{
GVariant *gv = NULL;
GVariantBuilder property;
+ ps_context_t *pscontext = user_data;
+ TcorePlugin *p = (pscontext)?pscontext->plg:NULL;
+ cynara *p_cynara = tcore_plugin_ref_user_data(p);
- if (!ps_util_check_access_control (invocation, AC_PS_PUBLIC, "r"))
+ if (!ps_util_check_access_control(p_cynara, invocation, AC_PS_PUBLIC, "r"))
return TRUE;
dbg("Entered");
{
GVariant *gv = NULL;
GVariantBuilder profile;
+ ps_context_t *pscontext = user_data;
+ TcorePlugin *p = (pscontext)?pscontext->plg:NULL;
+ cynara *p_cynara = tcore_plugin_ref_user_data(p);
- if (!ps_util_check_access_control (invocation, AC_PS_PUBLIC, "r"))
+ if (!ps_util_check_access_control(p_cynara, invocation, AC_PS_PUBLIC, "r"))
return TRUE;
dbg("Entered");
CoreObject *co_network;
ps_context_t *pscontext = user_data;
+ TcorePlugin *p = (pscontext)?pscontext->plg:NULL;
+ cynara *p_cynara = tcore_plugin_ref_user_data(p);
- if (!ps_util_check_access_control (invocation, AC_PS_PRIVATE, "w"))
+ if (!ps_util_check_access_control(p_cynara, invocation, AC_PS_PRIVATE, "w"))
return TRUE;
dbg("Entered");
CoreObject *co_network;
int context_state = 0;
ps_context_t *pscontext = user_data;
+ TcorePlugin *p = (pscontext)?pscontext->plg:NULL;
+ cynara *p_cynara = tcore_plugin_ref_user_data(p);
- if (!ps_util_check_access_control (invocation, AC_PS_PRIVATE, "w"))
+ if (!ps_util_check_access_control(p_cynara, invocation, AC_PS_PRIVATE, "w"))
return TRUE;
dbg("Entered");
gpointer service = NULL;
gpointer cur_default_ctx = NULL;
ps_context_t *pscontext = user_data;
+ TcorePlugin *p = (pscontext)?pscontext->plg:NULL;
+ cynara *p_cynara = tcore_plugin_ref_user_data(p);
CoreObject *co_network;
- if (!ps_util_check_access_control (invocation, AC_PS_PROFILE, "w"))
+ if (!ps_util_check_access_control(p_cynara, invocation, AC_PS_PROFILE, "w"))
return TRUE;
dbg("enter set default connection ps_context_t(%p)", pscontext);
gboolean rv = FALSE;
int context_state = 0;
ps_context_t *context = user_data;
+ TcorePlugin *p = (context)?context->plg:NULL;
+ cynara *p_cynara = tcore_plugin_ref_user_data(p);
CoreObject *co_network = _ps_service_ref_co_network(_ps_context_ref_service(context));
GHashTable *profile_property = NULL;
- if (!ps_util_check_access_control (invocation, AC_PS_PROFILE, "w"))
+ if (!ps_util_check_access_control(p_cynara, invocation, AC_PS_PROFILE, "w"))
return TRUE;
ps_dbg_ex_co(co_network, "modify context's profile properties");
gpointer user_data)
{
ps_context_t *context = user_data;
+ TcorePlugin *p = (context)?context->plg:NULL;
+ cynara *p_cynara = tcore_plugin_ref_user_data(p);
CoreObject *co_network = _ps_service_ref_co_network(_ps_context_ref_service(context));
- if (!ps_util_check_access_control (invocation, AC_PS_PROFILE, "w"))
+ if (!ps_util_check_access_control(p_cynara, invocation, AC_PS_PROFILE, "w"))
return TRUE;
dbg("Entered");
if(CONTEXT_STATE_DEACTIVATED == tcore_context_get_state(context->co_context)) {
ps_dbg_ex_co(co_network, "Remove context.");
- __ps_context_remove_context(context);
+ __ps_context_remove_context(context);
} else {
ps_warn_ex_co(co_network, "Remove profile not in deactivated state, set delete flag.");
context->delete_required = TRUE;
{
GVariant *gv = NULL;
GVariantBuilder properties;
+ ps_modem_t *modem = user_data;
+ TcorePlugin *p = (modem)?modem->plg:NULL;
+ cynara *p_cynara = tcore_plugin_ref_user_data(p);
- if (!ps_util_check_access_control (invocation, AC_PS_PUBLIC, "r"))
+ if (!ps_util_check_access_control(p_cynara, invocation, AC_PS_PUBLIC, "r"))
return TRUE;
dbg("get modem properties");
gpointer key, value;
ps_modem_t *modem = user_data;
CoreObject *co_modem = _ps_modem_ref_co_modem(modem);
+ TcorePlugin *p = (modem)?modem->plg:NULL;
+ cynara *p_cynara = tcore_plugin_ref_user_data(p);
- if (!ps_util_check_access_control (invocation, AC_PS_PUBLIC, "r"))
+ if (!ps_util_check_access_control(p_cynara, invocation, AC_PS_PUBLIC, "r"))
return TRUE;
ps_dbg_ex_co(co_modem, "modem get service interface");
GHashTableIter iter;
gpointer key, value;
ps_modem_t *modem = user_data;
+ TcorePlugin *p = (modem)?modem->plg:NULL;
+ cynara *p_cynara = tcore_plugin_ref_user_data(p);
- if (!ps_util_check_access_control (invocation, AC_PS_PRIVATE, "w"))
+ if (!ps_util_check_access_control(p_cynara, invocation, AC_PS_PRIVATE, "w"))
return TRUE;
dbg("modem go dormant all interface");
GSList *profiles = NULL;
ps_modem_t *modem = user_data;
CoreObject *co_modem = _ps_modem_ref_co_modem(modem);
+ TcorePlugin *p = (modem)?modem->plg:NULL;
+ cynara *p_cynara = tcore_plugin_ref_user_data(p);
- if (!ps_util_check_access_control (invocation, AC_PS_PUBLIC, "r"))
+ if (!ps_util_check_access_control(p_cynara, invocation, AC_PS_PUBLIC, "r"))
return TRUE;
ps_dbg_ex_co(co_modem, "master get the profile list");
ps_modem_t *modem = user_data;
CoreObject *co_modem = _ps_modem_ref_co_modem(modem);
GHashTable *profile_property = NULL;
+ TcorePlugin *p = (modem)?modem->plg:NULL;
+ cynara *p_cynara = tcore_plugin_ref_user_data(p);
- if (!ps_util_check_access_control (invocation, AC_PS_PROFILE, "w"))
+ if (!ps_util_check_access_control(p_cynara, invocation, AC_PS_PROFILE, "w"))
return TRUE;
ps_dbg_ex_co(co_modem, "add profile request");
CoreObject *co_modem = _ps_modem_ref_co_modem(modem);
CoreObject *co_ps;
int state;
+ TcorePlugin *p = (modem)?modem->plg:NULL;
+ cynara *p_cynara = tcore_plugin_ref_user_data(p);
- if (!ps_util_check_access_control (invocation, AC_PS_PROFILE, "w"))
+ if (!ps_util_check_access_control(p_cynara, invocation, AC_PS_PROFILE, "w"))
return TRUE;
ps_dbg_ex_co(co_modem, "reset profile request type(%d)", type);
-/*\r
- * PacketService Control Module\r
- *\r
- * Copyright (c) 2012 Samsung Electronics Co., Ltd. All rights reserved.\r
- *\r
- * Contact: DongHoo Park <donghoo.park@samsung.com>\r
- * Arun Shukla <arun.shukla@samsung.com>\r
- *\r
- * Licensed under the Apache License, Version 2.0 (the "License");\r
- * you may not use this file except in compliance with the License.\r
- * You may obtain a copy of the License at\r
- *\r
- * http://www.apache.org/licenses/LICENSE-2.0\r
- *\r
- * Unless required by applicable law or agreed to in writing, software\r
- * distributed under the License is distributed on an "AS IS" BASIS,\r
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * See the License for the specific language governing permissions and\r
- * limitations under the License.\r
- *\r
- */\r
-\r
-#include <unistd.h>\r
-#include <wait.h>\r
-#include <security-server.h>\r
-\r
-#include <libxml/xmlmemory.h>\r
-#include <libxml/parser.h>\r
-#include <libxml/tree.h>\r
-\r
-#include "ps.h"\r
-\r
-gboolean ps_util_check_access_control (GDBusMethodInvocation *invoc, const char *label, const char *perm)\r
-{\r
- GDBusConnection *conn;\r
- GVariant *result_pid;\r
- GVariant *param;\r
- GError *error = NULL;\r
- const char *sender;\r
- unsigned int pid;\r
- int ret;\r
- int result = FALSE;\r
-\r
- conn = g_dbus_method_invocation_get_connection (invoc);\r
- if (!conn) {\r
- warn ("access control denied (no connection info)");\r
- goto OUT;\r
- }\r
-\r
- sender = g_dbus_method_invocation_get_sender (invoc);\r
-\r
- param = g_variant_new ("(s)", sender);\r
- if (!param) {\r
- warn ("access control denied (sender info fail)");\r
- goto OUT;\r
- }\r
-\r
- result_pid = g_dbus_connection_call_sync (conn, "org.freedesktop.DBus",\r
- "/org/freedesktop/DBus",\r
- "org.freedesktop.DBus",\r
- "GetConnectionUnixProcessID",\r
- param, NULL,\r
- G_DBUS_CALL_FLAGS_NONE, -1, NULL, &error);\r
- if (error) {\r
- warn ("access control denied (dbus error: %d(%s))",\r
- error->code, error->message);\r
- g_error_free (error);\r
- goto OUT;\r
- }\r
-\r
- if (!result_pid) {\r
- warn ("access control denied (fail to get pid)");\r
- goto OUT;\r
- }\r
-\r
- g_variant_get (result_pid, "(u)", &pid);\r
- g_variant_unref (result_pid);\r
-\r
- dbg ("sender: %s pid = %u", sender, pid);\r
-\r
- ret = security_server_check_privilege_by_pid (pid, label, perm);\r
- if (ret != SECURITY_SERVER_API_SUCCESS) {\r
- warn ("pid(%u) access (%s - %s) denied(%d)", pid, label, perm, ret);\r
- }\r
- else\r
- result = TRUE;\r
-\r
-OUT:\r
- if (result == FALSE) {\r
- g_dbus_method_invocation_return_error (invoc,\r
- G_DBUS_ERROR,\r
- G_DBUS_ERROR_ACCESS_DENIED,\r
- "No access rights");\r
- }\r
- return result;\r
-}\r
-\r
-GSource * ps_util_gsource_dispatch(GMainContext *main_context, gint priority, GSourceFunc cb, gpointer data)\r
-{\r
- GSource *request_source = NULL;\r
- request_source = g_idle_source_new();\r
- g_source_set_callback(request_source, cb, data, NULL);\r
- g_source_set_priority(request_source, priority);\r
- g_source_attach(request_source, main_context);\r
- return request_source;\r
-}\r
-\r
-gboolean ps_util_thread_dispatch(GMainContext *main_context, gint priority, GSourceFunc cb, gpointer data)\r
-{\r
-\r
- GSource *request_source;\r
-\r
- if (main_context == NULL || cb == NULL) {\r
- err("Failed to dispatch");\r
- return FALSE;\r
- }\r
- request_source = ps_util_gsource_dispatch(main_context, priority, cb, data);\r
- g_source_unref(request_source);\r
-\r
- return TRUE;\r
-}\r
-\r
-int ps_util_system_command(char *command)\r
-{\r
- int pid = 0,\r
- status = 0;\r
- const char *environ[] = { NULL };\r
-\r
- if (command == NULL)\r
- return -1;\r
-\r
- dbg("%s", command);\r
-\r
- pid = fork();\r
- if (pid == -1)\r
- return -1;\r
- if (pid == 0) {\r
- char *argv[4];\r
- argv[0] = "sh";\r
- argv[1] = "-c";\r
- argv[2] = (char *)command;\r
- argv[3] = 0;\r
- execve("/bin/sh", argv, (char **)environ);\r
- exit(127);\r
- }\r
- do {\r
- if (waitpid(pid, &status, 0) == -1) {\r
- if (errno != EINTR)\r
- return -1;\r
- } else {\r
- if (WIFEXITED(status)) {\r
- return WEXITSTATUS(status);\r
- } else if (WIFSIGNALED(status)) {\r
- return WTERMSIG(status);\r
- } else if (WIFSTOPPED(status)) {\r
- return WSTOPSIG(status);\r
- }\r
- }\r
- } while (!WIFEXITED(status) && !WIFSIGNALED(status));\r
-\r
- return 0;\r
-}\r
-\r
-void ps_util_load_xml_file(const char *docname, const char *groupname, void **i_doc, void **i_root_node)\r
-{\r
- xmlDocPtr *doc = (xmlDocPtr *)i_doc;\r
- xmlNodePtr *root_node = (xmlNodePtr *)i_root_node;\r
-\r
- dbg("docname:%s, groupname:%s", docname, groupname);\r
-\r
- *doc = xmlParseFile(docname);\r
- if (*doc) {\r
- *root_node = xmlDocGetRootElement(*doc);\r
- if (*root_node) {\r
- dbg("*root_node->name:%s", (*root_node)->name);\r
- if (0 == xmlStrcmp((*root_node)->name, (const xmlChar *) groupname)) {\r
- dbg("root_node is found !!!");\r
- return;\r
- } else {\r
- err("Cannot find root node.");\r
- *root_node = NULL;\r
- }\r
- }\r
- xmlFreeDoc(*doc);\r
- *doc = NULL;\r
- } else {\r
- err("fail to parse doc(%s)", docname);\r
- }\r
-}\r
-\r
-void ps_util_unload_xml_file(void **i_doc, void **i_root_node)\r
-{\r
- xmlDocPtr *doc = (xmlDocPtr *)i_doc;\r
- xmlNodePtr *root_node = (xmlNodePtr *)i_root_node;\r
-\r
- dbg("unloading XML");\r
- if (doc && *doc) {\r
- xmlFreeDoc(*doc);\r
- *doc = NULL;\r
- if (root_node)\r
- *root_node = NULL;\r
- }\r
-}\r
+/*
+ * PacketService Control Module
+ *
+ * Copyright (c) 2012 Samsung Electronics Co., Ltd. All rights reserved.
+ *
+ * Contact: DongHoo Park <donghoo.park@samsung.com>
+ * Arun Shukla <arun.shukla@samsung.com>
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+#include <unistd.h>
+#include <wait.h>
+
+#include <libxml/xmlmemory.h>
+#include <libxml/parser.h>
+#include <libxml/tree.h>
+
+#include <cynara-session.h>
+
+#include "ps.h"
+
+#define PERM_WRITE "w"
+#define PERM_EXECUTE "x"
+#define TELEPHONY_PRIVILEGE "http://tizen.org/privilege/telephony"
+#define TELEPHONY_ADMIN_PRIVILEGE "http://tizen.org/privilege/telephony.admin"
+
+gboolean ps_util_check_access_control (cynara *p_cynara, GDBusMethodInvocation *invoc, const char *label, const char *perm)
+{
+ GDBusConnection *conn;
+ GVariant *result_pid;
+ GVariant *param;
+ GError *error = NULL;
+ const char *sender;
+ unsigned int pid;
+ int ret;
+ int result = FALSE;
+ /* For cynara */
+ GVariant *result_uid;
+ GVariant *result_smack;
+ const gchar *unique_name = NULL;
+ gchar *client_smack = NULL;
+ char *client_session = NULL;
+ unsigned int uid;
+ gchar *uid_string = NULL;
+ const char *privilege = NULL;
+
+ if (!p_cynara) {
+ warn ("access control denied (fail to get cynara handle)");
+ goto OUT;
+ }
+
+ conn = g_dbus_method_invocation_get_connection (invoc);
+ if (!conn) {
+ warn ("access control denied (no connection info)");
+ goto OUT;
+ }
+
+ unique_name = g_dbus_connection_get_unique_name(conn);
+ if (!unique_name) {
+ warn ("access control denied (fail to get unique name)");
+ goto OUT;
+ }
+
+ sender = g_dbus_method_invocation_get_sender (invoc);
+
+ param = g_variant_new ("(s)", sender);
+ if (!param) {
+ warn ("access control denied (sender info fail)");
+ goto OUT;
+ }
+
+ /* Get PID */
+ result_pid = g_dbus_connection_call_sync (conn, "org.freedesktop.DBus",
+ "/org/freedesktop/DBus",
+ "org.freedesktop.DBus",
+ "GetConnectionUnixProcessID",
+ param, NULL,
+ G_DBUS_CALL_FLAGS_NONE, -1, NULL, &error);
+ if (error) {
+ warn ("access control denied (dbus error: %d(%s))",
+ error->code, error->message);
+ g_error_free (error);
+ goto OUT;
+ }
+
+ if (!result_pid) {
+ warn ("access control denied (fail to get pid)");
+ goto OUT;
+ }
+
+ g_variant_get (result_pid, "(u)", &pid);
+ g_variant_unref (result_pid);
+
+ /* Get UID */
+ result_uid = g_dbus_connection_call_sync (conn, "org.freedesktop.DBus",
+ "/org/freedesktop/DBus",
+ "org.freedesktop.DBus",
+ "GetConnectionUnixUser",
+ g_variant_new("(s)", unique_name), G_VARIANT_TYPE("(u)"),
+ G_DBUS_CALL_FLAGS_NONE, -1, NULL, &error);
+ if (error) {
+ warn ("access control denied (dbus error: %d(%s))",
+ error->code, error->message);
+ g_error_free (error);
+ goto OUT;
+ }
+
+ if (!result_uid) {
+ warn ("access control denied (fail to get uid for cynara)");
+ goto OUT;
+ }
+
+ g_variant_get (result_uid, "(u)", &uid);
+ g_variant_unref (result_uid);
+ uid_string = g_strdup_printf("%u", uid);
+
+ /* Get Smack label */
+ result_smack = g_dbus_connection_call_sync (conn, "org.freedesktop.DBus",
+ "/org/freedesktop/DBus",
+ "org.freedesktop.DBus",
+ "GetConnectionSmackContext",
+ g_variant_new("(s)", unique_name), G_VARIANT_TYPE("(s)"),
+ G_DBUS_CALL_FLAGS_NONE, -1, NULL, &error);
+ if (error) {
+ warn ("access control denied (dbus error: %d(%s))",
+ error->code, error->message);
+ g_error_free (error);
+ goto OUT;
+ }
+ if (!result_smack) {
+ warn ("access control denied (fail to get smack for cynara)");
+ goto OUT;
+ }
+ g_variant_get (result_smack, "(s)", &client_smack);
+ g_variant_unref (result_smack);
+
+ dbg ("sender: %s pid = %u uid = %u smack = %s", sender, pid, uid, client_smack);
+
+ client_session = cynara_session_from_pid(pid);
+ if (!client_session) {
+ warn ("access control denied (fail to get cynara client session)");
+ goto OUT;
+ }
+
+ if (g_strrstr(perm, PERM_WRITE) == NULL && g_strrstr(perm, PERM_EXECUTE) == NULL) {
+ privilege = TELEPHONY_PRIVILEGE;
+ } else {
+ privilege = TELEPHONY_ADMIN_PRIVILEGE;
+ }
+
+ ret = cynara_check(p_cynara, client_smack, client_session, uid_string, privilege);
+ if (ret != CYNARA_API_ACCESS_ALLOWED) {
+ warn ("pid(%u) access (%s - %s) denied(%d)", pid, label, perm, ret);
+ }
+ else
+ result = TRUE;
+OUT:
+ if (result == FALSE) {
+ g_dbus_method_invocation_return_error (invoc,
+ G_DBUS_ERROR,
+ G_DBUS_ERROR_ACCESS_DENIED,
+ "No access rights");
+ }
+ free(client_session);
+ g_free(client_smack);
+ g_free(uid_string);
+
+ return result;
+}
+
+GSource * ps_util_gsource_dispatch(GMainContext *main_context, gint priority, GSourceFunc cb, gpointer data)
+{
+ GSource *request_source = NULL;
+ request_source = g_idle_source_new();
+ g_source_set_callback(request_source, cb, data, NULL);
+ g_source_set_priority(request_source, priority);
+ g_source_attach(request_source, main_context);
+ return request_source;
+}
+
+gboolean ps_util_thread_dispatch(GMainContext *main_context, gint priority, GSourceFunc cb, gpointer data)
+{
+
+ GSource *request_source;
+
+ if (main_context == NULL || cb == NULL) {
+ err("Failed to dispatch");
+ return FALSE;
+ }
+ request_source = ps_util_gsource_dispatch(main_context, priority, cb, data);
+ g_source_unref(request_source);
+
+ return TRUE;
+}
+
+int ps_util_system_command(char *command)
+{
+ int pid = 0,
+ status = 0;
+ const char *environ[] = { NULL };
+
+ if (command == NULL)
+ return -1;
+
+ dbg("%s", command);
+
+ pid = fork();
+ if (pid == -1)
+ return -1;
+ if (pid == 0) {
+ char *argv[4];
+ argv[0] = "sh";
+ argv[1] = "-c";
+ argv[2] = (char *)command;
+ argv[3] = 0;
+ execve("/bin/sh", argv, (char **)environ);
+ exit(127);
+ }
+ do {
+ if (waitpid(pid, &status, 0) == -1) {
+ if (errno != EINTR)
+ return -1;
+ } else {
+ if (WIFEXITED(status)) {
+ return WEXITSTATUS(status);
+ } else if (WIFSIGNALED(status)) {
+ return WTERMSIG(status);
+ } else if (WIFSTOPPED(status)) {
+ return WSTOPSIG(status);
+ }
+ }
+ } while (!WIFEXITED(status) && !WIFSIGNALED(status));
+
+ return 0;
+}
+
+void ps_util_load_xml_file(const char *docname, const char *groupname, void **i_doc, void **i_root_node)
+{
+ xmlDocPtr *doc = (xmlDocPtr *)i_doc;
+ xmlNodePtr *root_node = (xmlNodePtr *)i_root_node;
+
+ dbg("docname:%s, groupname:%s", docname, groupname);
+
+ *doc = xmlParseFile(docname);
+ if (*doc) {
+ *root_node = xmlDocGetRootElement(*doc);
+ if (*root_node) {
+ dbg("*root_node->name:%s", (*root_node)->name);
+ if (0 == xmlStrcmp((*root_node)->name, (const xmlChar *) groupname)) {
+ dbg("root_node is found !!!");
+ return;
+ } else {
+ err("Cannot find root node.");
+ *root_node = NULL;
+ }
+ }
+ xmlFreeDoc(*doc);
+ *doc = NULL;
+ } else {
+ err("fail to parse doc(%s)", docname);
+ }
+}
+
+void ps_util_unload_xml_file(void **i_doc, void **i_root_node)
+{
+ xmlDocPtr *doc = (xmlDocPtr *)i_doc;
+ xmlNodePtr *root_node = (xmlNodePtr *)i_root_node;
+
+ dbg("unloading XML");
+ if (doc && *doc) {
+ xmlFreeDoc(*doc);
+ *doc = NULL;
+ if (root_node)
+ *root_node = NULL;
+ }
+}