services/mgmt/device/impl: per-instance ACLs control logs access This change extends per-instance ACLs to provide access control to logs under the __debug space of a device manager invoked application and adds additional testing to demonstrate globbing and access control to the entire __debug space. Change-Id: I8071fa470bd9c001620c3a1e995d0c2e8e5c8963

commit: 8f914be148919b8a846b6f76091a5c889d62059d [log] [tgz]
author: Robert Kroeger <rjkroege@google.com> Sat Mar 14 16:32:37 2015 -0700
committer: Robert Kroeger <rjkroege@google.com> Sat Mar 14 16:32:37 2015 -0700
tree: e671f53ab630d693487bc8ff0bedf791a7412504
parent: ea9f3cffe6c19455a7d19c0ee3344eda0fba8600 [diff] [blame]
diff --git a/services/mgmt/device/impl/dispatcher.go b/services/mgmt/device/impl/dispatcher.go
index b4e6e91..da1e4e3 100644
--- a/services/mgmt/device/impl/dispatcher.go
+++ b/services/mgmt/device/impl/dispatcher.go

@@ -282,7 +282,11 @@
 			case "logs":
 				logsDir := filepath.Join(appInstanceDir, "logs")
 				suffix := naming.Join(components[5:]...)
-				return logsimpl.NewLogFileService(logsDir, suffix), auth, nil
+				appSpecificAuthorizer, err := newAppSpecificAuthorizer(auth, d.config, components[1:], d.aclstore)
+				if err != nil {
+					return nil, nil, err
+				}
+				return logsimpl.NewLogFileService(logsDir, suffix), appSpecificAuthorizer, nil
 			case "pprof", "stats":
 				info, err := loadInstanceInfo(nil, appInstanceDir)
 				if err != nil {
commit	8f914be148919b8a846b6f76091a5c889d62059d	[log] [tgz]
author	Robert Kroeger <rjkroege@google.com>	Sat Mar 14 16:32:37 2015 -0700
committer	Robert Kroeger <rjkroege@google.com>	Sat Mar 14 16:32:37 2015 -0700
tree	e671f53ab630d693487bc8ff0bedf791a7412504
parent	ea9f3cffe6c19455a7d19c0ee3344eda0fba8600 [diff] [blame]