SDL applies PT file received when PTU procedure is not in progress

[aderiabin]

Bug Report

SDL applies PT file received when PTU procedure is not in progress

Precondition

1. Policy table contains permissions for application (App)
   GetVehicleData RPC is not allowed for App.
2. HMI and SDL are started
3. App is registered and activated (PTU is not triggered)

Reproduction Steps

1. App sends valid "SystemRequest" with PT file which allows GetVehicleData RPC for App
2. App sends valid GetVehicleData RPC

Expected Behavior

SDL responds on GetVehicleData with DISALLOWED resultCode

Observed Behavior

SDL responds on GetVehicleData with SUCCESS resultCode

OS & Version Information

• OS/Version: Ubuntu 18.04
• SDL Core Version: https://github.com/smartdevicelink/sdl_core/releases/tag/6.0.0_RC ( 2b09ea3 )
• HMI: https://github.com/smartdevicelink/sdl_hmi/tree/develop ( 1db5de1 )
• SPT: SyncProxyTester ( 20191001 Nightly-Android )

Logs:
hmi.log
SmartDeviceLinkCore.log

[aderiabin]

This is not a regression issue and reproduced on a previous SDL release (5.1.3)

[aderiabin]

@theresalech, Please triage this issue.
Luxoft team is going to prepare a fix.

[theresalech]

@aderiabin we've noted that this is not a regression issue but will work to prioritize reviewing the PR once submitted. Thanks!

[LitvinenkoIra]

According to current behavior for PROPRIETARY policy flow:

1. App -> SDL: SystemRequest (PROPRIETARY, fileName) // valid and binary data is not empty.
2. SDL reads data and stores it by the path in smartDeviceLink.ini file under "SystemFilesPath" parameter.
3. SDL -> HMI: SystemRequest (PROPRIETARY, fileName, appID)

The diagram: https://smartdevicelink.com/en/guides/hmi/basiccommunication/policyupdate/

But the question is should SDL process SystemRequest and apply the PT snapshot in case if there are no PTU in progress and App in UP_TO_DATE state?

Or SDL should process SystemRequest according to the requirements above even if App in UP_TO_DATE state?

@JackLivio @jacobkeeler @dboltovskyi @aderiabin Would be grateful for any thoughts on this issue. Thank you.

[Jack-Byrne]

I agree that there is an issue present. Allowing an unsolicited PTU SystemRequest from an app could raise some security concerns if there is no PTU encryption in place.

We could update Core to keep track of the appID it sent the onSystemRequest to and only accept the PTU SystemRequest from that app id. Its not a 100% fix because a bad actor could still receive that first OnSystemRequest.

Even though I agree with this issue, I still want to submit an evolution proposal for a fix to ensure SystemRequests are only accepted from apps during PTU in progress state. The proposal will be for visibility to other SDLC members in case someone's policy flow was defined around being able to send unsolicited PTUs.

[LitvinenkoIra]

@JackLivio thank you for your response. I agree that this issue requires proposal and we from the Luxoft side can prepare it.

[LitvinenkoIra]

Closed since Luxoft will prepare a proposal for this issue.

[Jack-Byrne]

Reopening since a proposal has been entered by Livio and is in review @LitvinenkoIra

[jordynmackool]

The proposal mentioned in this issue was accepted (#3715)

[iCollin]

Closed via #3853