Add LEGACY_SECURITY build feature for supporting security-server based privilege...

If LEGACY_SECURITY is set to 1, the security cookie of the app is bundled in all dbus calls.

Change-Id: I18d794e20ff337944dbeb10a5c917664b00e3b00
Signed-off-by: Mu-Woong Lee <muwoong.lee@samsung.com>

diff --git a/CMakeLists.txt b/CMakeLists.txt
index dfdcf02f5d303257007802410e527c20d0c35797..ef82e59dea3feb5644b9da03869dc0c3e4c7330e 100644 (file)
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -12,6 +12,11 @@ MESSAGE("Sources: ${SRCS}")
 # Dependencies
 SET(DEPS "gio-2.0 libcontext-shared aul bundle capi-appfw-app-control pkgmgr-info")
 
+IF(${LEGACY_SECURITY})
+       SET(DEPS "${DEPS} security-server")
+       ADD_DEFINITIONS(-DLEGACY_SECURITY)
+ENDIF(${LEGACY_SECURITY})
+
 # Common Options
 INCLUDE(FindPkgConfig)
 INCLUDE_DIRECTORIES(

diff --git a/packaging/context.spec b/packaging/context.spec
index 9a84f717a66f852e264fdf3c309530673e7699a5..dddc1bc6f66cafd10a443c5905e1f08c4930d274 100644 (file)
--- a/packaging/context.spec
+++ b/packaging/context.spec
@@ -8,6 +8,7 @@ Source0:    %{name}-%{version}.tar.gz
 
 %define BUILD_PROFILE %{?profile}%{!?profile:%{?tizen_profile_name}}
 
+%define LEGACY_SECURITY        0
 %define LEGACY_APPFW   0
 
 %if "%{?BUILD_PROFILE}" == "tv"
@@ -22,6 +23,10 @@ BuildRequires: pkgconfig(bundle)
 BuildRequires: pkgconfig(capi-appfw-app-control)
 BuildRequires: pkgconfig(pkgmgr-info)
 
+%if %{LEGACY_SECURITY}
+BuildRequires: pkgconfig(security-server)
+%endif
+
 %description
 Tizen Context Framework Native API
 
@@ -58,6 +63,7 @@ export CXXFLAGS+=" -D_ALLOW_SERVICE_APP_TRIGGER_"
 
 cmake . -DCMAKE_INSTALL_PREFIX=%{_prefix} -DMAJORVER=${MAJORVER} -DFULLVER=%{version} \
                                                           -DPROFILE=%{?BUILD_PROFILE} \
+                                                          -DLEGACY_SECURITY=%{LEGACY_SECURITY} \
                                                           -DLEGACY_APPFW=%{LEGACY_APPFW}
 make %{?jobs:-j%jobs}
 

diff --git a/src/DBusClient.cpp b/src/DBusClient.cpp
index 918a9b9f2cd6d6af802261f0b2cb9d5980f60b40..d8a6d240fe1f410636cefcd6bf858fda1571650e 100644 (file)
--- a/src/DBusClient.cpp
+++ b/src/DBusClient.cpp
@@ -19,6 +19,32 @@
 #include <ScopeMutex.h>
 #include "DBusClient.h"
 
+#ifdef LEGACY_SECURITY
+#include <security-server.h>
+
+static const char* __getCookie()
+{
+       static char *cookie = NULL;
+       static GMutex cookieMutex;
+
+       ctx::ScopeMutex sm(&cookieMutex);
+
+       if (cookie == NULL) {
+               int rawSize = security_server_get_cookie_size();
+               IF_FAIL_RETURN_TAG(rawSize > 0, NULL, _E, "Invalid cookie size");
+
+               char rawCookie[rawSize];
+               int ret = security_server_request_cookie(rawCookie, rawSize);
+               IF_FAIL_RETURN_TAG(ret >= 0, NULL, _E, "Failed to get the security cookie");
+
+               cookie = g_base64_encode(reinterpret_cast<guchar*>(rawCookie), rawSize);
+               IF_FAIL_RETURN_TAG(cookie, NULL, _E, "Failed to encode the cookie");
+       }
+
+       return cookie;
+}
+#endif
+
 using namespace ctx;
 
 static const gchar __introspection[] =
@@ -176,9 +202,13 @@ int DBusClient::__request(int type, int reqId, const char* subject, const char*
        if (input == NULL)
                input = EMPTY_JSON_OBJECT;
 
-       /* FIXME: the second param is the security cookie, which is deprected in 3.0.
-        * We need to completely REMOVE this parameter from the dbus protocol. */
+#ifdef LEGACY_SECURITY
+       const char *cookie = __getCookie();
+       IF_FAIL_RETURN_TAG(cookie, ERR_OPERATION_FAILED, _E, "Cookie generation failed");
+       GVariant *param = g_variant_new("(isiss)", type, cookie, reqId, subject, input);
+#else
        GVariant *param = g_variant_new("(isiss)", type, "", reqId, subject, input);
+#endif
        IF_FAIL_RETURN_TAG(param, ERR_OUT_OF_MEMORY, _E, "Memory allocation failed");
 
        GError *err = NULL;