ros2 · ivanpauno · Apr 13, 2020 · Apr 9, 2020 · Apr 10, 2020 · Apr 10, 2020
@@ -58,7 +58,7 @@ set(${PROJECT_NAME}_sources
   src/rcl/subscription.c
   src/rcl/time.c
   src/rcl/timer.c
-  src/rcl/validate_security_context_name.c
+  src/rcl/validate_enclave_name.c
   src/rcl/validate_topic_name.c
   src/rcl/wait.c
 )

@@ -42,7 +42,8 @@ typedef struct rcl_arguments_t
 #define RCL_PARAM_FILE_FLAG "--params-file"
 #define RCL_REMAP_FLAG "--remap"
 #define RCL_SHORT_REMAP_FLAG "-r"
-#define RCL_SECURITY_CONTEXT_FLAG "--security-context"
+#define RCL_ENCLAVE_FLAG "--enclave"
+#define RCL_SHORT_ENCLAVE_FLAG "-e"
 #define RCL_LOG_LEVEL_FLAG "--log-level"
 #define RCL_EXTERNAL_LOG_CONFIG_FLAG "--log-config-file"
 // To be prefixed with --enable- or --disable-

@@ -441,9 +441,9 @@ rcl_get_node_names(
   rcutils_string_array_t * node_names,
   rcutils_string_array_t * node_namespaces);
 
-/// Return a list of available nodes in the ROS graph, including their security context names.
+/// Return a list of available nodes in the ROS graph, including their enclave names.
 /**
- * An \ref rcl_get_node_names equivalent, but including in its output the security context
+ * An \ref rcl_get_node_names equivalent, but including in its output the enclave
  * name the node is using.
  *
  * <hr>
@@ -459,20 +459,20 @@ rcl_get_node_names(
  * \param[in] allocator used to control allocation and deallocation of names
  * \param[out] node_names struct storing discovered node names
  * \param[out] node_namesspaces struct storing discovered node namespaces
- * \param[out] security_contexts struct storing discovered node security contexts
+ * \param[out] enclaves struct storing discovered node enclaves
  * \return `RCL_RET_OK` if the query was successful, or
  * \return `RCL_RET_BAD_ALLOC` if an error occurred while allocating memory, or
  * \return `RCL_RET_ERROR` if an unspecified error occurs.
  */
 RCL_PUBLIC
 RCL_WARN_UNUSED
 rcl_ret_t
-rcl_get_node_names_with_security_contexts(
+rcl_get_node_names_with_enclaves(
   const rcl_node_t * node,
   rcl_allocator_t allocator,
   rcutils_string_array_t * node_names,
   rcutils_string_array_t * node_namespaces,
-  rcutils_string_array_t * security_contexts);
+  rcutils_string_array_t * enclaves);
 
 /// Return the number of publishers on a given topic.
 /**

@@ -92,9 +92,9 @@ RCL_PUBLIC
 rcl_ret_t
 rcl_get_enforcement_policy(rmw_security_enforcement_policy_t * policy);
 
-/// Return the secure root given a security context name.
+/// Return the secure root given a enclave name.
 /**
- * Return the security directory associated with the security context name.
+ * Return the security directory associated with the enclave name.
  *
  * The value of the environment variable `ROS_SECURITY_ROOT_DIRECTORY` is used as a root.
  * The specific directory to be used, is found from that root using the `name` passed.
@@ -104,7 +104,7 @@ rcl_get_enforcement_policy(rmw_security_enforcement_policy_t * policy);
  * However, this expansion can be overridden by setting the secure directory override environment
  * (`ROS_SECURITY_DIRECTORY_OVERRIDE`) variable, allowing users to explicitly specify the exact secure
  * root directory to be utilized.
- * Such an override is useful for applications where the security context is non-deterministic
+ * Such an override is useful for applications where the enclave is non-deterministic
  * before runtime, or when testing and using additional tools that may not otherwise be easily
  * provisioned.
  *

@@ -12,8 +12,8 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-#ifndef RCL__VALIDATE_SECURITY_CONTEXT_NAME_H_
-#define RCL__VALIDATE_SECURITY_CONTEXT_NAME_H_
+#ifndef RCL__VALIDATE_ENCLAVE_NAME_H_
+#define RCL__VALIDATE_ENCLAVE_NAME_H_
 
 #ifdef __cplusplus
 extern "C"
@@ -27,27 +27,27 @@ extern "C"
 #include "rcl/types.h"
 #include "rcl/visibility_control.h"
 
-#define RCL_SECURITY_CONTEXT_NAME_VALID RMW_NAMESPACE_VALID
-#define RCL_SECURITY_CONTEXT_NAME_INVALID_IS_EMPTY_STRING RMW_NAMESPACE_INVALID_IS_EMPTY_STRING
-#define RCL_SECURITY_CONTEXT_NAME_INVALID_NOT_ABSOLUTE RMW_NAMESPACE_INVALID_NOT_ABSOLUTE
-#define RCL_SECURITY_CONTEXT_NAME_INVALID_ENDS_WITH_FORWARD_SLASH \
+#define RCL_ENCLAVE_NAME_VALID RMW_NAMESPACE_VALID
+#define RCL_ENCLAVE_NAME_INVALID_IS_EMPTY_STRING RMW_NAMESPACE_INVALID_IS_EMPTY_STRING
+#define RCL_ENCLAVE_NAME_INVALID_NOT_ABSOLUTE RMW_NAMESPACE_INVALID_NOT_ABSOLUTE
+#define RCL_ENCLAVE_NAME_INVALID_ENDS_WITH_FORWARD_SLASH \
   RMW_NAMESPACE_INVALID_ENDS_WITH_FORWARD_SLASH
-#define RCL_SECURITY_CONTEXT_NAME_INVALID_CONTAINS_UNALLOWED_CHARACTERS \
+#define RCL_ENCLAVE_NAME_INVALID_CONTAINS_UNALLOWED_CHARACTERS \
   RMW_NAMESPACE_INVALID_CONTAINS_UNALLOWED_CHARACTERS
-#define RCL_SECURITY_CONTEXT_NAME_INVALID_CONTAINS_REPEATED_FORWARD_SLASH \
+#define RCL_ENCLAVE_NAME_INVALID_CONTAINS_REPEATED_FORWARD_SLASH \
   RMW_NAMESPACE_INVALID_CONTAINS_REPEATED_FORWARD_SLASH
-#define RCL_SECURITY_CONTEXT_NAME_INVALID_NAME_TOKEN_STARTS_WITH_NUMBER \
+#define RCL_ENCLAVE_NAME_INVALID_NAME_TOKEN_STARTS_WITH_NUMBER \
   RMW_NAMESPACE_INVALID_NAME_TOKEN_STARTS_WITH_NUMBER
-#define RCL_SECURITY_CONTEXT_NAME_INVALID_TOO_LONG RMW_NAMESPACE_INVALID_TOO_LONG
+#define RCL_ENCLAVE_NAME_INVALID_TOO_LONG RMW_NAMESPACE_INVALID_TOO_LONG
 
-#define RCL_SECURITY_CONTEXT_NAME_MAX_LENGTH RMW_NODE_NAME_MAX_NAME_LENGTH
+#define RCL_ENCLAVE_NAME_MAX_LENGTH RMW_NODE_NAME_MAX_NAME_LENGTH
 
-/// Determine if a given security context name is valid.
+/// Determine if a given enclave name is valid.
 /**
  * The same rules as \ref rmw_validate_namespace are used.
  * The only difference is in the maximum allowed length, which can be up to 255 characters.
  *
- * \param[in] security_context security_context to be validated
+ * \param[in] enclave enclave to be validated
  * \param[out] validation_result int in which the result of the check is stored
  * \param[out] invalid_index index of the input string where an error occurred
  * \returns `RMW_RET_OK` on successfully running the check, or
@@ -57,35 +57,35 @@ extern "C"
 RCL_PUBLIC
 RCL_WARN_UNUSED
 rcl_ret_t
-rcl_validate_security_context_name(
-  const char * security_context,
+rcl_validate_enclave_name(
+  const char * enclave,
   int * validation_result,
   size_t * invalid_index);
 
-/// Deterimine if a given security context name is valid.
+/// Deterimine if a given enclave name is valid.
 /**
- * This is an overload of \ref rcl_validate_security_context_name with an extra parameter
- * for the length of security_context.
+ * This is an overload of \ref rcl_validate_enclave_name with an extra parameter
+ * for the length of enclave.
  *
- * \param[in] security_context The number of characters in security_context.
+ * \param[in] enclave The number of characters in enclave.
  */
 RCL_PUBLIC
 RCL_WARN_UNUSED
 rcl_ret_t
-rcl_validate_security_context_name_with_size(
-  const char * security_context,
-  size_t security_context_length,
+rcl_validate_enclave_name_with_size(
+  const char * enclave,
+  size_t enclave_length,
   int * validation_result,
   size_t * invalid_index);
 
-/// Return a validation result description, or NULL if unknown or RCL_SECURITY_CONTEXT_NAME_VALID.
+/// Return a validation result description, or NULL if unknown or RCL_ENCLAVE_NAME_VALID.
 RCL_PUBLIC
 RCL_WARN_UNUSED
 const char *
-rcl_security_context_name_validation_result_string(int validation_result);
+rcl_enclave_name_validation_result_string(int validation_result);
 
 #ifdef __cplusplus
 }
 #endif
 
-#endif  // RCL__VALIDATE_SECURITY_CONTEXT_NAME_H_
+#endif  // RCL__VALIDATE_ENCLAVE_NAME_H_
@@ -190,21 +190,21 @@ _rcl_parse_param_file(
   rcl_params_t * params,
   char ** param_file);
 
-/// Parse a security context argument.
+/// Parse an enclave argument.
 /**
  * \param[in] arg the argument to parse
  * \param[in] allocator an allocator to use
- * \param[in,out] security_context parsed security context
- * \return RCL_RET_OK if a valid security context was parsed, or
+ * \param[in,out] enclave parsed security enclave
+ * \return RCL_RET_OK if a valid security enclave was parsed, or
  * \return RCL_RET_BAD_ALLOC if an allocation failed, or
  * \return RLC_RET_ERROR if an unspecified error occurred.
  */
 RCL_LOCAL
 rcl_ret_t
-_rcl_parse_security_context(
+_rcl_parse_enclave(
   const char * arg,
   rcl_allocator_t allocator,
-  char ** security_context);
+  char ** enclave);
 
 #define RCL_ENABLE_FLAG_PREFIX "--enable-"
 #define RCL_DISABLE_FLAG_PREFIX "--disable-"
@@ -495,33 +495,33 @@ rcl_parse_arguments(
         goto fail;
       }
 
-      // Attempt to parse argument as a security context
-      if (strcmp(RCL_SECURITY_CONTEXT_FLAG, argv[i]) == 0) {
+      // Attempt to parse argument as a security enclave
+      if (strcmp(RCL_ENCLAVE_FLAG, argv[i]) == 0 || strcmp(RCL_SHORT_ENCLAVE_FLAG, argv[i]) == 0) {
         if (i + 1 < argc) {
-          if (NULL != args_impl->security_context) {
+          if (NULL != args_impl->enclave) {
             RCUTILS_LOG_DEBUG_NAMED(
-              ROS_PACKAGE_NAME, "Overriding security context name : %s\n",
-              args_impl->security_context);
-            allocator.deallocate(args_impl->security_context, allocator.state);
-            args_impl->security_context = NULL;
+              ROS_PACKAGE_NAME, "Overriding security enclave : %s\n",
+              args_impl->enclave);
+            allocator.deallocate(args_impl->enclave, allocator.state);
+            args_impl->enclave = NULL;
           }
-          if (RCL_RET_OK == _rcl_parse_security_context(
-              argv[i + 1], allocator, &args_impl->security_context))
+          if (RCL_RET_OK == _rcl_parse_enclave(
+              argv[i + 1], allocator, &args_impl->enclave))
           {
             RCUTILS_LOG_DEBUG_NAMED(
-              ROS_PACKAGE_NAME, "Got security context : %s\n",
-              args_impl->security_context);
+              ROS_PACKAGE_NAME, "Got enclave: %s\n",
+              args_impl->enclave);
             ++i;  // Skip flag here, for loop will skip value.
             continue;
           }
           rcl_error_string_t prev_error_string = rcl_get_error_string();
           rcl_reset_error();
           RCL_SET_ERROR_MSG_WITH_FORMAT_STRING(
-            "Couldn't parse security context name: '%s %s'. Error: %s", argv[i], argv[i + 1],
+            "Couldn't parse enclave name: '%s %s'. Error: %s", argv[i], argv[i + 1],
             prev_error_string.str);
         } else {
           RCL_SET_ERROR_MSG_WITH_FORMAT_STRING(
-            "Couldn't parse trailing %s flag. No security context path provided.", argv[i]);
+            "Couldn't parse trailing %s flag. No enclave path provided.", argv[i]);
         }
         ret = RCL_RET_INVALID_ROS_ARGS;
         goto fail;
@@ -920,16 +920,16 @@ rcl_arguments_copy(
       }
     }
   }
-  char * security_context_copy = rcutils_strdup(args->impl->security_context, allocator);
-  if (args->impl->security_context && !security_context_copy) {
+  char * enclave_copy = rcutils_strdup(args->impl->enclave, allocator);
+  if (args->impl->enclave && !enclave_copy) {
     if (RCL_RET_OK != rcl_arguments_fini(args_out)) {
       RCL_SET_ERROR_MSG("Error while finalizing arguments due to another error");
     } else {
-      RCL_SET_ERROR_MSG("Error while copying security context argument");
+      RCL_SET_ERROR_MSG("Error while copying enclave argument");
     }
     return RCL_RET_BAD_ALLOC;
   }
-  args_out->impl->security_context = security_context_copy;
+  args_out->impl->enclave = enclave_copy;
   return RCL_RET_OK;
 }
 
@@ -977,7 +977,7 @@ rcl_arguments_fini(
       args->impl->num_param_files_args = 0;
       args->impl->parameter_files = NULL;
     }
-    args->impl->allocator.deallocate(args->impl->security_context, args->impl->allocator.state);
+    args->impl->allocator.deallocate(args->impl->enclave, args->impl->allocator.state);
 
     if (NULL != args->impl->external_log_config_file) {
       args->impl->allocator.deallocate(
@@ -1807,17 +1807,17 @@ _rcl_parse_external_log_config_file(
 }
 
 rcl_ret_t
-_rcl_parse_security_context(
+_rcl_parse_enclave(
   const char * arg,
   rcl_allocator_t allocator,
-  char ** security_context)
+  char ** enclave)
 {
   RCL_CHECK_ARGUMENT_FOR_NULL(arg, RCL_RET_INVALID_ARGUMENT);
-  RCL_CHECK_ARGUMENT_FOR_NULL(security_context, RCL_RET_INVALID_ARGUMENT);
+  RCL_CHECK_ARGUMENT_FOR_NULL(enclave, RCL_RET_INVALID_ARGUMENT);
 
-  *security_context = rcutils_strdup(arg, allocator);
-  if (NULL == *security_context) {
-    RCL_SET_ERROR_MSG("Failed to allocate memory for security context name");
+  *enclave = rcutils_strdup(arg, allocator);
+  if (NULL == *enclave) {
+    RCL_SET_ERROR_MSG("Failed to allocate memory for enclave name");
     return RCL_RET_BAD_ALLOC;
   }
   return RCL_RET_OK;
@@ -1925,7 +1925,7 @@ _rcl_allocate_initialized_arguments_impl(rcl_arguments_t * args, rcl_allocator_t
   args_impl->log_stdout_disabled = false;
   args_impl->log_rosout_disabled = false;
   args_impl->log_ext_lib_disabled = false;
-  args_impl->security_context = NULL;
+  args_impl->enclave = NULL;
   args_impl->allocator = *allocator;
 
   return RCL_RET_OK;

@@ -61,8 +61,8 @@ typedef struct rcl_arguments_impl_t
   /// A boolean value indicating if the external lib handler should be used for log output
   bool log_ext_lib_disabled;
 
-  /// Security context to be used.
-  char * security_context;
+  /// Enclave to be used.
+  char * enclave;
 
   /// Allocator used to allocate objects in this struct
   rcl_allocator_t allocator;

@@ -340,12 +340,12 @@ rcl_get_node_names(
 }
 
 rcl_ret_t
-rcl_get_node_names_with_security_contexts(
+rcl_get_node_names_with_enclaves(
   const rcl_node_t * node,
   rcl_allocator_t allocator,
   rcutils_string_array_t * node_names,
   rcutils_string_array_t * node_namespaces,
-  rcutils_string_array_t * security_contexts)
+  rcutils_string_array_t * enclaves)
 {
   if (!rcl_node_is_valid(node)) {
     return RCL_RET_NODE_INVALID;  // error already set
@@ -368,21 +368,21 @@ rcl_get_node_names_with_security_contexts(
     RCL_SET_ERROR_MSG("node_namespaces is not null");
     return RCL_RET_INVALID_ARGUMENT;
   }
-  RCL_CHECK_ARGUMENT_FOR_NULL(security_contexts, RCL_RET_INVALID_ARGUMENT);
-  if (security_contexts->size != 0) {
-    RCL_SET_ERROR_MSG("security_contexts size is not zero");
+  RCL_CHECK_ARGUMENT_FOR_NULL(enclaves, RCL_RET_INVALID_ARGUMENT);
+  if (enclaves->size != 0) {
+    RCL_SET_ERROR_MSG("enclaves size is not zero");
     return RCL_RET_INVALID_ARGUMENT;
   }
-  if (security_contexts->data) {
-    RCL_SET_ERROR_MSG("security_contexts is not null");
+  if (enclaves->data) {
+    RCL_SET_ERROR_MSG("enclaves is not null");
     return RCL_RET_INVALID_ARGUMENT;
   }
   (void)allocator;  // to be used in rmw_get_node_names in the future
-  rmw_ret_t rmw_ret = rmw_get_node_names_with_security_contexts(
+  rmw_ret_t rmw_ret = rmw_get_node_names_with_enclaves(
     rcl_node_get_rmw_handle(node),
     node_names,
     node_namespaces,
-    security_contexts);
+    enclaves);
   return rcl_convert_rmw_ret_to_rcl_ret(rmw_ret);
 }