1 /* vi: set et sw=4 ts=4 cino=t0,(0: */
2 /* -*- Mode: C; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
4 * This file is part of gsignond
6 * Copyright (C) 2013 Intel Corporation.
8 * Contact: Jussi Laako <jussi.laako@linux.intel.com>
9 * Contact: Elena Reshetova <elena.reshetova@linux.intel.com>
11 * This library is free software; you can redistribute it and/or
12 * modify it under the terms of the GNU Lesser General Public
13 * License as published by the Free Software Foundation; either
14 * version 2.1 of the License, or (at your option) any later version.
16 * This library is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
19 * Lesser General Public License for more details.
21 * You should have received a copy of the GNU Lesser General Public
22 * License along with this library; if not, write to the Free Software
23 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
28 #include <sys/smack.h>
32 #include "gsignond/gsignond-log.h"
33 #include "tizen-access-control-manager.h"
35 #define EXTENSION_TIZEN_ACCESS_CONTROL_MANAGER_GET_PRIVATE(obj) \
36 (G_TYPE_INSTANCE_GET_PRIVATE ((obj), \
37 EXTENSION_TYPE_TIZEN_ACCESS_CONTROL_MANAGER, \
38 ExtensionTizenAccessControlManagerPrivate))
40 #define DBUS_SERVICE_DBUS "org.freedesktop.DBus"
41 #define DBUS_PATH_DBUS "/org/freedesktop/DBus"
42 #define DBUS_INTERFACE_DBUS "org.freedesktop.DBus"
44 static const gchar keychainAppId[] = "gSignond::keychain";
46 struct _ExtensionTizenAccessControlManagerPrivate
50 G_DEFINE_TYPE (ExtensionTizenAccessControlManager,
51 extension_tizen_access_control_manager,
52 GSIGNOND_TYPE_ACCESS_CONTROL_MANAGER);
55 extension_tizen_access_control_manager_class_init (
56 ExtensionTizenAccessControlManagerClass *klass)
59 /*GObjectClass *base = G_OBJECT_CLASS (klass);
61 g_type_class_add_private (klass,
62 sizeof(ExtensionTestAccessControlManagerPrivate));*/
64 GSignondAccessControlManagerClass *parent =
65 GSIGNOND_ACCESS_CONTROL_MANAGER_CLASS (klass);
67 parent->security_context_of_peer = extension_tizen_access_control_manager_security_context_of_peer;
68 parent->peer_is_allowed_to_use_identity = extension_tizen_access_control_manager_peer_is_allowed_to_use_identity;
69 parent->peer_is_owner_of_identity = extension_tizen_access_control_manager_peer_is_owner_of_identity;
70 parent->security_context_of_keychain = extension_tizen_access_control_manager_security_context_of_keychain;
74 extension_tizen_access_control_manager_init (
75 ExtensionTizenAccessControlManager *self)
77 /*self->priv = EXTENSION_TEST_ACCESS_CONTROL_MANAGER_GET_PRIVATE (self);*/
81 extension_tizen_access_control_manager_security_context_of_peer (
82 GSignondAccessControlManager *self,
83 GSignondSecurityContext *peer_ctx,
84 int peer_fd, const gchar *peer_service,
85 const gchar *peer_app_ctx)
89 gsignond_security_context_set_system_context (peer_ctx, "");
90 gsignond_security_context_set_application_context (peer_ctx,
95 smack_new_label_from_socket(peer_fd, &label);
97 gsignond_security_context_set_system_context (peer_ctx,
101 } else if (peer_service != NULL) {
102 GError *error = NULL;
103 GDBusConnection *connection;
105 GVariant *response = NULL;
108 connection = g_bus_get_sync (G_BUS_TYPE_SESSION, NULL, &error);
109 if (connection == NULL) {
110 WARN ("Failed to open connection to bus: %s", error->message);
111 g_error_free (error);
116 proxy = g_dbus_proxy_new_sync (connection,
117 G_DBUS_PROXY_FLAGS_NONE,
125 WARN ("Error creating proxy: %s", error->message);
126 g_error_free (error);
127 goto _dbus_connection_exit;
130 /* Call getConnectionSmackContext method, wait for reply */
133 response = g_dbus_proxy_call_sync (proxy,
134 "GetConnectionSmackContext",
135 g_variant_new ("(s)", peer_service),
136 G_DBUS_CALL_FLAGS_NONE,
140 if (response == NULL) {
141 WARN ("Error: %s", error->message);
142 g_error_free (error);
143 goto _dbus_proxy_exit;
146 label = g_variant_get_string (response, NULL);
147 DBG ("Obtained label from dbus: %s", label);
149 gsignond_security_context_set_system_context (peer_ctx,
152 g_variant_unref (response);
155 g_object_unref (proxy);
156 _dbus_connection_exit:
157 g_object_unref (connection);
162 extension_tizen_access_control_manager_peer_is_allowed_to_use_identity (
163 GSignondAccessControlManager *self,
164 const GSignondSecurityContext *peer_ctx,
165 const GSignondSecurityContext *identity_owner,
166 const GSignondSecurityContextList *identity_acl)
168 GSignondSecurityContext* acl_ctx = NULL;
169 const gchar *peer_system_ctx = gsignond_security_context_get_system_context(peer_ctx);
170 const gchar *owner_system_ctx = gsignond_security_context_get_system_context(identity_owner);
174 for ( ; identity_acl != NULL; identity_acl = g_list_next (identity_acl)) {
175 acl_ctx = (GSignondSecurityContext *) identity_acl->data;
176 if (gsignond_security_context_check (acl_ctx, peer_ctx)) {
177 // we have a match in acl, now we need to check is smack allows such access
178 /* smack_have_access() returns
183 return (smack_have_access (peer_system_ctx, owner_system_ctx, "x") == 1) ? TRUE : FALSE;
191 extension_tizen_access_control_manager_peer_is_owner_of_identity (
192 GSignondAccessControlManager *self,
193 const GSignondSecurityContext *peer_ctx,
194 const GSignondSecurityContext *identity_owner)
198 return (gsignond_security_context_compare (peer_ctx, identity_owner) == 0);
201 GSignondSecurityContext *
202 extension_tizen_access_control_manager_security_context_of_keychain (
203 GSignondAccessControlManager *self)
205 g_return_val_if_fail (self != NULL, NULL);
207 const gchar *keychain_sysctx;
209 keychain_sysctx = gsignond_config_get_string (
211 GSIGNOND_CONFIG_GENERAL_KEYCHAIN_SYSCTX);
212 if (!keychain_sysctx)
213 # ifdef KEYCHAIN_SYSCTX
214 keychain_sysctx = KEYCHAIN_SYSCTX;
216 keychain_sysctx = keychainAppId;
219 return gsignond_security_context_new_from_values (keychain_sysctx, NULL);