From c1a8c1aa86625c24c6feeb4668f05d59411912c0 Mon Sep 17 00:00:00 2001
From: Vivek Kumar Dutta <vivek.dutta@iopsys.eu>
Date: Mon, 24 Feb 2025 20:49:41 +0530
Subject: [PATCH] obuspa: Updated max CT role

- Updated role json to include role name and instance number
- Removed full_access.json
- Reuse full_access Role from core code
---
 obuspa/Makefile                               |  4 +--
 obuspa/files/etc/obuspa/usp_utils.sh          | 28 +++++++++++++------
 obuspa/files/etc/users/roles/extender.json    |  2 ++
 obuspa/files/etc/users/roles/full_access.json | 12 --------
 .../patches/1003-ct-full-access-rename.patch  | 13 +++++++++
 5 files changed, 36 insertions(+), 23 deletions(-)
 delete mode 100644 obuspa/files/etc/users/roles/full_access.json
 create mode 100644 obuspa/patches/1003-ct-full-access-rename.patch

diff --git a/obuspa/Makefile b/obuspa/Makefile
index 4d4cd0800..7371f7d9c 100644
--- a/obuspa/Makefile
+++ b/obuspa/Makefile
@@ -5,13 +5,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=obuspa
-PKG_VERSION:=9.0.4.8
+PKG_VERSION:=9.0.4.9
 
 LOCAL_DEV:=0
 ifneq ($(LOCAL_DEV),1)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/bbf/obuspa.git
-PKG_SOURCE_VERSION:=e6dd22754d3a4fee1c804f8f17fe57b3f38a2c1f
+PKG_SOURCE_VERSION:=79e066a3997b46ea3bcc48c4589c5a4c4cb05630
 PKG_MAINTAINER:=Vivek Dutta <vivek.dutta@iopsys.eu>
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip
diff --git a/obuspa/files/etc/obuspa/usp_utils.sh b/obuspa/files/etc/obuspa/usp_utils.sh
index 4cffc9505..0b329215e 100755
--- a/obuspa/files/etc/obuspa/usp_utils.sh
+++ b/obuspa/files/etc/obuspa/usp_utils.sh
@@ -157,7 +157,6 @@ configure_roles()
 
 	if [ "${rname}" = "full_access" ]; then
 		rinst=1
-		rname="Full Access"
 	elif [ "${rname}" = "Untrusted" ]; then
 		rinst=2
 	else
@@ -176,19 +175,32 @@ configure_roles_dir()
 {
 	local rinst rname
 
-	if [ "$#" -ne 2 ]; then
+	if [ "$#" -ne 1 ]; then
 	    echo "Illegal number of parameters"
 	    exit 1
 	fi
 
-	rname="${1}"
-	rinst="${2}"
+	if [ "${1}" = "full_access" ]; then
+		rinst=1
+		rname="full_access"
+	elif [ "${1}" = "Untrusted" ]; then
+		rinst=2
+		rname="Untrusted"
+	else
+		json_get_var rname name
+		json_get_var rinst instance
+
+		if [ -z "${rname}" ] || [ -z "${rinst}" ]; then
+			echo "Deprecated role format ignoring ${1}.json ..."
+			return 0
+		fi
+	fi
 
 	db_add Device.LocalAgent.ControllerTrust.Role.${rinst}.Alias cpe-${rinst}
 	db_add Device.LocalAgent.ControllerTrust.Role.${rinst}.Enable 1
 	db_add Device.LocalAgent.ControllerTrust.Role.${rinst}.Name ${rname}
 
-	json_for_each_item configure_permission permission "${name}" ${rinst}
+	json_for_each_item configure_permission permission "${name}" "$((rinst))"
 	json_select ..
 }
 
@@ -207,16 +219,14 @@ configure_ctrust_role()
 		json_load_file "${1}"
 		json_for_each_item configure_roles roles
 	else
-		num=3
 		for f in $(ls -1 ${FW_DEFAULT_ROLE_DIR}); do
 			echo "Loading $f ....."
 			json_init
 			json_load_file "${FW_DEFAULT_ROLE_DIR}/${f}"
 			json_select tr181
-			configure_roles_dir "${f/.json/}" "${num}"
-			num=$((num + 1))
+			configure_roles_dir "${f/.json/}"
 		done
 	fi
 }
 
-# configure_ctrust_role "${@}"
+configure_ctrust_role "${@}"
diff --git a/obuspa/files/etc/users/roles/extender.json b/obuspa/files/etc/users/roles/extender.json
index 765e57f42..3d7955555 100644
--- a/obuspa/files/etc/users/roles/extender.json
+++ b/obuspa/files/etc/users/roles/extender.json
@@ -1,5 +1,7 @@
 {
   "tr181": {
+    "name": "extender",
+    "instance": 3,
     "permission": [
       {
         "object": "Device.",
diff --git a/obuspa/files/etc/users/roles/full_access.json b/obuspa/files/etc/users/roles/full_access.json
deleted file mode 100644
index 8c7629fb0..000000000
--- a/obuspa/files/etc/users/roles/full_access.json
+++ /dev/null
@@ -1,12 +0,0 @@
-{
-  "tr181": {
-    "permission": [
-      {
-        "object": "Device.",
-        "perm": [
-          "PERMIT_ALL"
-        ]
-      }
-    ]
-  }
-}
diff --git a/obuspa/patches/1003-ct-full-access-rename.patch b/obuspa/patches/1003-ct-full-access-rename.patch
new file mode 100644
index 000000000..ebf4dc897
--- /dev/null
+++ b/obuspa/patches/1003-ct-full-access-rename.patch
@@ -0,0 +1,13 @@
+diff --git a/src/core/data_model.c b/src/core/data_model.c
+index 360c5e2..136de0d 100644
+--- a/src/core/data_model.c
++++ b/src/core/data_model.c
+@@ -5180,7 +5180,7 @@ int RegisterDefaultControllerTrust(void)
+     int err = USP_ERR_OK;
+ 
+     // Register 'Full Access' role
+-    err |= USP_DM_RegisterRoleName(ROLE_FULL_ACCESS, "Full Access");
++    err |= USP_DM_RegisterRoleName(ROLE_FULL_ACCESS, "full_access");
+     err |= USP_DM_AddControllerTrustPermission(ROLE_FULL_ACCESS, dm_root, PERMIT_ALL);
+ 
+     // Register 'Untrusted' role