> +#include <vector> + +#include <boost/icl/interval_map.hpp> +#include <boost/icl/interval_set.hpp> #include <vsomeip/constants.hpp> #include <vsomeip/primitive_types.hpp> @@ -18,20 +21,88 @@ namespace vsomeip_v3 { -typedef std::set<std::pair<uint32_t, uint32_t>> ranges_t; -typedef std::set<std::pair<ranges_t, ranges_t>> ids_t; +template<typename T_> +void get_bounds(const boost::icl::discrete_interval<T_> &_interval, + T_ &_lower, T_ &_upper) { + + T_ its_lower, its_upper; + + its_lower = _interval.lower(); + its_upper = _interval.upper(); + + switch (_interval.bounds().bits()) { + case boost::icl::interval_bounds::static_open: + its_lower++; + its_upper--; + break; + case boost::icl::interval_bounds::static_left_open: + its_lower++; + break; + case boost::icl::interval_bounds::static_right_open: + its_upper--; + break; + default: + ; + } + + _lower = its_lower; + _upper = its_upper; +} struct policy { policy() : allow_who_(false), allow_what_(false) {}; - ids_t ids_; + // Returns true if the policy is defined for single uid/gid pair. + // uid & gid are copied to the arguments. Otherwise, returns false. + bool get_uid_gid(uid_t &_uid, gid_t &_gid) const; + + bool deserialize_uid_gid(const byte_t * &_data, uint32_t &_size, + uid_t &_uid, gid_t &_gid) const; + bool deserialize(const byte_t * &_data, uint32_t &_size); + bool serialize(std::vector<byte_t> &_data) const; + + void print() const; + + // Members + boost::icl::interval_map<uid_t, + boost::icl::interval_set<gid_t> > credentials_; bool allow_who_; - std::map<service_t, ids_t> services_; - std::map<service_t, ranges_t> offers_; + boost::icl::interval_map<service_t, + boost::icl::interval_map<instance_t, + boost::icl::interval_set<method_t> > > requests_; + boost::icl::interval_map<service_t, + boost::icl::interval_set<instance_t> > offers_; bool allow_what_; - std::mutex mutex_; + mutable std::mutex mutex_; + +private: + bool deserialize_ids(const byte_t * &_data, uint32_t &_size, + boost::icl::interval_map<uint16_t, + boost::icl::interval_set<uint16_t> > &_ids) const; + bool deserialize_id_item_list(const byte_t * &_data, uint32_t &_size, + boost::icl::interval_set<uint16_t> &_intervals) const; + bool deserialize_id_item(const byte_t * &_data, uint32_t &_size, + uint16_t &_low, uint16_t &_high) const; + + bool deserialize_u32(const byte_t * &_data, uint32_t &_size, + uint32_t &_value) const; + bool deserialize_u16(const byte_t * &_data, uint32_t &_size, + uint16_t &_value) const; + + bool serialize_uid_gid(std::vector<byte_t> &_data) const; + void serialize_interval_set( + const boost::icl::interval_set<uint16_t> &_intervals, + std::vector<byte_t> &_data) const; + void serialize_interval( + const boost::icl::discrete_interval<uint16_t> &_interval, + std::vector<byte_t> &_data) const; + + void serialize_u32(uint32_t _value, std::vector<byte_t> &_data) const; + void serialize_u32_at(uint32_t _value, std::vector<byte_t> &_data, + size_t _pos) const; + void serialize_u16(uint16_t _value, std::vector<byte_t> &_data) const; }; } // namespace vsomeip_v3 diff --git a/implementation/security/include/security.hpp b/implementation/security/include/security.hpp index 0bac7a0..03406c6 100644 --- a/implementation/security/include/security.hpp +++ b/implementation/security/include/security.hpp @@ -7,6 +7,10 @@ #define VSOMEIP_V3_SECURITY_SECURITY_HPP_ #include <memory> +#include <unordered_set> + +#include <vsomeip/payload.hpp> +#include <vsomeip/primitive_types.hpp> namespace vsomeip_v3 { @@ -49,6 +53,11 @@ public: uint32_t _uid, uint32_t _gid) = 0; virtual void store_uid_gid_to_client_mapping(uint32_t _uid, uint32_t _gid, client_t _client) = 0; + + virtual void get_requester_policies(const std::shared_ptr<policy> _policy, + std::set<std::shared_ptr<policy> > &_requesters) const = 0; + virtual void get_clients(uid_t _uid, gid_t _gid, + std::unordered_set<client_t> &_clients) const = 0; }; } // namespace vsomeip_v3 diff --git a/implementation/security/include/security_impl.hpp b/implementation/security/include/security_impl.hpp index 564c029..dfeea6b 100644 --- a/implementation/security/include/security_impl.hpp +++ b/implementation/security/include/security_impl.hpp @@ -50,8 +50,6 @@ public: bool is_policy_removal_allowed(uint32_t _uid) const; - bool parse_uid_gid(const byte_t* &_buffer, uint32_t &_buffer_size, - uint32_t &_uid, uint32_t &_gid) const; bool parse_policy(const byte_t* &_buffer, uint32_t &_buffer_size, uint32_t &_uid, uint32_t &_gid, const std::shared_ptr<policy> &_policy) const; @@ -62,30 +60,24 @@ public: bool store_client_to_uid_gid_mapping(client_t _client, uint32_t _uid, uint32_t _gid); void store_uid_gid_to_client_mapping(uint32_t _uid, uint32_t _gid, client_t _client); + void get_requester_policies(const std::shared_ptr<policy> _policy, + std::set<std::shared_ptr<policy> > &_requesters) const; + void get_clients(uid_t _uid, gid_t _gid, std::unordered_set<client_t> &_clients) const; + private: - // Helper - - bool get_struct_length(const byte_t* &_buffer, uint32_t &_buffer_size, uint32_t &_length) const; - bool get_union_length(const byte_t* &_buffer, uint32_t &_buffer_size, uint32_t &_length) const; - bool get_array_length(const byte_t* &_buffer, uint32_t &_buffer_size, uint32_t &_length) const; - bool is_range(const byte_t* &_buffer, uint32_t &_buffer_size) const; - bool parse_id_item(const byte_t* &_buffer, uint32_t& parsed_ids_bytes, - ranges_t& its_ranges, uint32_t &_buffer_size) const; - bool parse_range(const byte_t* &_buffer, uint32_t &_buffer_size, - uint16_t &_first, uint16_t &_last) const; - bool parse_id(const byte_t* &_buffer, uint32_t &_buffer_size, uint16_t &_id) const; // Configuration void load_policies(const configuration_element &_element); void load_policy(const boost::property_tree::ptree &_tree); - void load_credential(const boost::property_tree::ptree &_tree, ids_t &_ids); + void load_policy_body(std::shared_ptr<policy> &_policy, + const boost::property_tree::ptree::const_iterator &_tree); + void load_credential(const boost::property_tree::ptree &_tree, + boost::icl::interval_map<uid_t, boost::icl::interval_set<gid_t> > &_ids); bool load_routing_credentials(const configuration_element &_element); - void load_ranges(const boost::property_tree::ptree &_tree, ranges_t &_range); - void load_instance_ranges(const boost::property_tree::ptree &_tree, ranges_t &_range); - + template<typename T_> + void load_interval_set(const boost::property_tree::ptree &_tree, + boost::icl::interval_set<T_> &_range, bool _exclude_margins = false); void load_security_update_whitelist(const configuration_element &_element); - void load_service_ranges(const boost::property_tree::ptree &_tree, - std::set<std::pair<service_t, service_t>> &_ranges); private: client_t routing_client_; @@ -106,10 +98,10 @@ private: bool check_whitelist_; mutable std::mutex service_interface_whitelist_mutex_; - std::set<std::pair<service_t, service_t>> service_interface_whitelist_; + boost::icl::interval_set<service_t> service_interface_whitelist_; mutable std::mutex uid_whitelist_mutex_; - ranges_t uid_whitelist_; + boost::icl::interval_set<uint32_t> uid_whitelist_; mutable std::mutex routing_credentials_mutex_; std::pair<uint32_t, uint32_t> routing_credentials_; |