2 * Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the License);
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an AS IS BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
23 #include <pkgmgr-info.h>
24 #include <cynara-error.h>
25 #include <cynara-creds-gdbus.h>
27 #include "ac-internal.h"
33 #define LOG_TAG "RPC_PORT"
38 AccessController::~AccessController() {}
40 void AccessController::AddPrivilege(const std::string& privilege) {
41 privileges_.push_back(privilege);
44 void AccessController::SetTrusted(const bool trusted) {
48 int AccessController::CheckPrivilege(const Cynara& c) {
49 for (auto& privilege : privileges_) {
50 if (c.Check(privilege) != 0) {
58 int AccessController::CheckTrusted(const char* sender_appid) {
61 if (aul_app_get_appid_bypid(getpid(), appid, sizeof(appid)) < 0)
67 LOGD("CheckCertificate : %s :: %s", appid_.c_str(), sender_appid);
68 pkgmgrinfo_cert_compare_result_type_e res;
69 int ret = pkgmgrinfo_pkginfo_compare_usr_app_cert_info(appid_.c_str(),
70 sender_appid, getuid(), &res);
72 LOGE("CheckCertificate() Failed");
75 if (res != PMINFO_CERT_COMPARE_MATCH) {
76 LOGE("CheckCertificate() Failed : " \
77 "MESSAGE_PORT_ERROR_CERTIFICATE_NOT_MATCH");
84 int AccessController::Check(GDBusConnection* connection, const char* sender,
85 const char* sender_appid) {
89 if (c.FetchCredsFromDBus(connection, sender) != 0)
92 if (!privileges_.empty()) {
93 ret = CheckPrivilege(c);
99 ret = CheckTrusted(sender_appid);
105 int AccessController::SetCache(const std::string& sender) {
109 AccessController::Cynara::Cynara() {
114 if (cynara_initialize(&cynara_, NULL) != CYNARA_API_SUCCESS) {
115 LOGE("cynara_initialize() is failed");
119 AccessController::Cynara::~Cynara() {
125 cynara_finish(cynara_);
128 int AccessController::Cynara::FetchCredsFromDBus(GDBusConnection* connection,
129 const char* sender) {
142 ret = cynara_creds_gdbus_get_user(connection, sender, USER_METHOD_DEFAULT,
144 if (ret != CYNARA_API_SUCCESS) {
145 LOGE("cynara_creds_gdbus_get_user() is failed : %d", ret);
149 ret = cynara_creds_gdbus_get_client(connection, sender, CLIENT_METHOD_DEFAULT,
151 if (ret != CYNARA_API_SUCCESS) {
152 LOGE("cynara_creds_gdbus_get_client() is failed : %d", ret);
156 LOGD("cred client : %s, cred user : %s", client_, user_);
160 int AccessController::Cynara::Check(const std::string& privilege) const {
161 LOGD("check privilege %s", privilege.c_str());
162 if (cynara_check(cynara_, client_, "", user_, privilege.c_str()) !=
163 CYNARA_API_ACCESS_ALLOWED) {
164 LOGE("cynara_check() is not allowed : %s", privilege.c_str());
171 } // namespace internal
172 } // namespace rpc_port