2 * Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the License);
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an AS IS BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
23 #include <pkgmgr-info.h>
24 #include <cynara-error.h>
25 #include <cynara-creds-gdbus.h>
27 #include "ac-internal.h"
33 #define LOG_TAG "RPC_PORT"
38 AccessController::~AccessController() {}
40 void AccessController::AddPrivilege(const std::string& privilege) {
41 privileges_.push_back(privilege);
44 void AccessController::SetTrusted(const bool trusted) {
48 int AccessController::CheckPrivilege(Cynara& c) {
49 for (auto& privilege : privileges_) {
50 if (c.Check(privilege) != 0) {
58 int AccessController::CheckTrusted(const char* sender_appid) {
61 if (aul_app_get_appid_bypid(getpid(), appid, sizeof(appid)) < 0)
67 LOGD("CheckCertificate : %s :: %s", appid_.c_str(), sender_appid);
68 pkgmgrinfo_cert_compare_result_type_e res;
69 int ret = pkgmgrinfo_pkginfo_compare_usr_app_cert_info(appid_.c_str(), sender_appid, getuid(), &res);
71 LOGE("CheckCertificate() Failed");
74 if (res != PMINFO_CERT_COMPARE_MATCH) {
75 LOGE("CheckCertificate() Failed : MESSAGE_PORT_ERROR_CERTIFICATE_NOT_MATCH");
82 int AccessController::Check(GDBusConnection* connection, const char* sender,
83 const char* sender_appid) {
87 if (c.FetchCredsFromDBus(connection, sender) != 0)
90 if (!privileges_.empty()) {
91 ret = CheckPrivilege(c);
97 ret = CheckTrusted(sender_appid);
103 int AccessController::SetCache(const std::string& sender) {
107 AccessController::Cynara::Cynara() {
112 if (cynara_initialize(&cynara_, NULL) != CYNARA_API_SUCCESS) {
113 LOGE("cynara_initialize() is failed");
117 AccessController::Cynara::~Cynara() {
123 cynara_finish(cynara_);
126 int AccessController::Cynara::FetchCredsFromDBus(GDBusConnection* connection, const char* sender) {
139 ret = cynara_creds_gdbus_get_user(connection, sender, USER_METHOD_DEFAULT, &user_);
140 if (ret != CYNARA_API_SUCCESS) {
141 LOGE("cynara_creds_gdbus_get_user() is failed : %d", ret);
145 ret = cynara_creds_gdbus_get_client(connection, sender, CLIENT_METHOD_DEFAULT, &client_);
146 if (ret != CYNARA_API_SUCCESS) {
147 LOGE("cynara_creds_gdbus_get_client() is failed : %d", ret);
151 LOGD("cred client : %s, cred user : %s", client_, user_);
155 int AccessController::Cynara::Check(const std::string& privilege) {
156 LOGD("check privilege %s", privilege.c_str());
157 if (cynara_check(cynara_, client_, "", user_, privilege.c_str()) != CYNARA_API_ACCESS_ALLOWED) {
158 LOGD("cynara_check() is not allowed : %s", privilege.c_str());
165 } // namespace internal
166 } // namespace rpc_port