2 * Copyright (c) 2021 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
17 #include "cynara_checker.hh"
19 #include <cynara-creds-socket.h>
20 #include <cynara-session.h>
22 #include <glib-unix.h>
28 #include "utils/logging.hh"
30 #include "pkgmgrinfo_private.h"
32 namespace pkgmgr_server {
34 void CynaraChecker::Init() {
35 cynara_async_initialize(&cynara_, nullptr, StatusCb, nullptr);
38 void CynaraChecker::Fini() {
40 g_source_remove(cynara_sid_);
42 if (cynara_ != nullptr)
43 cynara_async_finish(cynara_);
46 CynaraChecker& CynaraChecker::GetInst() {
47 static CynaraChecker inst;
51 void CynaraChecker::ReplyCb(cynara_check_id id, cynara_async_call_cause cause,
52 int resp, void* data) {
53 auto runner = static_cast<Runner*>(data);
54 auto& inst = CynaraChecker::GetInst();
56 case CYNARA_CALL_CAUSE_ANSWER: {
57 if (resp != CYNARA_API_ACCESS_ALLOWED)
60 auto it = inst.cynara_id_map_.find(id);
61 if (it == inst.cynara_id_map_.end()) {
62 LOG(ERROR) << "Invalid request";
66 LOG(DEBUG) << "Allowed request";
67 runner->QueueRequest(it->second);
68 inst.cynara_id_map_.erase(it);
72 case CYNARA_CALL_CAUSE_CANCEL:
73 case CYNARA_CALL_CAUSE_FINISH:
74 case CYNARA_CALL_CAUSE_SERVICE_NOT_AVAILABLE:
76 LOG(ERROR) << "Cynara: resp: not answer";
81 gboolean CynaraChecker::ProcessCb(gint fd, GIOCondition cond, gpointer data) {
82 auto& inst = CynaraChecker::GetInst();
83 if (cond & (G_IO_ERR | G_IO_HUP | G_IO_NVAL)) {
85 return G_SOURCE_REMOVE;
88 int ret = cynara_async_process(inst.cynara_);
89 if (ret != CYNARA_API_SUCCESS)
90 LOG(ERROR) << "process error " << ret;
92 return G_SOURCE_CONTINUE;
95 void CynaraChecker::StatusCb(int old_fd, int new_fd,
96 cynara_async_status status, void* data) {
97 auto& inst = CynaraChecker::GetInst();
99 if (inst.cynara_sid_) {
100 g_source_remove(inst.cynara_sid_);
101 inst.cynara_sid_ = 0;
106 auto cond = G_IO_IN | G_IO_ERR | G_IO_HUP | G_IO_NVAL;
107 if (status == CYNARA_STATUS_FOR_RW)
110 inst.cynara_sid_ = g_unix_fd_add(new_fd, static_cast<GIOCondition>(cond),
115 void CynaraChecker::CheckPrivilege(Runner* runner,
116 const std::shared_ptr<PkgRequest>& req,
117 const std::vector<std::string>& privileges) {
118 if (privileges.empty() || req->GetSenderUID() < REGULAR_USER) {
119 LOG(DEBUG) << "Allowed request";
120 runner->QueueRequest(req);
125 if (cynara_ == nullptr) {
126 ret = cynara_async_initialize(&cynara_, nullptr, StatusCb, nullptr);
127 if (ret != CYNARA_API_SUCCESS) {
128 LOG(ERROR) << "Failed to initialize cynara_";
134 ret = cynara_creds_socket_get_client(req->GetFd(), CLIENT_METHOD_SMACK,
136 if (ret != CYNARA_API_SUCCESS) {
137 LOG(ERROR) << "Failed to get smack label";
141 std::unique_ptr<char, decltype(std::free)*> lblPtr(smack_label, std::free);
142 char* session = cynara_session_from_pid(req->GetSenderPID());
143 if (session == nullptr) {
144 LOG(ERROR) << "Failed to get client session for pid:"
145 << req->GetSenderPID();
149 std::unique_ptr<char, decltype(std::free)*> sessPtr(session, std::free);
152 for (auto& priv : privileges) {
153 ret = cynara_async_create_request(cynara_, smack_label, session,
154 std::to_string(req->GetSenderUID()).c_str(), priv.c_str(),
155 &id, ReplyCb, runner);
156 if (check == false) {
157 cynara_id_map_[id] = req;
163 } // namespace pkgmgr_server