Add cynara check for notification privilege

author Inkyun Kil <inkyun.kil@samsung.com>

Wed, 16 May 2018 02:31:08 +0000 (11:31 +0900)

committer Inkyun Kil <inkyun.kil@samsung.com>

Wed, 16 May 2018 04:28:11 +0000 (13:28 +0900)
author Inkyun Kil <inkyun.kil@samsung.com>
Wed, 16 May 2018 02:31:08 +0000 (11:31 +0900)
committer Inkyun Kil <inkyun.kil@samsung.com>
Wed, 16 May 2018 04:28:11 +0000 (13:28 +0900)
diff --git a/CMakeLists.txt b/CMakeLists.txt

index 8ca52c3..733dcf3 100644 (file)
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -6,7 +6,7 @@ INCLUDE_DIRECTORIES(
         include
  )
  
-SET(DEPS_PKGS "glib-2.0 dlog aul bundle appsvc pkgmgr-info pkgmgr vconf gio-2.0 gio-unix-2.0 capi-system-device libtzplatform-config libsystemd-login eventsystem notification capi-system-info sqlite3 cert-svc-vcore")
+SET(DEPS_PKGS "glib-2.0 dlog aul bundle appsvc pkgmgr-info pkgmgr vconf gio-2.0 gio-unix-2.0 capi-system-device libtzplatform-config libsystemd-login eventsystem notification capi-system-info sqlite3 cert-svc-vcore cynara-session cynara-client cynara-creds-gdbus")
  
  IF(_APPFW_FEATURE_ALARM_MANAGER_MODULE_LOG)
  ADD_DEFINITIONS("-D_APPFW_FEATURE_ALARM_MANAGER_MODULE_LOG")
diff --git a/alarm-manager.c b/alarm-manager.c

index ed652df..f640ced 100644 (file)
--- a/alarm-manager.c
+++ b/alarm-manager.c
@@ -50,6 +50,9 @@
  #include <sqlite3.h>
  #include <cert-svc/ccert.h>
  #include <cert-svc/cinstance.h>
+#include <cynara-session.h>
+#include <cynara-client.h>
+#include <cynara-creds-gdbus.h>
  
  #include <glib.h>
  #if !GLIB_CHECK_VERSION(2, 31, 0)
@@ -2697,6 +2700,70 @@ void __reschedule_alarms_with_newtime(int cur_time, int new_time, double diff_ti
         return;
  }
  
+static int __cynara_check(GDBusMethodInvocation *invocation, pid_t pid)
+{
+       int ret = 0;
+       char *user = NULL;
+       char *client = NULL;
+       char *client_session = NULL;
+       cynara *p_cynara = NULL;
+       const char *sender_unique_name;
+       GDBusConnection *connection;
+       const char *notitification_priv = "http://tizen.org/privilege/notification";
+
+       connection = g_dbus_method_invocation_get_connection(invocation);
+       sender_unique_name = g_dbus_method_invocation_get_sender(invocation);
+
+       ret = cynara_initialize(&p_cynara, NULL);
+       if (ret != CYNARA_API_SUCCESS) {
+               ALARM_MGR_EXCEPTION_PRINT("cynara_initialize() failed");
+               goto cynara_out;
+       }
+
+       ret = cynara_creds_gdbus_get_user(connection, sender_unique_name,
+                       USER_METHOD_DEFAULT, &user);
+       if (ret != CYNARA_API_SUCCESS) {
+               ALARM_MGR_EXCEPTION_PRINT("cynara_creds_gdbus_get_user() failed");
+               goto cynara_out;
+       }
+
+       ret = cynara_creds_gdbus_get_client(connection, sender_unique_name,
+                       CLIENT_METHOD_DEFAULT, &client);
+       if (ret != CYNARA_API_SUCCESS) {
+               ALARM_MGR_EXCEPTION_PRINT("cynara_creds_gdbus_get_client() failed");
+               goto cynara_out;
+       }
+
+       ALARM_MGR_LOG_PRINT("user :%s , client :%s ,unique_name : %s, pid() : %d",
+                       user, client, sender_unique_name, pid);
+
+       client_session = cynara_session_from_pid(pid);
+       if (!client_session) {
+               ALARM_MGR_EXCEPTION_PRINT("cynara_session_from_pid() failed");
+               ret = CYNARA_API_INVALID_PARAM;
+               goto cynara_out;
+       }
+
+       ret = cynara_check(p_cynara, client, client_session, user,
+                       notitification_priv);
+       if (ret == CYNARA_API_ACCESS_ALLOWED)
+               ALARM_MGR_LOG_PRINT("CYNARA_ACCESS_ALLOWED");
+       else
+               ALARM_MGR_LOG_PRINT("CYNARA_NOT_ALLOWED [%d]", ret);
+
+cynara_out:
+       if (client_session)
+               g_free(client_session);
+       if (client)
+               g_free(client);
+       if (user)
+               g_free(user);
+       if (p_cynara)
+               cynara_finish(p_cynara);
+
+       return ret;
+}
+
  gboolean alarm_manager_alarm_set_rtc_time(AlarmManager *pObj, GDBusMethodInvocation *invoc,
                                 int year, int mon, int day,
                                 int hour, int min, int sec,
@@ -3069,6 +3136,7 @@ gboolean alarm_manager_alarm_create_noti(AlarmManager *pObject, GDBusMethodInvoc
                                     gpointer user_data)
  {
         alarm_info_t alarm_info;
+       int ret;
         int return_code = ALARMMGR_RESULT_SUCCESS;
         int alarm_id = 0;
  #ifdef _APPFW_FEATURE_ALARM_MANAGER_MODULE_LOG
@@ -3087,6 +3155,17 @@ gboolean alarm_manager_alarm_create_noti(AlarmManager *pObject, GDBusMethodInvoc
                 return true;
         }
  
+       ret = __cynara_check(invoc, pid);
+       if (ret != CYNARA_API_ACCESS_ALLOWED) {
+               if (ret == CYNARA_API_ACCESS_DENIED)
+                       return_code = ERR_ALARM_NOT_PERMITTED_APP;
+               else
+                       return_code = ERR_ALARM_SYSTEM_FAIL;
+
+               g_dbus_method_invocation_return_value(invoc, g_variant_new("(ii)", alarm_id, return_code));
+               return true;
+       }
+
         alarm_info.start.year = start_year;
         alarm_info.start.month = start_month;
         alarm_info.start.day = start_day;
diff --git a/alarm-service.conf.in b/alarm-service.conf.in

index d271742..7d1e5da 100644 (file)
--- a/alarm-service.conf.in
+++ b/alarm-service.conf.in
@@ -18,7 +18,6 @@
                 <check send_destination="org.tizen.alarm.manager" send_interface="org.tizen.alarm.manager" send_member="alarm_set_rtc_time" privilege="http://tizen.org/privilege/alarm.set"/>
                 <check send_destination="org.tizen.alarm.manager" send_interface="org.tizen.alarm.manager" send_member="alarm_create" privilege="http://tizen.org/privilege/alarm.set"/>
                 <check send_destination="org.tizen.alarm.manager" send_interface="org.tizen.alarm.manager" send_member="alarm_create_noti" privilege="http://tizen.org/privilege/alarm.set"/>
-               <check send_destination="org.tizen.alarm.manager" send_interface="org.tizen.alarm.manager" send_member="alarm_create_noti" privilege="http://tizen.org/privilege/notification"/>
                 <check send_destination="org.tizen.alarm.manager" send_interface="org.tizen.alarm.manager" send_member="alarm_create_appsvc" privilege="http://tizen.org/privilege/alarm.set"/>
                 <check send_destination="org.tizen.alarm.manager" send_interface="org.tizen.alarm.manager" send_member="alarm_delete" privilege="http://tizen.org/privilege/alarm.set"/>
                 <check send_destination="org.tizen.alarm.manager" send_interface="org.tizen.alarm.manager" send_member="alarm_delete_all" privilege="http://tizen.org/privilege/alarm.set"/>
diff --git a/packaging/alarm-manager.spec b/packaging/alarm-manager.spec

index e611da2..d7bcf93 100755 (executable)
--- a/packaging/alarm-manager.spec
+++ b/packaging/alarm-manager.spec
@@ -33,6 +33,9 @@ BuildRequires: pkgconfig(notification)
  BuildRequires: python-xml
  BuildRequires: pkgconfig(capi-system-info)
  BuildRequires: pkgconfig(cert-svc-vcore)
+BuildRequires: pkgconfig(cynara-client)
+BuildRequires: pkgconfig(cynara-session)
+BuildRequires: pkgconfig(cynara-creds-gdbus)
  
  %description
  Alarm Server and devel libraries
author	Inkyun Kil <inkyun.kil@samsung.com>
	Wed, 16 May 2018 02:31:08 +0000 (11:31 +0900)
committer	Inkyun Kil <inkyun.kil@samsung.com>
	Wed, 16 May 2018 04:28:11 +0000 (13:28 +0900)
CMakeLists.txt		patch \| blob \| history
alarm-manager.c		patch \| blob \| history
alarm-service.conf.in		patch \| blob \| history
packaging/alarm-manager.spec		patch \| blob \| history