Commit 6678ceb5 authored by Committed by Randeep
[IOT-1595] Change Policy Engine to us ACE Union behavior.
The current Policy Engine logic is to assess the permissions on the first matching ACE for a request (matched via Subject and Resource), and respond to the request (Grant or Deny) based on that ACE. The new OCF 1.0 behavior specifies that if any ACE allows a request, it should be Granted (so-called "Union" behavior). To allow consistency we must fix this in 1.2.1. This patch changes the Policy Engine to keep searching for an ACE that Grants the request, until either the request is granted, or the end of the ACL is reached. Change-Id: Idd4e90c37c7e0fcf963105b34b3e82dfde2ccfd2 Signed-off-by: Nathan Heldt-Sheller <firstname.lastname@example.org> Reviewed-on: https://gerrit.iotivity.org/gerrit/14701Reviewed-by: Kevin Kane <email@example.com> Tested-by: jenkins-iotivity <firstname.lastname@example.org> Reviewed-by: Greg Zaverucha <email@example.com> (cherry picked from commit 9524976d) Reviewed-on: https://gerrit.iotivity.org/gerrit/14717Reviewed-by: Randeep Singh <firstname.lastname@example.org>
Showing with 5 additions and 8 deletions