Example #1
0
        internal void AddAccessRule(AccessRule rule)
        {
            lock (this)
            {
                foreach (string portName in rule.DeviceList)
                {
                    foreach (TimeOfWeek timeOfWeek in rule.TimeList)
                    {
                        ResourceAccessFact fact = new ResourceAccessFact(new StringPrincipal("port:" + portName),
                                                                         new StringPrincipal("mod:" + rule.ModuleName),
                                                                         new StringPrincipal("grp:" + rule.UserGroup),

                                                                         new IntegerHolder(timeOfWeek.StartMins),
                                                                         new IntegerHolder(timeOfWeek.EndMins),
                                                                         new IntegerHolder(timeOfWeek.DayOfWeek),

                                                                         new VerbHolder(rule.AccessMode.ToString()),
                                                                         new IntegerHolder(rule.Priority));
                        resourceAccessFacts.Add(fact);
                        policyAssertions.Add(new Assertion(localAuthority, new Claim(fact)));
                    }
                }
            }
        }
Example #2
0
        private void AddSystemHighRules(Configuration config)
        {
            AccessRule systemHighaccessRule;
            foreach (string moduleName in config.allModules.Keys)
            {
                systemHighaccessRule = new AccessRule();
                systemHighaccessRule.ModuleName = moduleName;
                systemHighaccessRule.RuleName = Constants.SystemHigh;
                systemHighaccessRule.UserGroup = Constants.SystemHigh;
                systemHighaccessRule.AccessMode = AccessMode.Allow;
                systemHighaccessRule.DeviceList = new List<string> { "*" };
                systemHighaccessRule.TimeList = new List<TimeOfWeek> { new TimeOfWeek(-1, 0, 2400) };
                systemHighaccessRule.Priority = 0;
                AddAccessRule(systemHighaccessRule);
            }

            // Adding systemhigh access rules for "platform-based" modules GuiWeb and GuiWebSec
            systemHighaccessRule = new AccessRule();
            systemHighaccessRule.RuleName = Constants.SystemHigh;
            systemHighaccessRule.UserGroup = Constants.SystemHigh;
            systemHighaccessRule.AccessMode = AccessMode.Allow;
            systemHighaccessRule.DeviceList = new List<string> { "*" };
            systemHighaccessRule.TimeList = new List<TimeOfWeek> { new TimeOfWeek(-1, 0, 2400) };
            systemHighaccessRule.Priority = 0;
            systemHighaccessRule.ModuleName = Constants.GuiServiceSuffixWeb;
            AddAccessRule(systemHighaccessRule);

            systemHighaccessRule.ModuleName = Constants.GuiServiceSuffixWebSec;
            AddAccessRule(systemHighaccessRule);

            // Adding systemhigh access rules for scouts
            systemHighaccessRule = new AccessRule();
            systemHighaccessRule.RuleName = Constants.SystemHigh;
            systemHighaccessRule.UserGroup = Constants.SystemHigh;
            systemHighaccessRule.AccessMode = AccessMode.Allow;
            systemHighaccessRule.DeviceList = new List<string> { "*" };
            systemHighaccessRule.TimeList = new List<TimeOfWeek> { new TimeOfWeek(-1, 0, 2400) };
            systemHighaccessRule.Priority = 0;
            systemHighaccessRule.ModuleName = Constants.ScoutsSuffixWeb;
            AddAccessRule(systemHighaccessRule);

            

        }
        public List<string> InstallAppWeb(string appName)
        {
            try
            {
                logger.Log("UICalled:InstallAppWeb " + appName);

                HomeStoreApp app = homeStoreInfo.GetHomeStoreAppByName(appName);

                if (app == null)
                {
                    logger.Log("HomeStore app {0} was not found", appName);
                    return new List<string>() { "HomeStore app not found" };
                }

                //by default, we make the app auto start
                ModuleInfo moduleInfo = new ModuleInfo(app.AppName, app.AppName, app.BinaryName, null, true);
                moduleInfo.SetManifest(app.Manifest);

                if (String.IsNullOrWhiteSpace(app.Version))
                    moduleInfo.SetRunningVersion(Common.Constants.UnknownHomeOSUpdateVersionValue);
                else
                    moduleInfo.SetRunningVersion(app.Version);

                AccessRule accessRule = new AccessRule();
                accessRule.ModuleName = moduleInfo.FriendlyName();
                accessRule.RuleName = "Access for " + moduleInfo.FriendlyName();
                accessRule.UserGroup = "everyone";
                accessRule.AccessMode = AccessMode.Allow;
                accessRule.DeviceList = new List<string> { "*" };
                accessRule.TimeList = new List<TimeOfWeek> { new TimeOfWeek(-1, 0, 2400) };
                accessRule.Priority = 0;

                platform.AddAccessRule(accessRule);

                //we now call startmodule: if we don't already have the binaries, this will download them as well
                var startedModule = platform.StartModule(moduleInfo, true);

                if (startedModule != null)
                {
                    //add this to our configuration
                    config.AddModule(moduleInfo);

                    return new List<string>() { "" };
                }
                else
                {
                    //remove the rule we just added, since we are not starting the module
                    platform.RemoveAccessRulesForModule(moduleInfo.FriendlyName());

                    return new List<string>() { "Could not start module. Perhaps because we didn't find the right binaries" };
                }
            }
            catch (Exception e)
            {
                logger.Log("Exception in InstallAppWeb: " + e.ToString());

                return new List<string>() { "Got exception: " + e.Message };
            }
        }
Example #4
0
 public void AddAccessRule(AccessRule rule)
 {
     policyEngine.AddAccessRule(rule);
     config.AddAccessRule(rule);
 }
Example #5
0
        public void AllowAppAcccessToDevice(string appFriendlyName, string deviceFriendlyName)
        {
            AccessRule rule = new AccessRule();
            rule.RuleName = appFriendlyName + "-" + deviceFriendlyName;
            rule.ModuleName = appFriendlyName;
            rule.UserGroup = "everyone";
            rule.AccessMode = Common.AccessMode.Allow;
            rule.Priority = 0;

            rule.DeviceList = new List<string>();
            rule.DeviceList.Add(deviceFriendlyName);

            rule.TimeList = new List<TimeOfWeek>();
            rule.TimeList.Add(new TimeOfWeek(-1, 0, 2400));

            policyEngine.AddAccessRule(rule);

            config.AddAccessRule(rule);
        }
Example #6
0
        public void AddAccessRule(AccessRule rule, bool writeToDisk = true)
        {
            lock (allPolicies)
            {
                allPolicies.Add(rule);

                if (writeToDisk)
                    WriteAccessRules();

            }

        }
Example #7
0
        private void ReadAccessRules()
        {
            string fileName = this.RulesFile;

            XmlDocument xmlDoc = new XmlDocument();

            XmlReader xmlReader = XmlReader.Create(fileName, xmlReaderSettings);
            xmlDoc.Load(xmlReader);

            XmlElement root = xmlDoc.FirstChild as XmlElement;

            if (!root.Name.Equals("Rules"))
                throw new Exception("rules file " + fileName + " does not begin with <Rules>");

            foreach (XmlElement xmlRule in root.ChildNodes)
            {
                if (!xmlRule.Name.Equals("Rule"))
                    throw new Exception("expected Rule. Got " + xmlRule.Name);

                foreach (XmlElement xmlUser in xmlRule.ChildNodes)
                {
                    if (!xmlUser.Name.Equals("User") && !xmlUser.Name.Equals("Group"))
                        throw new Exception("expected User. Got " + xmlUser.Name);

                    AccessRule accessRule = new AccessRule();

                    accessRule.RuleName = xmlRule.GetAttribute("Name");
                    
                    accessRule.ModuleName = xmlRule.GetAttribute("Module");

                    if (!allModules.ContainsKey(accessRule.ModuleName)
                        && !accessRule.ModuleName.Equals(Constants.GuiServiceSuffixWeb)
                        && !accessRule.ModuleName.Equals(Constants.GuiServiceSuffixWebSec)
                        && !accessRule.ModuleName.Equals(Constants.ScoutsSuffixWeb)
                        )
                        throw new Exception("unknown module in rules: " + accessRule.ModuleName);

                    accessRule.UserGroup = xmlUser.GetAttribute("Name").ToLower();
                    if (!allGroups.ContainsKey(accessRule.UserGroup))
                        throw new Exception("unknown user/group in rules: " + accessRule.UserGroup);

                    accessRule.AccessMode = (AccessMode)Enum.Parse(typeof(AccessMode), xmlUser.GetAttribute("Type"), true);

                    List<string> deviceList = new List<string>();
                    List<TimeOfWeek> timeList = new List<TimeOfWeek>();

                    foreach (XmlElement xmlChild in xmlUser.ChildNodes)
                    {
                        switch (xmlChild.Name)
                        {
                            case "Service":
                                {
                                    //it is a device
                                    string serviceName = xmlChild.GetAttribute("FriendlyName");

                                    if (!configuredPortNames.ContainsKey(serviceName)&& !serviceName.Equals("*") )
                                        throw new Exception("unknown service name in rules: " + serviceName);

                                    deviceList.Add(serviceName);
                                }
                                break;
                            case "Time":
                                {
                                    //it is time
                                    int dayOfWeek = int.Parse(xmlChild.GetAttribute("DayOfWeek"));

                                    string startMins = xmlChild.GetAttribute("StartMins");
                                    string endMins = xmlChild.GetAttribute("EndMins");

                                    int startMinsInt = (startMins.Equals("")) ? 0 : int.Parse(startMins);
                                    int endMinsInt = (endMins.Equals("")) ? 2400 : int.Parse(endMins);

                                    TimeOfWeek timeOfWeek = new TimeOfWeek(dayOfWeek, startMinsInt, endMinsInt);
                                    if (!timeOfWeek.Valid())
                                        throw new Exception("invalid time spec for rule " + accessRule.RuleName);

                                    timeList.Add(timeOfWeek);
                                }
                                break;
                            default:
                                throw new Exception("expected Device or Time. Got " + xmlChild.Name);
                        }
                    }

                    //assume always if no time was specified
                    if (timeList.Count == 0)
                        timeList.Add(new TimeOfWeek(-1, 0, 2400));

                    // assume access-rule applies to all ports of the module if no service specified
                    if(deviceList.Count==0)
                        deviceList.Add("*");

                    accessRule.DeviceList = deviceList;
                    accessRule.TimeList = timeList;

                    accessRule.Priority = 0;

                    AddAccessRule(accessRule, false);
                }
            }

            xmlReader.Close();
        }