2 * Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the License);
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an AS IS BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
23 #include <pkgmgr-info.h>
24 #include <cynara-error.h>
25 #include <cynara-creds-gdbus.h>
27 #include "ac-internal.h"
33 #define LOG_TAG "RPC_PORT"
38 void AccessController::AddPrivilege(std::string privilege) {
39 privileges_.push_back(std::move(privilege));
42 void AccessController::SetTrusted(const bool trusted) {
46 int AccessController::CheckPrivilege(const Cynara& c) {
47 for (auto& privilege : privileges_) {
48 if (c.Check(privilege) != 0) {
56 int AccessController::CheckTrusted(const char* sender_appid) {
59 if (aul_app_get_appid_bypid(getpid(), appid, sizeof(appid)) < 0)
65 LOGD("CheckCertificate : %s :: %s", appid_.c_str(), sender_appid);
66 pkgmgrinfo_cert_compare_result_type_e res;
67 int ret = pkgmgrinfo_pkginfo_compare_usr_app_cert_info(appid_.c_str(),
68 sender_appid, getuid(), &res);
70 LOGE("CheckCertificate() Failed");
73 if (res != PMINFO_CERT_COMPARE_MATCH) {
74 LOGE("CheckCertificate() Failed : " \
75 "MESSAGE_PORT_ERROR_CERTIFICATE_NOT_MATCH");
82 int AccessController::Check(GDBusConnection* connection, const char* sender,
83 const char* sender_appid) {
87 if (c.FetchCredsFromDBus(connection, sender) != 0)
90 if (!privileges_.empty()) {
91 ret = CheckPrivilege(c);
97 ret = CheckTrusted(sender_appid);
103 int AccessController::SetCache(const std::string& sender) {
107 AccessController::Cynara::Cynara()
108 : cynara_(nullptr, cynara_finish), client_(nullptr, std::free),
109 user_(nullptr, std::free) {
110 cynara* cynara_inst = nullptr;
112 if (cynara_initialize(&cynara_inst, NULL) != CYNARA_API_SUCCESS) {
113 LOGE("cynara_initialize() is failed");
115 cynara_.reset(cynara_inst);
119 int AccessController::Cynara::FetchCredsFromDBus(GDBusConnection* connection,
120 const char* sender) {
121 char* user = nullptr;
122 int ret = cynara_creds_gdbus_get_user(connection, sender, USER_METHOD_DEFAULT,
124 if (ret != CYNARA_API_SUCCESS) {
125 LOGE("cynara_creds_gdbus_get_user() is failed : %d", ret);
130 char* client = nullptr;
131 ret = cynara_creds_gdbus_get_client(connection, sender, CLIENT_METHOD_DEFAULT,
133 if (ret != CYNARA_API_SUCCESS) {
134 LOGE("cynara_creds_gdbus_get_client() is failed : %d", ret);
137 client_.reset(client);
139 LOGD("cred client : %s, cred user : %s", client_.get(), user_.get());
143 int AccessController::Cynara::Check(const std::string& privilege) const {
144 LOGD("check privilege %s", privilege.c_str());
145 if (cynara_check(cynara_.get(), client_.get(), "", user_.get(),
146 privilege.c_str()) != CYNARA_API_ACCESS_ALLOWED) {
147 LOGE("cynara_check() is not allowed : %s", privilege.c_str());
154 } // namespace internal
155 } // namespace rpc_port