1 // Copyright (C) 2019 Bayerische Motoren Werke Aktiengesellschaft (BMW AG) 2 // This Source Code Form is subject to the terms of the Mozilla Public 3 // License, v. 2.0. If a copy of the MPL was not distributed with this 4 // file, You can obtain one at http://mozilla.org/MPL/2.0/. 5 6 #ifndef VSOMEIP_V3_SECURITY_IMPL_HPP_ 7 #define VSOMEIP_V3_SECURITY_IMPL_HPP_ 8 9 #include <map> 10 #include <mutex> 11 #include <vector> 12 13 #include <boost/property_tree/ptree.hpp> 14 15 #include "../include/policy.hpp" 16 #include "../include/security.hpp" 17 18 namespace vsomeip_v3 { 19 20 class security_impl : 21 public security { 22 public: 23 static std::shared_ptr<security_impl> get(); 24 25 security_impl(); 26 27 void load(const configuration_element &_element); 28 29 bool is_enabled() const; 30 bool is_audit() const; 31 32 bool check_credentials(client_t _client, uid_t _uid, gid_t _gid); 33 bool check_routing_credentials(client_t _client, uint32_t _uid, uint32_t _gid) const; 34 35 bool is_client_allowed(uint32_t _uid, uint32_t _gid, client_t _client, 36 service_t _service, instance_t _instance, method_t _method, 37 bool _is_request_service = false) const; 38 bool is_offer_allowed(uint32_t _uid, uint32_t _gid, client_t _client, 39 service_t _service, instance_t _instance) const; 40 41 void update_security_policy(uint32_t _uid, uint32_t _gid, const std::shared_ptr<policy>& _policy); 42 bool remove_security_policy(uint32_t _uid, uint32_t _gid); 43 44 void add_security_credentials(uint32_t _uid, uint32_t _gid, 45 const std::shared_ptr<policy>& _credentials_policy, client_t _client); 46 47 bool is_remote_client_allowed() const; 48 49 bool is_policy_update_allowed(uint32_t _uid, std::shared_ptr<policy> &_policy) const; 50 51 bool is_policy_removal_allowed(uint32_t _uid) const; 52 53 bool parse_policy(const byte_t* &_buffer, uint32_t &_buffer_size, 54 uint32_t &_uid, uint32_t &_gid, const std::shared_ptr<policy> &_policy) const; 55 56 bool get_uid_gid_to_client_mapping(std::pair<uint32_t, uint32_t> _uid_gid, std::set<client_t> &_clients); 57 bool remove_client_to_uid_gid_mapping(client_t _client); 58 59 bool get_client_to_uid_gid_mapping(client_t _client, std::pair<uint32_t, uint32_t> &_uid_gid); 60 bool store_client_to_uid_gid_mapping(client_t _client, uint32_t _uid, uint32_t _gid); 61 void store_uid_gid_to_client_mapping(uint32_t _uid, uint32_t _gid, client_t _client); 62 63 void get_requester_policies(const std::shared_ptr<policy> _policy, 64 std::set<std::shared_ptr<policy> > &_requesters) const; 65 void get_clients(uid_t _uid, gid_t _gid, std::unordered_set<client_t> &_clients) const; 66 67 private: 68 69 // Configuration 70 void load_policies(const configuration_element &_element); 71 void load_policy(const boost::property_tree::ptree &_tree); 72 void load_policy_body(std::shared_ptr<policy> &_policy, 73 const boost::property_tree::ptree::const_iterator &_tree); 74 void load_credential(const boost::property_tree::ptree &_tree, 75 boost::icl::interval_map<uid_t, boost::icl::interval_set<gid_t> > &_ids); 76 bool load_routing_credentials(const configuration_element &_element); 77 template<typename T_> 78 void load_interval_set(const boost::property_tree::ptree &_tree, 79 boost::icl::interval_set<T_> &_range, bool _exclude_margins = false); 80 void load_security_update_whitelist(const configuration_element &_element); 81 82 private: 83 client_t routing_client_; 84 85 mutable std::mutex ids_mutex_; 86 mutable std::mutex uid_to_clients_mutex_; 87 88 std::vector<std::shared_ptr<policy> > any_client_policies_; 89 90 mutable std::mutex any_client_policies_mutex_; 91 std::map<client_t, std::pair<uint32_t, uint32_t> > ids_; 92 std::map<std::pair<uint32_t, uint32_t>, std::set<client_t> > uid_to_clients_; 93 94 bool policy_enabled_; 95 bool check_credentials_; 96 bool check_routing_credentials_; 97 bool allow_remote_clients_; 98 bool check_whitelist_; 99 100 mutable std::mutex service_interface_whitelist_mutex_; 101 boost::icl::interval_set<service_t> service_interface_whitelist_; 102 103 mutable std::mutex uid_whitelist_mutex_; 104 boost::icl::interval_set<uint32_t> uid_whitelist_; 105 106 mutable std::mutex routing_credentials_mutex_; 107 std::pair<uint32_t, uint32_t> routing_credentials_; 108 109 bool is_configured_; 110 }; 111 112 } // namespace vsomeip_v3 113 114 #endif // VSOMEIP_V3_SECURITY_IMPL_HPP_ 115