draft usp role changes

obuspa/Makefile

@@ -7,7 +7,7 @@ include $(TOPDIR)/rules.mk
 PKG_NAME:=obuspa
 PKG_VERSION:=10.0.4.1
 
-LOCAL_DEV:=0
+LOCAL_DEV:=1
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/bbf/obuspa.git
@@ -35,7 +35,7 @@ define Package/obuspa
   DEPENDS:=+libopenssl +libuci +libblobmsg-json +libcurl +libsqlite3 +libubox +libubus +libmosquitto-ssl +libwebsockets-openssl +ca-certificates \
 		+OBUSPA_ENABLE_TEST_CONTROLLER_LOCAL:mosquitto-ssl +OBUSPA_ENABLE_TEST_CONTROLLER_LOCAL:mosquitto-client-ssl \
 		+OBUSPA_ENABLE_TEST_CONTROLLER:mosquitto-auth-shadow +libjson-c
-  DEPENDS+=+libbbfdm-api +libbbfdm-ubus +dm-service
+  DEPENDS+=+libbbfdm-api +libbbfdm-ubus +dm-service +bbfdmd
 endef
 
 define Package/obuspa/description

obuspa/files/etc/init.d/obuspa

@@ -13,6 +13,7 @@ KEEP_FILE="/lib/upgrade/keep.d/obuspa"
 RESET_FILE="/tmp/obuspa/fw_defaults"
 SQL_DB_FILE="/tmp/obuspa/usp.db"
 DB_DUMP="/tmp/obuspa/usp.dump_$(date +%s)"
+CTRUST_ROLE_MAP="/tmp/obuspa/usp.role.map"
 
 BASEPATH=""
 INSTANCE_COUNT=0
@@ -283,6 +284,14 @@ update_dual_stack_pref()
 	db_set Internal.DualStackPreference "${1}"
 }
 
+create_ctrust_role_map()
+{
+	echo ""> ${CTRUST_ROLE_MAP}
+	for file in $(ls -1 /etc/users/roles/*.json); do
+		cat ${file} |jq -r '.tr181| [.instance, .name]|@tsv' >> ${CTRUST_ROLE_MAP}
+	done
+}
+
 get_role_index()
 {
 	local name drole
@@ -306,14 +315,9 @@ get_role_index()
 	fi
 
 	# Get if from CTRUST file first if present, then from dbdump and then use default Untrusted role
-	if [ -f "${CTRUST_RESET_FILE}" ]; then
-		val="$(grep "Device.LocalAgent.ControllerTrust.Role.\d.Name" ${CTRUST_RESET_FILE} |grep $name)"
-		val="$(echo ${val/.Name /,}|cut -d, -f 1)"
-		echo "$val"
-	elif [ -f "${DB_DUMP}" ]; then
-		val="$(grep "Device.LocalAgent.ControllerTrust.Role.\d.Name" ${DB_DUMP} |grep $name)"
-		val="$(echo ${val/.Name /,}|cut -d, -f 1)"
-		echo "$val"
+	if [ -f "${CTRUST_ROLE_MAP}" ]; then
+		rindex="$(grep "${name}" ${CTRUST_ROLE_MAP} |cut -f 1)"
+		echo "Device.LocalAgent.ControllerTrust.Role.${rindex}"
 	else
 		log "Not able to get role ${name}, use Untrusted role"
 		echo "${drole}"
@@ -969,7 +973,7 @@ db_init()
 
 	# Dump datamodel parameters from DB
 	if [ -f "${SQL_DB_FILE}" ]; then
-		dump_db
+		return 0
 	fi
 
 	# In case of Reboot or service restart update the uci
@@ -996,6 +1000,7 @@ db_init()
 	config_load $CONFIGURATION
 	config_get dualstack_pref global dualstack_pref "IPv6"
 
+	create_ctrust_role_map
 	global_init
 	config_foreach configure_localagent localagent
 	global_init
@@ -1022,9 +1027,8 @@ db_init()
 		mv ${DB_DUMP} ${RESET_FILE}
 	fi
 
-	if [ -f "${CTRUST_RESET_FILE}" ]; then
-		cat ${CTRUST_RESET_FILE} >> ${RESET_FILE}
-		rm ${CTRUST_RESET_FILE}
+	if [ -f "${CTRUST_ROLE_MAP}" ]; then
+		rm ${CTRUST_ROLE_MAP}
 	fi
 }
 

obuspa/files/etc/uci-defaults/60-generate-ctrust-defaults

@@ -10,8 +10,8 @@ if [ -n "${rfile}" ]; then
 	uci -q set obuspa.global.role_file=""
 fi
 
-if [ ! -f "${db_file}" ]; then
-	configure_ctrust_role
-fi
+#if [ ! -f "${db_file}" ]; then
+	#configure_ctrust_role
+#fi
 
 exit 0

obuspa/files/etc/uci-defaults/61-override-ct-roles

@@ -3,6 +3,6 @@
 . /lib/functions.sh
 . /etc/obuspa/usp_utils.sh
 
-configure_ctrust_role
+#configure_ctrust_role
 
 exit 0

obuspa/files/etc/users/roles/02_untrusted.json

@@ -0,0 +1,35 @@
+{
+  "tr181": {
+    "name": "Untrusted",
+    "instance": 2,
+    "permission": [
+      {
+        "object": "Device.",
+        "perm": [
+          "PERMIT_NONE"
+        ]
+      },
+      {
+        "object": "Device.DeviceInfo.",
+        "perm": [
+          "PERMIT_GET",
+          "PERMIT_OBJ_INFO"
+        ]
+      },
+      {
+        "object": "Device.LocalAgent.ControllerTrust.RequestChallenge()",
+        "perm": [
+          "PERMIT_OPER",
+          "PERMIT_CMD_INFO"
+        ]
+      },
+      {
+        "object": "Device.LocalAgent.ControllerTrust.RequestChallenge()",
+        "perm": [
+          "PERMIT_OPER",
+          "PERMIT_CMD_INFO"
+        ]
+      }
+    ]
+  }
+}

obuspa/files/etc/users/roles/untrusted.json

@@ -1,6 +0,0 @@
-{
-  "tr181": {
-    "name": "Untrusted",
-    "instance": 2
-  }
-}