src/access_control/Privilege.cpp

   1 /*
   2  * Copyright (c) 2015 Samsung Electronics Co., Ltd.
   3  *
   4  * Licensed under the Apache License, Version 2.0 (the "License");
   5  * you may not use this file except in compliance with the License.
   6  * You may obtain a copy of the License at
   7  *
   8  * http://www.apache.org/licenses/LICENSE-2.0
   9  *
  10  * Unless required by applicable law or agreed to in writing, software
  11  * distributed under the License is distributed on an "AS IS" BASIS,
  12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  13  * See the License for the specific language governing permissions and
  14  * limitations under the License.
  15  */
  16
  17 #include <string>
  18 #include <cynara-client.h>
  19 #include <Types.h>
  20 #include "PeerCreds.h"
  21 #include "Privilege.h"
  22
  23 #define PRIV_PREFIX "http://tizen.org/privilege/"
  24 #define CACHE_SIZE 100
  25
  26 class PermissionChecker {
  27 private:
  28         cynara *__cynara;
  29
  30         PermissionChecker()
  31         {
  32                 cynara_configuration *conf;
  33
  34                 int err = cynara_configuration_create(&conf);
  35                 IF_FAIL_VOID_TAG(err == CYNARA_API_SUCCESS, _E, "Cynara configuration creation failed");
  36
  37                 err = cynara_configuration_set_cache_size(conf, CACHE_SIZE);
  38                 if (err != CYNARA_API_SUCCESS) {
  39                         _E("Cynara cache size set failed");
  40                         cynara_configuration_destroy(conf);
  41                         return;
  42                 }
  43
  44                 err = cynara_initialize(&__cynara, conf);
  45                 cynara_configuration_destroy(conf);
  46                 if (err != CYNARA_API_SUCCESS) {
  47                         _E("Cynara initialization failed");
  48                         __cynara = NULL;
  49                         return;
  50                 }
  51
  52                 _I("Cynara initialized");
  53         }
  54
  55         ~PermissionChecker()
  56         {
  57                 if (__cynara)
  58                         cynara_finish(__cynara);
  59
  60                 _I("Cynara deinitialized");
  61         }
  62
  63 public:
  64         static PermissionChecker& getInstance()
  65         {
  66                 static PermissionChecker instance;
  67                 return instance;
  68         }
  69
  70         bool hasPermission(const ctx::Credentials *creds, const char *privilege)
  71         {
  72                 IF_FAIL_RETURN_TAG(__cynara, false, _E, "Cynara not initialized");
  73                 int ret = cynara_check(__cynara, creds->client, creds->session, creds->user, privilege);
  74                 return (ret == CYNARA_API_ACCESS_ALLOWED);
  75         }
  76 };
  77
  78 bool ctx::privilege_manager::isAllowed(const ctx::Credentials *creds, const char *privilege)
  79 {
  80         IF_FAIL_RETURN(creds && privilege, true);
  81
  82         std::string priv = PRIV_PREFIX;
  83         priv += privilege;
  84
  85         return PermissionChecker::getInstance().hasPermission(creds, priv.c_str());
  86 }