[FAB-3155] LSCC security checks at validation time

This change set checks that - upon cc deploy and upgrade - the tx complies
with the instantiation policy specified in the cc packge (for deploy) and
in the cc info in the ledger (for upgrade). The committer code is
essentially performing again the checks that lscc performs at proposal time,
to ensure that no one can circumvent instantiation policies.

Furthermore, we validate
the read-write set of a cc deploy/upgrade and make sure that it is
consistent with the invocation arguments.

Finally, we make sure that LSCC deploy/upgrade transactions do not
contain writes to namespaces other than LSCC's and the chaincode that is
being deployed/upgraded.

Change-Id: Id11fc359a8c77fa58c8a966a7c324075944ae22b
Signed-off-by: Alessandro Sorniotti <ale.linux@sopit.net>

Author: ale-linux

common/mocks/ledger/queryexecutor.go

@@ -0,0 +1,61 @@
+/*
+Copyright IBM Corp. 2017 All Rights Reserved.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+		 http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package ledger
+
+import (
+	"fmt"
+
+	"github.com/hyperledger/fabric/common/ledger"
+)
+
+type MockQueryExecutor struct {
+	// State keeps all namepspaces
+	State map[string]map[string][]byte
+}
+
+func NewMockQueryExecutor(state map[string]map[string][]byte) *MockQueryExecutor {
+	return &MockQueryExecutor{
+		State: state,
+	}
+}
+
+func (m *MockQueryExecutor) GetState(namespace string, key string) ([]byte, error) {
+	ns := m.State[namespace]
+	if ns == nil {
+		return nil, fmt.Errorf("Could not retrieve namespace %s", namespace)
+	}
+
+	return ns[key], nil
+}
+
+func (m *MockQueryExecutor) GetStateMultipleKeys(namespace string, keys []string) ([][]byte, error) {
+	return nil, nil
+
+}
+
+func (m *MockQueryExecutor) GetStateRangeScanIterator(namespace string, startKey string, endKey string) (ledger.ResultsIterator, error) {
+	return nil, nil
+
+}
+
+func (m *MockQueryExecutor) ExecuteQuery(namespace, query string) (ledger.ResultsIterator, error) {
+	return nil, nil
+}
+
+func (m *MockQueryExecutor) Done() {
+
+}

core/common/sysccprovider/sysccprovider.go

@@ -16,7 +16,10 @@ limitations under the License.
 
 package sysccprovider
 
-import "github.com/golang/protobuf/proto"
+import (
+	"github.com/golang/protobuf/proto"
+	"github.com/hyperledger/fabric/core/ledger"
+)
 
 // SystemChaincodeProvider provides an abstraction layer that is
 // used for different packages to interact with code in the
@@ -29,6 +32,12 @@ type SystemChaincodeProvider interface {
 	// IsSysCCAndNotInvokableCC2CC returns true if the supplied chaincode
 	// is a system chaincode and is not invokable through a cc2cc invocation
 	IsSysCCAndNotInvokableCC2CC(name string) bool
+
+	// GetQueryExecutorForLedger returns a query executor for the
+	// ledger of the supplied channel.
+	// That's useful for system chaincodes that require unfettered
+	// access to the ledger
+	GetQueryExecutorForLedger(cid string) (ledger.QueryExecutor, error)
 }
 
 var sccFactory SystemChaincodeProviderFactory

core/scc/lscc/lscc_test.go

@@ -43,6 +43,7 @@ import (
 	putils "github.com/hyperledger/fabric/protos/utils"
 
 	cutil "github.com/hyperledger/fabric/core/container/util"
+	"github.com/hyperledger/fabric/core/ledger"
 	pb "github.com/hyperledger/fabric/protos/peer"
 	"github.com/hyperledger/fabric/protos/utils"
 )
@@ -67,6 +68,10 @@ func (c *mocksccProviderImpl) IsSysCCAndNotInvokableCC2CC(name string) bool {
 	return false
 }
 
+func (c *mocksccProviderImpl) GetQueryExecutorForLedger(cid string) (ledger.QueryExecutor, error) {
+	return nil, nil
+}
+
 func register(stub *shim.MockStub, ccname string) error {
 	args := [][]byte{[]byte("register"), []byte(ccname)}
 	if res := stub.MockInvoke("1", args); res.Status != shim.OK {

core/scc/sccproviderimpl.go

@@ -17,7 +17,11 @@ limitations under the License.
 package scc
 
 import (
+	"fmt"
+
 	"github.com/hyperledger/fabric/core/common/sysccprovider"
+	"github.com/hyperledger/fabric/core/ledger"
+	"github.com/hyperledger/fabric/core/peer"
 )
 
 // sccProviderFactory implements the sysccprovider.SystemChaincodeProviderFactory
@@ -50,3 +54,12 @@ func (c *sccProviderImpl) IsSysCC(name string) bool {
 func (c *sccProviderImpl) IsSysCCAndNotInvokableCC2CC(name string) bool {
 	return IsSysCCAndNotInvokableCC2CC(name)
 }
+
+func (c *sccProviderImpl) GetQueryExecutorForLedger(cid string) (ledger.QueryExecutor, error) {
+	l := peer.GetLedger(cid)
+	if l == nil {
+		return nil, fmt.Errorf("Could not retrieve ledger for channel %s", cid)
+	}
+
+	return l.NewQueryExecutor()
+}