Add new AccessControl and Remove sender_appid from dbus

[platform/core/appfw/rpc-port.git] / src / ac-internal.cc

/*
 * Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved
 *
 * Licensed under the Apache License, Version 2.0 (the License);
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an AS IS BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

#ifndef _GNU_SOURCE
#define _GNU_SOURCE
#endif

#include <aul.h>
#include <dlog.h>
#include <pkgmgr-info.h>
#include <cynara-error.h>
#include <cynara-creds-gdbus.h>

#include "ac-internal.h"

#ifdef LOG_TAG
#undef LOG_TAG
#endif

#define LOG_TAG "RPC_PORT"

namespace rpc_port {
namespace internal {

AccessController::~AccessController() {}

void AccessController::AddPrivilege(const std::string& privilege) {
  privileges_.push_back(privilege);
}

void AccessController::SetTrusted(const bool trusted) {
  trusted_ = trusted;
}

int AccessController::CheckPrivilege(Cynara& c) {
  for (auto& privilege : privileges_) {
    if (c.Check(privilege) != 0) {
      return -1;
    }
  }

  return 0;
}

int AccessController::CheckTrusted(const char* sender_appid) {
  if (appid_.empty()) {
    char appid[255];
    if (aul_app_get_appid_bypid(getpid(), appid, sizeof(appid)) < 0)
      return -1;

    appid_ = appid;
  }

  LOGD("CheckCertificate : %s :: %s", appid_.c_str(), sender_appid);
  pkgmgrinfo_cert_compare_result_type_e res;
  int ret = pkgmgrinfo_pkginfo_compare_usr_app_cert_info(appid_.c_str(), sender_appid, getuid(), &res);
  if (ret < 0) {
    LOGE("CheckCertificate() Failed");
    return -1;
  }
  if (res != PMINFO_CERT_COMPARE_MATCH) {
    LOGE("CheckCertificate() Failed : MESSAGE_PORT_ERROR_CERTIFICATE_NOT_MATCH");
    return -1;
  }

  return 0;
}

int AccessController::Check(GDBusConnection* connection, const char* sender,
    const char* sender_appid) {
  Cynara c;
  int ret = 0;

  if (c.FetchCredsFromDBus(connection, sender) != 0)
    return -1;

  if (!privileges_.empty()) {
    ret = CheckPrivilege(c);
    if (ret)
      return ret;
  }

  if (trusted_) {
    ret = CheckTrusted(sender_appid);
  }

  return ret;
}

int AccessController::SetCache(const std::string& sender) {
  return -1;
}

AccessController::Cynara::Cynara() {
  cynara_ = nullptr;
  client_ = nullptr;
  user_ = nullptr;

  if (cynara_initialize(&cynara_, NULL) != CYNARA_API_SUCCESS) {
    LOGE("cynara_initialize() is failed");
  }
}

AccessController::Cynara::~Cynara() {
  if (client_)
    free(client_);
  if (user_)
    free(user_);
  if (cynara_)
    cynara_finish(cynara_);
}

int AccessController::Cynara::FetchCredsFromDBus(GDBusConnection* connection, const char* sender) {
  int ret;

  if (client_) {
    free(client_);
     client_ = nullptr;
  }

  if (user_) {
    free(user_);
    user_ = nullptr;
  }

  ret = cynara_creds_gdbus_get_user(connection, sender, USER_METHOD_DEFAULT, &user_);
  if (ret != CYNARA_API_SUCCESS) {
    LOGE("cynara_creds_gdbus_get_user() is failed : %d", ret);
    return -1;
  }

  ret = cynara_creds_gdbus_get_client(connection, sender, CLIENT_METHOD_DEFAULT, &client_);
  if (ret != CYNARA_API_SUCCESS) {
    LOGE("cynara_creds_gdbus_get_client() is failed : %d", ret);
    return -1;
  }

  LOGD("cred client : %s, cred user : %s", client_, user_);
  return 0;
}

int AccessController::Cynara::Check(const std::string& privilege) {
  LOGD("check privilege %s", privilege.c_str());
  if (cynara_check(cynara_, client_, "", user_, privilege.c_str()) != CYNARA_API_ACCESS_ALLOWED) {
    LOGD("cynara_check() is not allowed : %s", privilege.c_str());
    return -1;
  }

  return 0;
}

}  // namespace internal
}  // namespace rpc_port