-
Notifications
You must be signed in to change notification settings - Fork 245
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SDL applies PT file received when PTU procedure is not in progress #3076
Comments
This is not a regression issue and reproduced on a previous SDL release (5.1.3) |
@theresalech, Please triage this issue. |
@aderiabin we've noted that this is not a regression issue but will work to prioritize reviewing the PR once submitted. Thanks! |
According to current behavior for PROPRIETARY policy flow:
The diagram: https://smartdevicelink.com/en/guides/hmi/basiccommunication/policyupdate/ But the question is should SDL process SystemRequest and apply the PT snapshot in case if there are no PTU in progress and App in UP_TO_DATE state? Or SDL should process SystemRequest according to the requirements above even if App in UP_TO_DATE state? @JackLivio @jacobkeeler @dboltovskyi @aderiabin Would be grateful for any thoughts on this issue. Thank you. |
I agree that there is an issue present. Allowing an unsolicited PTU SystemRequest from an app could raise some security concerns if there is no PTU encryption in place. We could update Core to keep track of the appID it sent the onSystemRequest to and only accept the PTU SystemRequest from that app id. Its not a 100% fix because a bad actor could still receive that first OnSystemRequest. Even though I agree with this issue, I still want to submit an evolution proposal for a fix to ensure SystemRequests are only accepted from apps during PTU in progress state. The proposal will be for visibility to other SDLC members in case someone's policy flow was defined around being able to send unsolicited PTUs. |
@JackLivio thank you for your response. I agree that this issue requires proposal and we from the Luxoft side can prepare it. |
Closed since Luxoft will prepare a proposal for this issue. |
Reopening since a proposal has been entered by Livio and is in review @LitvinenkoIra |
The proposal mentioned in this issue was accepted (#3715) |
Closed via #3853 |
Bug Report
SDL applies PT file received when PTU procedure is not in progress
Precondition
GetVehicleData
RPC is not allowed for App.Reproduction Steps
GetVehicleData
RPC for AppGetVehicleData
RPCExpected Behavior
SDL responds on
GetVehicleData
with DISALLOWED resultCodeObserved Behavior
SDL responds on
GetVehicleData
with SUCCESS resultCodeOS & Version Information
Logs:
hmi.log
SmartDeviceLinkCore.log
The text was updated successfully, but these errors were encountered: