RDKEMW-6898: GSSDP upgradtion to latest 1.6.3 version

[balav08]

No description provided.

In general, fix this by explicitly defining a permissions: block that grants only the minimal rights required. Since this workflow just checks out the code and runs build scripts, the safe default is contents: read (and possibly other specific read-only scopes if needed in the future). We can place permissions: at the workflow root (so it applies to all jobs unless overridden) or under the specific job.

The minimal, non-breaking change is to add a top-level permissions: block with contents: read after the on: section. This documents the token scope, ensures the workflow won’t get unexpected write access if defaults change, and should not affect the existing functionality because checkout and read operations work with contents: read. No extra imports or dependencies are needed; this is a pure YAML configuration change in .github/workflows/native_full_build.yml.

Concretely, in .github/workflows/native_full_build.yml, insert:

permissions:
  contents: read

between the on: block (lines 3–7) and the jobs: block (line 9).

[Copilot]

Pull request overview

This PR updates the GDial server stack to better support newer GSSDP/libSoup combinations (notably GSSDP 1.6.x + libSoup 3), while also extending the platform/service interfaces to propagate manufacturer/model names and introducing UUID-based per-app URIs for local REST routing.

Changes:

• Add libSoup 3 + GSSDP 1.6 build path and introduce gdial1p6-* source variants for REST/SSDP/shield.
• Extend GDial callbacks/service plumbing for manufacturer/model name updates and adjust local REST routing to use UUID-based app URIs.
• Add optional security-token disabling, plus CI/build scripts and stubs to support native builds.

Reviewed changes

Copilot reviewed 35 out of 35 changed files in this pull request and generated 18 comments.

Show a summary per file

File	Description
stubs/securityagent/SecurityTokenUtil.h	Adds a stub header for security token retrieval.
stubs/securityagent/SecurityTokenUtil.cpp	Adds a stub implementation of GetSecurityToken().
stubs/iarm_stubs.cpp	Adds IARM bus stub implementations for native builds.
server/plat/gdialappcache.hpp	Initializes observer pointer to nullptr.
server/plat/gdialappcache.cpp	Improves cache update/logging and adds a null-check on cache lookup.
server/plat/gdial.hpp	Adds manufacturer/model callback types + registration APIs.
server/plat/gdial.cpp	Adds manufacturer/model update flow; conditional security-token use; logging/ownership tweaks.
server/plat/gdial-plat-util.c	Fixes thread id formatting and adds a Coverity suppression annotation.
server/plat/gdial-plat-dev.c	Removes getenv-based manufacturer/model getters.
server/plat/gdial-plat-app.c	Adds manufacturer/model callback registration and update entry points.
server/plat/gdial-os-app.h	Exposes OS-level manufacturer/model update APIs.
server/plat/gdial_app_registry.c	Adds UUID persistence and stores a UUID-derived app_uri in the registry.
server/plat/CMakeLists.txt	Adds DISABLE_SECURITY_TOKEN option and conditional linking changes.
server/include/gdialserviceimpl.h	Adds new request event fields; removes onStopped; initializes observer.
server/include/gdialservicecommon.h	Removes GDialNotifier::onStopped().
server/include/gdialservice.h	Adds setManufacturerName() / setModelName().
server/include/gdial-plat-dev.h	Removes manufacturer/model getter declarations.
server/include/gdial-plat-app.h	Adds platform callbacks and update APIs for manufacturer/model.
server/include/gdial-config.h	Updates include guard and removes an unused enum block.
server/include/gdial_app_registry.h	Adds APP_MAX_UUID_SIZE and app_uri storage to the registry struct.
server/gdialservice.cpp	Adds manufacturer/model handlers; adds libSoup3 compatibility in throttle + URI logging paths.
server/gdialserver_ut.cpp	Updates unit test scaffolding for notifier interface changes and move semantics.
server/gdial1p6-ssdp.c	Introduces libSoup3-compatible SSDP implementation with manufacturer/model support.
server/gdial1p6-shield.c	Introduces libSoup3-compatible shield/throttling implementation.
server/gdial1p6-rest.c	Introduces libSoup3-compatible REST implementation and UUID-based local routing.
server/gdial-ssdp.h	Adds manufacturer/model setter APIs for SSDP.
server/gdial-ssdp.c	Adds manufacturer/model support and mutex protection in SSDP path.
server/gdial-rest.h	Extends additionalDataUrl builder signature and adds lookup-by-UUID declaration.
server/gdial-rest.c	Implements lookup-by-UUID, UUID-based local handler routing, and adjusted additionalDataUrl building.
server/CMakeLists.txt	Adds libSoup3 detection, prefers GSSDP 1.6 when available, switches sources based on libSoup version.
Makefile	Passes DISABLE_SECURITY_TOKEN through to CMake invocation.
cov_build.sh	Adds a Coverity build helper script.
build_dependencies.sh	Adds a dependency/bootstrap script for native builds (incl. building gssdp).
.github/workflows/native_full_build.yml	Adds a GitHub Actions workflow for native builds in a container.
.github/CODEOWNERS	Adds default maintainers as code owners.

Comments suppressed due to low confidence (1)

server/gdial-ssdp.c:264

• gdial_ssdp_destroy removes handler "/dd.xml", but gdial_ssdp_new registers the SSDP handler at a UUID-scoped path ("/%s/dd.xml"). This mismatch leaves the handler installed after destroy and can result in callbacks firing on freed state. Please store the exact handler path used during registration and remove that same path during destroy.

  pthread_mutex_lock(&ssdpServerEventSync);
  if (ssdp_http_server_)
  {
    soup_server_remove_handler(ssdp_http_server_, "/dd.xml");
  }

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

GetSecurityToken’s implementation violates its own contract: it always returns 0 on success (the header comment says success must be > 0 and 0 should never occur), doesn’t check maxLength, and doesn’t NUL-terminate the buffer. This can cause callers to treat success as failure and can lead to reading past the written bytes when the buffer is used as a C-string. Please return the number of bytes written (or a negative required length on insufficient buffer), validate maxLength, and write a terminator when returning a string token.

[Copilot]

IARM_Malloc returns success without allocating or setting *ptr, which can lead to use of an uninitialized pointer by callers. Even for a stub, it should either allocate (e.g., malloc/calloc) and populate *ptr (and have IARM_Free release it), or return an error code to force callers down the failure path.

[Copilot]

gdial_register_modelname_cb is declared with the wrong callback type (it takes gdial_manufacturername_cb instead of gdial_modelname_cb). This breaks the API contract and can cause type mismatches for callers. Please update the function signature to accept gdial_modelname_cb.

Suggested change

	void gdial_register_modelname_cb(gdial_manufacturername_cb cb);
	void gdial_register_modelname_cb(gdial_modelname_cb cb);

[Copilot]

The log message labels the second pointer as manufacturer, but this code path is for the model name. This makes diagnostics misleading. Please update the message to refer to model[%p] (or the parameter name) instead of manufacturer[%p].

Suggested change

	GDIAL_LOGERROR("NULL GDialObjHandle[%p] manufacturer[%p]",GDialObjHandle,model);
	GDIAL_LOGERROR("NULL GDialObjHandle[%p] model[%p]", GDialObjHandle, model);

[Copilot]

ssdpServerEventSync is declared with PTHREAD_MUTEX_INITIALIZER and is also explicitly initialized with pthread_mutex_init() in gdial_ssdp_new(). Re-initializing an already-initialized mutex can fail (e.g., EBUSY) or be undefined behavior. Please choose one initialization strategy: either keep the static initializer and remove pthread_mutex_init(), or remove the initializer and keep pthread_mutex_init().

Suggested change

	static pthread_mutex_t ssdpServerEventSync = PTHREAD_MUTEX_INITIALIZER;
	static pthread_mutex_t ssdpServerEventSync;

[Copilot]

This script still clones gssdp branch gssdp-1.2.3 (and later builds it), which doesn’t align with the PR goal of upgrading to gssdp 1.6.3. If the intent is to validate the 1.6.x upgrade path, please update the script to fetch/build gssdp-1.6.x (and install libsoup-3.0-dev if required), or clarify why 1.2.3 is still used here.

[Copilot]

app_manufacturer_name/app_model_name are allocated via g_strdup in gdial_ssdp_set_* but never freed in gdial_ssdp_destroy() (and app_friendly_name is also leaked). This introduces a persistent leak across the server lifetime and across repeated init/term cycles. Please free these globals (and null them) during destroy/term.

Suggested change

	/* Ensure global SSDP strings are freed on termination to avoid persistent leaks. */
	static void gdial_ssdp_global_cleanup(void) __attribute__((destructor));
	static void
	gdial_ssdp_global_cleanup(void)
	{
	if (dd_xml_response_str_) {
	g_free(dd_xml_response_str_);
	dd_xml_response_str_ = NULL;
	}
	if (app_friendly_name) {
	g_free(app_friendly_name);
	app_friendly_name = NULL;
	}
	if (app_manufacturer_name) {
	g_free(app_manufacturer_name);
	app_manufacturer_name = NULL;
	}
	if (app_model_name) {
	g_free(app_model_name);
	app_model_name = NULL;
	}
	}

[Copilot]

ssdpServerEventSync is declared with PTHREAD_MUTEX_INITIALIZER but is also explicitly initialized with pthread_mutex_init() in gdial_ssdp_new(). Re-initializing an already-initialized mutex can fail (e.g., EBUSY) or be undefined behavior. Please choose one initialization strategy (static initializer OR pthread_mutex_init).

Suggested change

	static pthread_mutex_t ssdpServerEventSync = PTHREAD_MUTEX_INITIALIZER;
	static pthread_mutex_t ssdpServerEventSync;

[Copilot]

gdial_ssdp_destroy removes handler "/dd.xml", but gdial_ssdp_new registers the SSDP handler at a UUID-scoped path ("/%s/dd.xml"). This mismatch leaves the handler installed after destroy and can result in callbacks firing on freed state. Please store the exact handler path used during registration and remove that same path during destroy.

Suggested change

	soup_server_remove_handler(ssdp_http_server_, "/dd.xml");
	if (gdial_options_ != NULL && gdial_options_->uuid != NULL)
	{
	gchar *handler_path = g_strdup_printf("/%s/dd.xml", gdial_options_->uuid);
	if (handler_path != NULL)
	{
	soup_server_remove_handler(ssdp_http_server_, handler_path);
	g_free(handler_path);
	}
	}

[Copilot]

app_manufacturer_name/app_model_name (and app_friendly_name) are heap-allocated via g_strdup but are never freed in gdial_ssdp_destroy(). This leaks memory across the server lifetime and across repeated init/term cycles. Please free these strings (and null them) during destroy.

[rdkcmf-jenkins]

b'## Blackduck scan failure details

Summary: 0 violations, 0 files pending approval, 2 files pending identification.

• Protex Server Path: /home/blackduck/github/xdialserver/196/rdkcentral/xdialserver

• Commit: 9bc1b7a

Report detail: gist'

[rdkcmf-jenkins]

b'## Blackduck scan failure details

Summary: 0 violations, 0 files pending approval, 2 files pending identification.

• Protex Server Path: /home/blackduck/github/xdialserver/196/rdkcentral/xdialserver

• Commit: e64e145

Report detail: gist'

[Copilot]

Pull request overview

Copilot reviewed 35 out of 36 changed files in this pull request and generated 11 comments.

Comments suppressed due to low confidence (4)

server/libsoup2p4/gdial-ssdp.c:81

• ssdpServerEventSync is declared with PTHREAD_MUTEX_INITIALIZER and also initialized/destroyed via pthread_mutex_init()/pthread_mutex_destroy(). Double-initializing a statically initialized mutex is undefined. Either remove the static initializer and manage init/destroy, or keep the initializer and remove the explicit init/destroy calls.
  server/libsoup2p4/gdial-ssdp.c:263
• gdial_ssdp_new() allocates dail_ssdp_handler for a dynamic handler path, but gdial_ssdp_destroy() removes only "/dd.xml". Persist/remove the same dynamic path during destroy; otherwise the handler remains registered (and the allocated handler string should also be freed after registration).
  server/libsoup2p4/gdial-rest.c:501
• additional_data_url_safe is allocated by soup_uri_encode() but released with free(). Use g_free() (and likewise avoid mixing GLib allocators with libc free) to prevent allocator mismatches.
  server/libsoup2p4/gdial-rest.c:462
• additional_data_url may be NULL when use_additional_data is false, but it is still passed to soup_uri_encode() and logged with %s. Guard the encode/logging so NULL stays NULL to avoid undefined behavior when printing.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

controllerRemoteObject is allocated unconditionally, which overwrites the global pointer and leaks any previously allocated LinkType. Keep the allocation inside the if (NULL == controllerRemoteObject) block (or delete/reset the old object before reassigning).

[Copilot]

The // FIX(Copilot): ... marker comments look like autogenerated scaffolding and don't add long-term value. Consider removing or rewriting them as normal rationale/comments before merging to keep the codebase clean.

[Copilot]

The libsoup3 build path lists libsoup3/gdial1p6-rest.c (and related files), but the actual files in server/libsoup3/ are gdial-rest.c, gdial-ssdp.c, and gdial-shield.c. Update these filenames (or rename the files) or the libsoup3 build will fail.

Suggested change

	${CMAKE_CURRENT_SOURCE_DIR}/libsoup3/gdial1p6-rest.c
	${CMAKE_CURRENT_SOURCE_DIR}/libsoup3/gdial1p6-ssdp.c
	${CMAKE_CURRENT_SOURCE_DIR}/libsoup3/gdial1p6-shield.c
	${CMAKE_CURRENT_SOURCE_DIR}/gdialservice.cpp
	)
	message("Using libsoup-3.0 compatible source files (gdial1p6-*.c)")
	${CMAKE_CURRENT_SOURCE_DIR}/libsoup3/gdial-rest.c
	${CMAKE_CURRENT_SOURCE_DIR}/libsoup3/gdial-ssdp.c
	${CMAKE_CURRENT_SOURCE_DIR}/libsoup3/gdial-shield.c
	${CMAKE_CURRENT_SOURCE_DIR}/gdialservice.cpp
	)
	message("Using libsoup-3.0 compatible source files (gdial-*.c)")

[Copilot]

This file uses pthread_self() and usleep() but does not include the required headers. Add <pthread.h> and <unistd.h> (or equivalent) to avoid implicit declarations / build failures.

[Copilot]

g_uri_escape_string() returns memory that must be released with g_free(), but this code uses free(). Use g_free(additional_data_url_safe) to avoid allocator mismatch.

Suggested change

	free(additional_data_url_safe);
	g_free(additional_data_url_safe);

[Copilot]

This script runs with set -x and clones a repo using https://$GITHUB_TOKEN@github.com/..., which will echo the token into CI logs. Avoid embedding tokens in command lines under xtrace; use a credential helper/GIT_ASKPASS, or disable set -x around the clone.

[Copilot]

Cloning with https://$GITHUB_TOKEN@github.com/... while xtrace is enabled will leak the token in logs. Use a safer auth mechanism (credential helper/headers) or disable set -x around this command.

Suggested change

	git clone https://$GITHUB_TOKEN@github.com/rdkcentral/entservices-testframework.git
	set +x
	git -c http.extraheader="Authorization: Bearer $GITHUB_TOKEN" clone https://github.com/rdkcentral/entservices-testframework.git
	set -x

[Copilot]

After reading the UUID with fgets(), the buffer may contain a trailing newline. Strip trailing whitespace/newlines and validate fgets() succeeded before using uuid_data to build app_uri.

[Copilot]

This stub does not enforce maxLength and does not NUL-terminate the output. It should ensure the token fits (including terminator) and report the required length when the buffer is too small.

[Copilot]

This stub returns 0 on success, but the header contract says success should return >0 (token length) and 0 should never occur. Return the number of bytes written to match callers’ expectations.

[rdkcmf-jenkins]

b'## Blackduck scan failure details

Summary: 0 violations, 0 files pending approval, 2 files pending identification.

• Protex Server Path: /home/blackduck/github/xdialserver/196/rdkcentral/xdialserver

• Commit: 12b8589

Report detail: gist'

[rdkcmf-jenkins]

b'## Blackduck scan failure details

Summary: 0 violations, 0 files pending approval, 2 files pending identification.

• Protex Server Path: /home/blackduck/github/xdialserver/196/rdkcentral/xdialserver

• Commit: 1f9eea1

Report detail: gist'

[Copilot]

Pull request overview

Copilot reviewed 35 out of 36 changed files in this pull request and generated 10 comments.

Comments suppressed due to low confidence (2)

server/libsoup2p4/gdial-ssdp.c:265

• dd.xml handler is added at a dynamic path ("/%s/dd.xml"), but gdial_ssdp_destroy() removes only "/dd.xml", so the registered handler will remain installed. Store the handler path (or compute it from app_random_uuid) and remove the exact same path during destroy.
  server/libsoup2p4/gdial-rest.c:463
• When use_additional_data is false, additional_data_url remains NULL but is still passed to soup_uri_encode() and logged with %s. This can yield NULL returns and undefined behavior in logging or downstream code. Guard the encoding/logging and pass NULL/empty safely when there is no additionalDataUrl.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

GetSecurityToken ignores maxLength and can overflow buffer; it also returns 0 on success even though the API contract says a positive length should be returned (and 0 must not occur). Please bound the copy (and NUL-terminate if callers treat it as a C-string) and return the number of bytes written (or a negative required length on failure).

[Copilot]

IARM_Bus_IsConnected returns success but never writes to the out-parameter isRegistered. Callers will read an uninitialized value; set *isRegistered (e.g., 1 or 0) or return an error when the value cannot be determined.

[Copilot]

GetCurrentState() overwrites controllerRemoteObject unconditionally (line 598) even when it is already initialized, leaking the previous JSONRPC::LinkType and defeating the intended caching in the surrounding if (NULL == controllerRemoteObject). Construct the remote object only when controllerRemoteObject is null and handle the token-failure path explicitly (e.g., avoid creating a link with an empty/invalid query string).

[Copilot]

When libsoup-3.0 is found, gssdp-1.6 is only used if found, but there is no fallback and the build still unconditionally uses ${GSSDP_INCLUDE_DIRS}/${GSSDP_LIBRARIES}. If gssdp-1.6 is missing, this configuration will fail later. Consider making gssdp-1.6 REQUIRED under the libsoup-3.0 path (or add an explicit fallback/error).

[Copilot]

This libsoup-3 shield implementation mixes SoupServerMessage* in callbacks with helper functions typed as SoupMessage* (e.g., server_request_remove_callback), which is not type-correct and will not compile cleanly against libsoup-3 headers. Align the helper signatures and hashtable key types to SoupServerMessage* for the libsoup-3 build.

[Copilot]

gdial-shield.c uses pthread_self() and usleep() but does not include the required headers (<pthread.h> and <unistd.h>), which can cause implicit-declaration build failures/warnings depending on toolchain flags. Add the missing includes in this file.

[Copilot]

When use_additional_data is false, additional_data_url remains NULL but is still passed to g_uri_escape_string() and logged with %s. This can yield NULL returns and undefined behavior in logging or downstream code. Guard the encoding/logging and pass NULL/empty safely when there is no additionalDataUrl.

Suggested change

	if (app_registry->use_additional_data) {
	additional_data_url = gdial_rest_server_new_additional_data_url(listening_port, app_registry->name, FALSE, app_registry->app_uri );
	}
	gchar *additional_data_url_safe = g_uri_escape_string(additional_data_url, NULL, FALSE);
	GDIAL_LOGINFO("additionalDataUrl = %s, %s", additional_data_url, additional_data_url_safe);
	gchar *additional_data_url_safe = NULL;
	if (app_registry->use_additional_data) {
	additional_data_url = gdial_rest_server_new_additional_data_url(listening_port, app_registry->name, FALSE, app_registry->app_uri );
	additional_data_url_safe = g_uri_escape_string(additional_data_url, NULL, FALSE);
	}
	GDIAL_LOGINFO("additionalDataUrl = %s, %s",
	additional_data_url ? additional_data_url : "",
	additional_data_url_safe ? additional_data_url_safe : "");

[Copilot]

Please remove tool-generated markers like "FIX(Copilot)" from production code comments; they don’t describe the behavior and add noise for future maintainers. Prefer a brief rationale (or no comment) instead.

[Copilot]

The UUID persistence file is created in /tmp using a predictable name and opened with fopen("w"), which is vulnerable to symlink/hardlink attacks and can overwrite arbitrary files if an attacker pre-creates the path. Consider using an atomic/safe open pattern (e.g., open with O_NOFOLLOW|O_CREAT|O_EXCL and restrictive permissions) and sanitizing app_name for filesystem safety.

[Copilot]

The CI dependency script still clones/builds gssdp-1.2.3 (and installs only libsoup2.4-dev), which doesn’t align with the PR goal of upgrading to gssdp 1.6.3. If this workflow is intended to validate the new libsoup-3/gssdp-1.6 path, update the script accordingly (or clarify why it remains on 1.2.x).