internal void AddAccessRule(AccessRule rule) { lock (this) { foreach (string portName in rule.DeviceList) { foreach (TimeOfWeek timeOfWeek in rule.TimeList) { ResourceAccessFact fact = new ResourceAccessFact(new StringPrincipal("port:" + portName), new StringPrincipal("mod:" + rule.ModuleName), new StringPrincipal("grp:" + rule.UserGroup), new IntegerHolder(timeOfWeek.StartMins), new IntegerHolder(timeOfWeek.EndMins), new IntegerHolder(timeOfWeek.DayOfWeek), new VerbHolder(rule.AccessMode.ToString()), new IntegerHolder(rule.Priority)); resourceAccessFacts.Add(fact); policyAssertions.Add(new Assertion(localAuthority, new Claim(fact))); } } } }
private void AddSystemHighRules(Configuration config) { AccessRule systemHighaccessRule; foreach (string moduleName in config.allModules.Keys) { systemHighaccessRule = new AccessRule(); systemHighaccessRule.ModuleName = moduleName; systemHighaccessRule.RuleName = Constants.SystemHigh; systemHighaccessRule.UserGroup = Constants.SystemHigh; systemHighaccessRule.AccessMode = AccessMode.Allow; systemHighaccessRule.DeviceList = new List<string> { "*" }; systemHighaccessRule.TimeList = new List<TimeOfWeek> { new TimeOfWeek(-1, 0, 2400) }; systemHighaccessRule.Priority = 0; AddAccessRule(systemHighaccessRule); } // Adding systemhigh access rules for "platform-based" modules GuiWeb and GuiWebSec systemHighaccessRule = new AccessRule(); systemHighaccessRule.RuleName = Constants.SystemHigh; systemHighaccessRule.UserGroup = Constants.SystemHigh; systemHighaccessRule.AccessMode = AccessMode.Allow; systemHighaccessRule.DeviceList = new List<string> { "*" }; systemHighaccessRule.TimeList = new List<TimeOfWeek> { new TimeOfWeek(-1, 0, 2400) }; systemHighaccessRule.Priority = 0; systemHighaccessRule.ModuleName = Constants.GuiServiceSuffixWeb; AddAccessRule(systemHighaccessRule); systemHighaccessRule.ModuleName = Constants.GuiServiceSuffixWebSec; AddAccessRule(systemHighaccessRule); // Adding systemhigh access rules for scouts systemHighaccessRule = new AccessRule(); systemHighaccessRule.RuleName = Constants.SystemHigh; systemHighaccessRule.UserGroup = Constants.SystemHigh; systemHighaccessRule.AccessMode = AccessMode.Allow; systemHighaccessRule.DeviceList = new List<string> { "*" }; systemHighaccessRule.TimeList = new List<TimeOfWeek> { new TimeOfWeek(-1, 0, 2400) }; systemHighaccessRule.Priority = 0; systemHighaccessRule.ModuleName = Constants.ScoutsSuffixWeb; AddAccessRule(systemHighaccessRule); }
public List<string> InstallAppWeb(string appName) { try { logger.Log("UICalled:InstallAppWeb " + appName); HomeStoreApp app = homeStoreInfo.GetHomeStoreAppByName(appName); if (app == null) { logger.Log("HomeStore app {0} was not found", appName); return new List<string>() { "HomeStore app not found" }; } //by default, we make the app auto start ModuleInfo moduleInfo = new ModuleInfo(app.AppName, app.AppName, app.BinaryName, null, true); moduleInfo.SetManifest(app.Manifest); if (String.IsNullOrWhiteSpace(app.Version)) moduleInfo.SetRunningVersion(Common.Constants.UnknownHomeOSUpdateVersionValue); else moduleInfo.SetRunningVersion(app.Version); AccessRule accessRule = new AccessRule(); accessRule.ModuleName = moduleInfo.FriendlyName(); accessRule.RuleName = "Access for " + moduleInfo.FriendlyName(); accessRule.UserGroup = "everyone"; accessRule.AccessMode = AccessMode.Allow; accessRule.DeviceList = new List<string> { "*" }; accessRule.TimeList = new List<TimeOfWeek> { new TimeOfWeek(-1, 0, 2400) }; accessRule.Priority = 0; platform.AddAccessRule(accessRule); //we now call startmodule: if we don't already have the binaries, this will download them as well var startedModule = platform.StartModule(moduleInfo, true); if (startedModule != null) { //add this to our configuration config.AddModule(moduleInfo); return new List<string>() { "" }; } else { //remove the rule we just added, since we are not starting the module platform.RemoveAccessRulesForModule(moduleInfo.FriendlyName()); return new List<string>() { "Could not start module. Perhaps because we didn't find the right binaries" }; } } catch (Exception e) { logger.Log("Exception in InstallAppWeb: " + e.ToString()); return new List<string>() { "Got exception: " + e.Message }; } }
public void AddAccessRule(AccessRule rule) { policyEngine.AddAccessRule(rule); config.AddAccessRule(rule); }
public void AllowAppAcccessToDevice(string appFriendlyName, string deviceFriendlyName) { AccessRule rule = new AccessRule(); rule.RuleName = appFriendlyName + "-" + deviceFriendlyName; rule.ModuleName = appFriendlyName; rule.UserGroup = "everyone"; rule.AccessMode = Common.AccessMode.Allow; rule.Priority = 0; rule.DeviceList = new List<string>(); rule.DeviceList.Add(deviceFriendlyName); rule.TimeList = new List<TimeOfWeek>(); rule.TimeList.Add(new TimeOfWeek(-1, 0, 2400)); policyEngine.AddAccessRule(rule); config.AddAccessRule(rule); }
public void AddAccessRule(AccessRule rule, bool writeToDisk = true) { lock (allPolicies) { allPolicies.Add(rule); if (writeToDisk) WriteAccessRules(); } }
private void ReadAccessRules() { string fileName = this.RulesFile; XmlDocument xmlDoc = new XmlDocument(); XmlReader xmlReader = XmlReader.Create(fileName, xmlReaderSettings); xmlDoc.Load(xmlReader); XmlElement root = xmlDoc.FirstChild as XmlElement; if (!root.Name.Equals("Rules")) throw new Exception("rules file " + fileName + " does not begin with <Rules>"); foreach (XmlElement xmlRule in root.ChildNodes) { if (!xmlRule.Name.Equals("Rule")) throw new Exception("expected Rule. Got " + xmlRule.Name); foreach (XmlElement xmlUser in xmlRule.ChildNodes) { if (!xmlUser.Name.Equals("User") && !xmlUser.Name.Equals("Group")) throw new Exception("expected User. Got " + xmlUser.Name); AccessRule accessRule = new AccessRule(); accessRule.RuleName = xmlRule.GetAttribute("Name"); accessRule.ModuleName = xmlRule.GetAttribute("Module"); if (!allModules.ContainsKey(accessRule.ModuleName) && !accessRule.ModuleName.Equals(Constants.GuiServiceSuffixWeb) && !accessRule.ModuleName.Equals(Constants.GuiServiceSuffixWebSec) && !accessRule.ModuleName.Equals(Constants.ScoutsSuffixWeb) ) throw new Exception("unknown module in rules: " + accessRule.ModuleName); accessRule.UserGroup = xmlUser.GetAttribute("Name").ToLower(); if (!allGroups.ContainsKey(accessRule.UserGroup)) throw new Exception("unknown user/group in rules: " + accessRule.UserGroup); accessRule.AccessMode = (AccessMode)Enum.Parse(typeof(AccessMode), xmlUser.GetAttribute("Type"), true); List<string> deviceList = new List<string>(); List<TimeOfWeek> timeList = new List<TimeOfWeek>(); foreach (XmlElement xmlChild in xmlUser.ChildNodes) { switch (xmlChild.Name) { case "Service": { //it is a device string serviceName = xmlChild.GetAttribute("FriendlyName"); if (!configuredPortNames.ContainsKey(serviceName)&& !serviceName.Equals("*") ) throw new Exception("unknown service name in rules: " + serviceName); deviceList.Add(serviceName); } break; case "Time": { //it is time int dayOfWeek = int.Parse(xmlChild.GetAttribute("DayOfWeek")); string startMins = xmlChild.GetAttribute("StartMins"); string endMins = xmlChild.GetAttribute("EndMins"); int startMinsInt = (startMins.Equals("")) ? 0 : int.Parse(startMins); int endMinsInt = (endMins.Equals("")) ? 2400 : int.Parse(endMins); TimeOfWeek timeOfWeek = new TimeOfWeek(dayOfWeek, startMinsInt, endMinsInt); if (!timeOfWeek.Valid()) throw new Exception("invalid time spec for rule " + accessRule.RuleName); timeList.Add(timeOfWeek); } break; default: throw new Exception("expected Device or Time. Got " + xmlChild.Name); } } //assume always if no time was specified if (timeList.Count == 0) timeList.Add(new TimeOfWeek(-1, 0, 2400)); // assume access-rule applies to all ports of the module if no service specified if(deviceList.Count==0) deviceList.Add("*"); accessRule.DeviceList = deviceList; accessRule.TimeList = timeList; accessRule.Priority = 0; AddAccessRule(accessRule, false); } } xmlReader.Close(); }