Use RAII idiom

[platform/core/appfw/rpc-port.git] / src / ac-internal.cc

/*
 * Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved
 *
 * Licensed under the Apache License, Version 2.0 (the License);
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an AS IS BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

#ifndef _GNU_SOURCE
#define _GNU_SOURCE
#endif

#include <aul.h>
#include <dlog.h>
#include <pkgmgr-info.h>
#include <cynara-error.h>
#include <cynara-creds-gdbus.h>

#include "ac-internal.h"

#ifdef LOG_TAG
#undef LOG_TAG
#endif

#define LOG_TAG "RPC_PORT"

namespace rpc_port {
namespace internal {

void AccessController::AddPrivilege(std::string privilege) {
  privileges_.push_back(std::move(privilege));
}

void AccessController::SetTrusted(const bool trusted) {
  trusted_ = trusted;
}

int AccessController::CheckPrivilege(const Cynara& c) {
  for (auto& privilege : privileges_) {
    if (c.Check(privilege) != 0) {
      return -1;
    }
  }

  return 0;
}

int AccessController::CheckTrusted(const char* sender_appid) {
  if (appid_.empty()) {
    char appid[255];
    if (aul_app_get_appid_bypid(getpid(), appid, sizeof(appid)) < 0)
      return -1;

    appid_ = appid;
  }

  LOGD("CheckCertificate : %s :: %s", appid_.c_str(), sender_appid);
  pkgmgrinfo_cert_compare_result_type_e res;
  int ret = pkgmgrinfo_pkginfo_compare_usr_app_cert_info(appid_.c_str(),
      sender_appid, getuid(), &res);
  if (ret < 0) {
    LOGE("CheckCertificate() Failed");
    return -1;
  }
  if (res != PMINFO_CERT_COMPARE_MATCH) {
    LOGE("CheckCertificate() Failed : " \
        "MESSAGE_PORT_ERROR_CERTIFICATE_NOT_MATCH");
    return -1;
  }

  return 0;
}

int AccessController::Check(GDBusConnection* connection, const char* sender,
    const char* sender_appid) {
  Cynara c;
  int ret = 0;

  if (c.FetchCredsFromDBus(connection, sender) != 0)
    return -1;

  if (!privileges_.empty()) {
    ret = CheckPrivilege(c);
    if (ret)
      return ret;
  }

  if (trusted_) {
    ret = CheckTrusted(sender_appid);
  }

  return ret;
}

int AccessController::SetCache(const std::string& sender) {
  return -1;
}

AccessController::Cynara::Cynara()
    : cynara_(nullptr, cynara_finish), client_(nullptr, std::free),
    user_(nullptr, std::free) {
  cynara* cynara_inst = nullptr;

  if (cynara_initialize(&cynara_inst, NULL) != CYNARA_API_SUCCESS) {
    LOGE("cynara_initialize() is failed");
  } else {
    cynara_.reset(cynara_inst);
  }
}

int AccessController::Cynara::FetchCredsFromDBus(GDBusConnection* connection,
    const char* sender) {
  char* user = nullptr;
  int ret = cynara_creds_gdbus_get_user(connection, sender, USER_METHOD_DEFAULT,
                                    &user);
  if (ret != CYNARA_API_SUCCESS) {
    LOGE("cynara_creds_gdbus_get_user() is failed : %d", ret);
    return -1;
  }
  user_.reset(user);

  char* client = nullptr;
  ret = cynara_creds_gdbus_get_client(connection, sender, CLIENT_METHOD_DEFAULT,
                                      &client);
  if (ret != CYNARA_API_SUCCESS) {
    LOGE("cynara_creds_gdbus_get_client() is failed : %d", ret);
    return -1;
  }
  client_.reset(client);

  LOGD("cred client : %s, cred user : %s", client_.get(), user_.get());
  return 0;
}

int AccessController::Cynara::Check(const std::string& privilege) const {
  LOGD("check privilege %s", privilege.c_str());
  if (cynara_check(cynara_.get(), client_.get(), "", user_.get(),
      privilege.c_str()) != CYNARA_API_ACCESS_ALLOWED) {
    LOGE("cynara_check() is not allowed : %s", privilege.c_str());
    return -1;
  }

  return 0;
}

}  // namespace internal
}  // namespace rpc_port