src/server/permission_checker.cpp

   1 /*
   2  * sensord
   3  *
   4  * Copyright (c) 2014 Samsung Electronics Co., Ltd.
   5  *
   6  * Licensed under the Apache License, Version 2.0 (the "License");
   7  * you may not use this file except in compliance with the License.
   8  * You may obtain a copy of the License at
   9  *
  10  * http://www.apache.org/licenses/LICENSE-2.0
  11  *
  12  * Unless required by applicable law or agreed to in writing, software
  13  * distributed under the License is distributed on an "AS IS" BASIS,
  14  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  15  * See the License for the specific language governing permissions and
  16  * limitations under the License.
  17  *
  18  */
  19
  20 #include <permission_checker.h>
  21 #include <sf_common.h>
  22 #include <common.h>
  23 #include <sensor_plugin_loader.h>
  24 #include <sensor_base.h>
  25 #include <dlfcn.h>
  26
  27 #define SECURITY_LIB "/usr/lib/libsecurity-server-client.so.1"
  28
  29 permission_checker::permission_checker()
  30 : m_permission_set(0)
  31 , security_server_check_privilege_by_sockfd(NULL)
  32 , m_security_handle(NULL)
  33
  34 {
  35         init();
  36 }
  37
  38 permission_checker::~permission_checker()
  39 {
  40         if (m_security_handle)
  41                 dlclose(m_security_handle);
  42 }
  43
  44 permission_checker& permission_checker::get_instance()
  45 {
  46         static permission_checker inst;
  47         return inst;
  48 }
  49
  50 bool permission_checker::init_security_lib(void)
  51 {
  52         m_security_handle = dlopen(SECURITY_LIB, RTLD_LAZY);
  53
  54         if (!m_security_handle) {
  55                 ERR("dlopen(%s) error, cause: %s", SECURITY_LIB, dlerror());
  56                 return false;
  57         }
  58
  59         security_server_check_privilege_by_sockfd =
  60                 (security_server_check_privilege_by_sockfd_t) dlsym(m_security_handle, "security_server_check_privilege_by_sockfd");
  61
  62         if (!security_server_check_privilege_by_sockfd) {
  63                 ERR("Failed to load symbol");
  64                 dlclose(m_security_handle);
  65                 m_security_handle = NULL;
  66                 return false;
  67         }
  68
  69         return true;
  70
  71 }
  72
  73 void permission_checker::init()
  74 {
  75         m_permission_infos.push_back(std::make_shared<permission_info> (SENSOR_PERMISSION_STANDARD, false, "", ""));
  76         m_permission_infos.push_back(std::make_shared<permission_info> (SENSOR_PERMISSION_BIO, true, "sensord::bio", "rw"));
  77
  78         vector<sensor_base *> sensors;
  79         sensors = sensor_plugin_loader::get_instance().get_sensors(ALL_SENSOR);
  80
  81         for (int i = 0; i < sensors.size(); ++i)
  82                 m_permission_set |= sensors[i]->get_permission();
  83
  84         INFO("Permission Set = %d", m_permission_set);
  85
  86         if (!init_security_lib())
  87                 ERR("Failed to init security lib: %s", SECURITY_LIB);
  88 }
  89
  90 int permission_checker::get_permission(int sock_fd)
  91 {
  92         int permission = SENSOR_PERMISSION_NONE;
  93
  94         for (int i = 0; i < m_permission_infos.size(); ++i) {
  95                 if (!m_permission_infos[i]->need_to_check) {
  96                         permission |= m_permission_infos[i]->permission;
  97                 } else if ((m_permission_set & m_permission_infos[i]->permission) && security_server_check_privilege_by_sockfd) {
  98                         if (security_server_check_privilege_by_sockfd(sock_fd, m_permission_infos[i]->name.c_str(), m_permission_infos[i]->access_right.c_str()) == 1) {
  99                                 permission |= m_permission_infos[i]->permission;
 100                         }
 101                 }
 102         }
 103
 104         return permission;
 105 }