3 files changed, 101 insertions, 29 deletions

diff --git a/implementation/security/include/policy.hpp b/implementation/security/include/policy.hpp
index f8727f8..82f3eb9 100644
--- a/implementation/security/include/policy.hpp
+++ b/implementation/security/include/policy.hpp
@@ -1,4 +1,4 @@
-// Copyright (C) 2014-2017 Bayerische Motoren Werke Aktiengesellschaft (BMW AG)
+// Copyright (C) 2014-2020 Bayerische Motoren Werke Aktiengesellschaft (BMW AG)
 // This Source Code Form is subject to the terms of the Mozilla Public
 // License, v. 2.0. If a copy of the MPL was not distributed with this
 // file, You can obtain one at http://mozilla.org/MPL/2.0/.
@@ -9,8 +9,11 @@
 #include <cstring>
 #include <map>
 #include <mutex>
-#include <set>
 #include <utility>
+#include <vector>
+
+#include <boost/icl/interval_map.hpp>
+#include <boost/icl/interval_set.hpp>
 
 #include <vsomeip/constants.hpp>
 #include <vsomeip/primitive_types.hpp>
@@ -18,20 +21,88 @@
 
 namespace vsomeip_v3 {
 
-typedef std::set<std::pair<uint32_t, uint32_t>> ranges_t;
-typedef std::set<std::pair<ranges_t, ranges_t>> ids_t;
+template<typename T_>
+void get_bounds(const boost::icl::discrete_interval<T_> &_interval,
+        T_ &_lower, T_ &_upper) {
+
+    T_ its_lower, its_upper;
+
+    its_lower = _interval.lower();
+    its_upper = _interval.upper();
+
+    switch (_interval.bounds().bits()) {
+    case boost::icl::interval_bounds::static_open:
+        its_lower++;
+        its_upper--;
+        break;
+    case boost::icl::interval_bounds::static_left_open:
+        its_lower++;
+        break;
+    case boost::icl::interval_bounds::static_right_open:
+        its_upper--;
+        break;
+    default:
+        ;
+    }
+
+    _lower = its_lower;
+    _upper = its_upper;
+}
 
 struct policy {
     policy() : allow_who_(false), allow_what_(false) {};
 
-    ids_t ids_;
+    // Returns true if the policy is defined for single uid/gid pair.
+    // uid & gid are copied to the arguments. Otherwise, returns false.
+    bool get_uid_gid(uid_t &_uid, gid_t &_gid) const;
+
+    bool deserialize_uid_gid(const byte_t * &_data, uint32_t &_size,
+            uid_t &_uid, gid_t &_gid) const;
+    bool deserialize(const byte_t * &_data, uint32_t &_size);
+    bool serialize(std::vector<byte_t> &_data) const;
+
+    void print() const;
+
+    // Members
+    boost::icl::interval_map<uid_t,
+        boost::icl::interval_set<gid_t> > credentials_;
     bool allow_who_;
 
-    std::map<service_t, ids_t> services_;
-    std::map<service_t, ranges_t> offers_;
+    boost::icl::interval_map<service_t,
+        boost::icl::interval_map<instance_t,
+            boost::icl::interval_set<method_t> > > requests_;
+    boost::icl::interval_map<service_t,
+        boost::icl::interval_set<instance_t> > offers_;
     bool allow_what_;
 
-    std::mutex mutex_;
+    mutable std::mutex mutex_;
+
+private:
+    bool deserialize_ids(const byte_t * &_data, uint32_t &_size,
+            boost::icl::interval_map<uint16_t,
+                boost::icl::interval_set<uint16_t> > &_ids) const;
+    bool deserialize_id_item_list(const byte_t * &_data, uint32_t &_size,
+            boost::icl::interval_set<uint16_t> &_intervals) const;
+    bool deserialize_id_item(const byte_t * &_data, uint32_t &_size,
+            uint16_t &_low, uint16_t &_high) const;
+
+    bool deserialize_u32(const byte_t * &_data, uint32_t &_size,
+            uint32_t &_value) const;
+    bool deserialize_u16(const byte_t * &_data, uint32_t &_size,
+            uint16_t &_value) const;
+
+    bool serialize_uid_gid(std::vector<byte_t> &_data) const;
+    void serialize_interval_set(
+            const boost::icl::interval_set<uint16_t> &_intervals,
+            std::vector<byte_t> &_data) const;
+    void serialize_interval(
+            const boost::icl::discrete_interval<uint16_t> &_interval,
+            std::vector<byte_t> &_data) const;
+
+    void serialize_u32(uint32_t _value, std::vector<byte_t> &_data) const;
+    void serialize_u32_at(uint32_t _value, std::vector<byte_t> &_data,
+            size_t _pos) const;
+    void serialize_u16(uint16_t _value, std::vector<byte_t> &_data) const;
 };
 
 } // namespace vsomeip_v3
diff --git a/implementation/security/include/security.hpp b/implementation/security/include/security.hpp
index 0bac7a0..03406c6 100644
--- a/implementation/security/include/security.hpp
+++ b/implementation/security/include/security.hpp
@@ -7,6 +7,10 @@
 #define VSOMEIP_V3_SECURITY_SECURITY_HPP_
 
 #include <memory>
+#include <unordered_set>
+
+#include <vsomeip/payload.hpp>
+#include <vsomeip/primitive_types.hpp>
 
 namespace vsomeip_v3 {
 
@@ -49,6 +53,11 @@ public:
         uint32_t _uid, uint32_t _gid) = 0;
     virtual void store_uid_gid_to_client_mapping(uint32_t _uid, uint32_t _gid,
         client_t _client) = 0;
+
+    virtual void get_requester_policies(const std::shared_ptr<policy> _policy,
+            std::set<std::shared_ptr<policy> > &_requesters) const = 0;
+    virtual void get_clients(uid_t _uid, gid_t _gid,
+            std::unordered_set<client_t> &_clients) const = 0;
 };
 
 } // namespace vsomeip_v3
diff --git a/implementation/security/include/security_impl.hpp b/implementation/security/include/security_impl.hpp
index 564c029..dfeea6b 100644
--- a/implementation/security/include/security_impl.hpp
+++ b/implementation/security/include/security_impl.hpp
@@ -50,8 +50,6 @@ public:
 
     bool is_policy_removal_allowed(uint32_t _uid) const;
 
-    bool parse_uid_gid(const byte_t* &_buffer, uint32_t &_buffer_size,
-            uint32_t &_uid, uint32_t &_gid) const;
     bool parse_policy(const byte_t* &_buffer, uint32_t &_buffer_size,
             uint32_t &_uid, uint32_t &_gid, const std::shared_ptr<policy> &_policy) const;
 
@@ -62,30 +60,24 @@ public:
     bool store_client_to_uid_gid_mapping(client_t _client, uint32_t _uid, uint32_t _gid);
     void store_uid_gid_to_client_mapping(uint32_t _uid, uint32_t _gid, client_t _client);
 
+    void get_requester_policies(const std::shared_ptr<policy> _policy,
+            std::set<std::shared_ptr<policy> > &_requesters) const;
+    void get_clients(uid_t _uid, gid_t _gid, std::unordered_set<client_t> &_clients) const;
+
 private:
-    // Helper
-
-    bool get_struct_length(const byte_t* &_buffer, uint32_t &_buffer_size, uint32_t &_length) const;
-    bool get_union_length(const byte_t* &_buffer, uint32_t &_buffer_size, uint32_t &_length) const;
-    bool get_array_length(const byte_t* &_buffer, uint32_t &_buffer_size, uint32_t &_length) const;
-    bool is_range(const byte_t* &_buffer, uint32_t &_buffer_size) const;
-    bool parse_id_item(const byte_t* &_buffer, uint32_t& parsed_ids_bytes,
-            ranges_t& its_ranges, uint32_t &_buffer_size) const;
-    bool parse_range(const byte_t* &_buffer, uint32_t &_buffer_size,
-            uint16_t &_first, uint16_t &_last) const;
-    bool parse_id(const byte_t* &_buffer, uint32_t &_buffer_size, uint16_t &_id) const;
 
     // Configuration
     void load_policies(const configuration_element &_element);
     void load_policy(const boost::property_tree::ptree &_tree);
-    void load_credential(const boost::property_tree::ptree &_tree, ids_t &_ids);
+    void load_policy_body(std::shared_ptr<policy> &_policy,
+            const boost::property_tree::ptree::const_iterator &_tree);
+    void load_credential(const boost::property_tree::ptree &_tree,
+            boost::icl::interval_map<uid_t, boost::icl::interval_set<gid_t> > &_ids);
     bool load_routing_credentials(const configuration_element &_element);
-    void load_ranges(const boost::property_tree::ptree &_tree, ranges_t &_range);
-    void load_instance_ranges(const boost::property_tree::ptree &_tree, ranges_t &_range);
-
+    template<typename T_>
+    void load_interval_set(const boost::property_tree::ptree &_tree,
+            boost::icl::interval_set<T_> &_range, bool _exclude_margins = false);
     void load_security_update_whitelist(const configuration_element &_element);
-    void load_service_ranges(const boost::property_tree::ptree &_tree,
-            std::set<std::pair<service_t, service_t>> &_ranges);
 
 private:
     client_t routing_client_;
@@ -106,10 +98,10 @@ private:
     bool check_whitelist_;
 
     mutable std::mutex service_interface_whitelist_mutex_;
-    std::set<std::pair<service_t, service_t>> service_interface_whitelist_;
+    boost::icl::interval_set<service_t> service_interface_whitelist_;
 
     mutable std::mutex uid_whitelist_mutex_;
-    ranges_t uid_whitelist_;
+    boost::icl::interval_set<uint32_t> uid_whitelist_;
 
     mutable std::mutex routing_credentials_mutex_;
     std::pair<uint32_t, uint32_t> routing_credentials_;