internal void AddAccessRule(AccessRule rule)
{
lock (this)
{
foreach (string portName in rule.DeviceList)
{
foreach (TimeOfWeek timeOfWeek in rule.TimeList)
{
ResourceAccessFact fact = new ResourceAccessFact(new StringPrincipal("port:" + portName),
new StringPrincipal("mod:" + rule.ModuleName),
new StringPrincipal("grp:" + rule.UserGroup),
new IntegerHolder(timeOfWeek.StartMins),
new IntegerHolder(timeOfWeek.EndMins),
new IntegerHolder(timeOfWeek.DayOfWeek),
new VerbHolder(rule.AccessMode.ToString()),
new IntegerHolder(rule.Priority));
resourceAccessFacts.Add(fact);
policyAssertions.Add(new Assertion(localAuthority, new Claim(fact)));
}
}
}
}
private void AddSystemHighRules(Configuration config)
{
AccessRule systemHighaccessRule;
foreach (string moduleName in config.allModules.Keys)
{
systemHighaccessRule = new AccessRule();
systemHighaccessRule.ModuleName = moduleName;
systemHighaccessRule.RuleName = Constants.SystemHigh;
systemHighaccessRule.UserGroup = Constants.SystemHigh;
systemHighaccessRule.AccessMode = AccessMode.Allow;
systemHighaccessRule.DeviceList = new List<string> { "*" };
systemHighaccessRule.TimeList = new List<TimeOfWeek> { new TimeOfWeek(-1, 0, 2400) };
systemHighaccessRule.Priority = 0;
AddAccessRule(systemHighaccessRule);
}
// Adding systemhigh access rules for "platform-based" modules GuiWeb and GuiWebSec
systemHighaccessRule = new AccessRule();
systemHighaccessRule.RuleName = Constants.SystemHigh;
systemHighaccessRule.UserGroup = Constants.SystemHigh;
systemHighaccessRule.AccessMode = AccessMode.Allow;
systemHighaccessRule.DeviceList = new List<string> { "*" };
systemHighaccessRule.TimeList = new List<TimeOfWeek> { new TimeOfWeek(-1, 0, 2400) };
systemHighaccessRule.Priority = 0;
systemHighaccessRule.ModuleName = Constants.GuiServiceSuffixWeb;
AddAccessRule(systemHighaccessRule);
systemHighaccessRule.ModuleName = Constants.GuiServiceSuffixWebSec;
AddAccessRule(systemHighaccessRule);
// Adding systemhigh access rules for scouts
systemHighaccessRule = new AccessRule();
systemHighaccessRule.RuleName = Constants.SystemHigh;
systemHighaccessRule.UserGroup = Constants.SystemHigh;
systemHighaccessRule.AccessMode = AccessMode.Allow;
systemHighaccessRule.DeviceList = new List<string> { "*" };
systemHighaccessRule.TimeList = new List<TimeOfWeek> { new TimeOfWeek(-1, 0, 2400) };
systemHighaccessRule.Priority = 0;
systemHighaccessRule.ModuleName = Constants.ScoutsSuffixWeb;
AddAccessRule(systemHighaccessRule);
}
public List<string> InstallAppWeb(string appName)
{
try
{
logger.Log("UICalled:InstallAppWeb " + appName);
HomeStoreApp app = homeStoreInfo.GetHomeStoreAppByName(appName);
if (app == null)
{
logger.Log("HomeStore app {0} was not found", appName);
return new List<string>() { "HomeStore app not found" };
}
//by default, we make the app auto start
ModuleInfo moduleInfo = new ModuleInfo(app.AppName, app.AppName, app.BinaryName, null, true);
moduleInfo.SetManifest(app.Manifest);
if (String.IsNullOrWhiteSpace(app.Version))
moduleInfo.SetRunningVersion(Common.Constants.UnknownHomeOSUpdateVersionValue);
else
moduleInfo.SetRunningVersion(app.Version);
AccessRule accessRule = new AccessRule();
accessRule.ModuleName = moduleInfo.FriendlyName();
accessRule.RuleName = "Access for " + moduleInfo.FriendlyName();
accessRule.UserGroup = "everyone";
accessRule.AccessMode = AccessMode.Allow;
accessRule.DeviceList = new List<string> { "*" };
accessRule.TimeList = new List<TimeOfWeek> { new TimeOfWeek(-1, 0, 2400) };
accessRule.Priority = 0;
platform.AddAccessRule(accessRule);
//we now call startmodule: if we don't already have the binaries, this will download them as well
var startedModule = platform.StartModule(moduleInfo, true);
if (startedModule != null)
{
//add this to our configuration
config.AddModule(moduleInfo);
return new List<string>() { "" };
}
else
{
//remove the rule we just added, since we are not starting the module
platform.RemoveAccessRulesForModule(moduleInfo.FriendlyName());
return new List<string>() { "Could not start module. Perhaps because we didn't find the right binaries" };
}
}
catch (Exception e)
{
logger.Log("Exception in InstallAppWeb: " + e.ToString());
return new List<string>() { "Got exception: " + e.Message };
}
}
public void AddAccessRule(AccessRule rule)
{
policyEngine.AddAccessRule(rule);
config.AddAccessRule(rule);
}
public void AllowAppAcccessToDevice(string appFriendlyName, string deviceFriendlyName)
{
AccessRule rule = new AccessRule();
rule.RuleName = appFriendlyName + "-" + deviceFriendlyName;
rule.ModuleName = appFriendlyName;
rule.UserGroup = "everyone";
rule.AccessMode = Common.AccessMode.Allow;
rule.Priority = 0;
rule.DeviceList = new List<string>();
rule.DeviceList.Add(deviceFriendlyName);
rule.TimeList = new List<TimeOfWeek>();
rule.TimeList.Add(new TimeOfWeek(-1, 0, 2400));
policyEngine.AddAccessRule(rule);
config.AddAccessRule(rule);
}
public void AddAccessRule(AccessRule rule, bool writeToDisk = true)
{
lock (allPolicies)
{
allPolicies.Add(rule);
if (writeToDisk)
WriteAccessRules();
}
}
private void ReadAccessRules()
{
string fileName = this.RulesFile;
XmlDocument xmlDoc = new XmlDocument();
XmlReader xmlReader = XmlReader.Create(fileName, xmlReaderSettings);
xmlDoc.Load(xmlReader);
XmlElement root = xmlDoc.FirstChild as XmlElement;
if (!root.Name.Equals("Rules"))
throw new Exception("rules file " + fileName + " does not begin with <Rules>");
foreach (XmlElement xmlRule in root.ChildNodes)
{
if (!xmlRule.Name.Equals("Rule"))
throw new Exception("expected Rule. Got " + xmlRule.Name);
foreach (XmlElement xmlUser in xmlRule.ChildNodes)
{
if (!xmlUser.Name.Equals("User") && !xmlUser.Name.Equals("Group"))
throw new Exception("expected User. Got " + xmlUser.Name);
AccessRule accessRule = new AccessRule();
accessRule.RuleName = xmlRule.GetAttribute("Name");
accessRule.ModuleName = xmlRule.GetAttribute("Module");
if (!allModules.ContainsKey(accessRule.ModuleName)
&& !accessRule.ModuleName.Equals(Constants.GuiServiceSuffixWeb)
&& !accessRule.ModuleName.Equals(Constants.GuiServiceSuffixWebSec)
&& !accessRule.ModuleName.Equals(Constants.ScoutsSuffixWeb)
)
throw new Exception("unknown module in rules: " + accessRule.ModuleName);
accessRule.UserGroup = xmlUser.GetAttribute("Name").ToLower();
if (!allGroups.ContainsKey(accessRule.UserGroup))
throw new Exception("unknown user/group in rules: " + accessRule.UserGroup);
accessRule.AccessMode = (AccessMode)Enum.Parse(typeof(AccessMode), xmlUser.GetAttribute("Type"), true);
List<string> deviceList = new List<string>();
List<TimeOfWeek> timeList = new List<TimeOfWeek>();
foreach (XmlElement xmlChild in xmlUser.ChildNodes)
{
switch (xmlChild.Name)
{
case "Service":
{
//it is a device
string serviceName = xmlChild.GetAttribute("FriendlyName");
if (!configuredPortNames.ContainsKey(serviceName)&& !serviceName.Equals("*") )
throw new Exception("unknown service name in rules: " + serviceName);
deviceList.Add(serviceName);
}
break;
case "Time":
{
//it is time
int dayOfWeek = int.Parse(xmlChild.GetAttribute("DayOfWeek"));
string startMins = xmlChild.GetAttribute("StartMins");
string endMins = xmlChild.GetAttribute("EndMins");
int startMinsInt = (startMins.Equals("")) ? 0 : int.Parse(startMins);
int endMinsInt = (endMins.Equals("")) ? 2400 : int.Parse(endMins);
TimeOfWeek timeOfWeek = new TimeOfWeek(dayOfWeek, startMinsInt, endMinsInt);
if (!timeOfWeek.Valid())
throw new Exception("invalid time spec for rule " + accessRule.RuleName);
timeList.Add(timeOfWeek);
}
break;
default:
throw new Exception("expected Device or Time. Got " + xmlChild.Name);
}
}
//assume always if no time was specified
if (timeList.Count == 0)
timeList.Add(new TimeOfWeek(-1, 0, 2400));
// assume access-rule applies to all ports of the module if no service specified
if(deviceList.Count==0)
deviceList.Add("*");
accessRule.DeviceList = deviceList;
accessRule.TimeList = timeList;
accessRule.Priority = 0;
AddAccessRule(accessRule, false);
}
}
xmlReader.Close();
}
