capi-appfw-package-manager
appsvc
notification
- cynara-creds-gdbus
- cynara-client
- cynara-session
libcontext-server
context
)
+IF(${LEGACY_SECURITY})
+ SET(DEPS ${DEPS} security-server)
+ ADD_DEFINITIONS(-DLEGACY_SECURITY)
+ELSE(${LEGACY_SECURITY})
+ SET(DEPS ${DEPS} cynara-creds-gdbus cynara-client cynara-session)
+ENDIF(${LEGACY_SECURITY})
+
+IF(${SYSTEM_SERVICE})
+ ADD_DEFINITIONS(-DSYSTEM_SERVICE)
+ENDIF(${SYSTEM_SERVICE})
+
# Common Options
INCLUDE(FindPkgConfig)
INCLUDE_DIRECTORIES(
License: Apache-2.0
Source0: %{name}-%{version}.tar.gz
Source1: context-service.service
-Source2: org.tizen.context.conf
%define BUILD_PROFILE %{?profile}%{!?profile:%{?tizen_profile_name}}
+%define SYSTEM_SERVICE 0
+%define LEGACY_SECURITY 0
+
%if "%{?BUILD_PROFILE}" == "tv"
ExcludeArch: %{arm} aarch64 %ix86 x86_64
%endif
+%if %{SYSTEM_SERVICE}
+%define SERVICE_UNIT_DIR %{_unitdir}
+%else
+%define SERVICE_UNIT_DIR %{_unitdir_user}
+%endif
+
BuildRequires: cmake
-BuildRequires: sed
BuildRequires: pkgconfig(gmodule-2.0)
BuildRequires: pkgconfig(vconf)
BuildRequires: pkgconfig(capi-system-info)
BuildRequires: pkgconfig(appsvc)
BuildRequires: pkgconfig(notification)
+%if %{LEGACY_SECURITY}
+BuildRequires: pkgconfig(security-server)
+%else
BuildRequires: pkgconfig(cynara-creds-gdbus)
BuildRequires: pkgconfig(cynara-client)
BuildRequires: pkgconfig(cynara-session)
+%endif
BuildRequires: pkgconfig(libcontext-server)
BuildRequires: pkgconfig(context)
export CFLAGS+=" -fno-common"
export CXXFLAGS+=" -Wnon-virtual-dtor"
-export CXXFLAGS+=" -std=c++11 -Wno-c++11-compat"
+export CXXFLAGS+=" -std=c++0x"
#export CFLAGS+=" -Wcast-qual"
#export CXXFLAGS+=" -Wcast-qual"
#export CXXFLAGS+=" -DTIZEN_ENGINEER_MODE"
#export FFLAGS+=" -DTIZEN_ENGINEER_MODE"
-cmake . -DCMAKE_INSTALL_PREFIX=%{_prefix} -DMAJORVER=${MAJORVER} -DFULLVER=%{version}
+cmake . -DCMAKE_INSTALL_PREFIX=%{_prefix} -DMAJORVER=${MAJORVER} -DFULLVER=%{version} \
+ -DSYSTEM_SERVICE=%{SYSTEM_SERVICE} \
+ -DLEGACY_SECURITY=%{LEGACY_SECURITY}
make %{?jobs:-j%jobs}
%install
rm -rf %{buildroot}
%make_install
-mkdir -p %{buildroot}%{_unitdir_user}
+mkdir -p %{buildroot}%{SERVICE_UNIT_DIR}
mkdir -p %{buildroot}%{_datadir}/license
mkdir -p %{buildroot}%{_datadir}/packages
mkdir -p %{buildroot}/opt/data/context-service
-install -m 0644 %{SOURCE1} %{buildroot}%{_unitdir_user}
+install -m 0644 %{SOURCE1} %{buildroot}%{SERVICE_UNIT_DIR}
cp LICENSE %{buildroot}%{_datadir}/license/%{name}
+%if ! %{LEGACY_SECURITY}
mkdir -p %{buildroot}%{_sysconfdir}/dbus-1/session.d
-install -m 0644 %{SOURCE2} %{buildroot}%{_sysconfdir}/dbus-1/session.d/
+install -m 0644 packaging/org.tizen.context.conf %{buildroot}%{_sysconfdir}/dbus-1/session.d/
+%endif
%post
-mkdir -p %{_unitdir_user}/default.target.wants
-ln -s ../context-service.service %{_unitdir_user}/default.target.wants/
+mkdir -p %{SERVICE_UNIT_DIR}/default.target.wants
+ln -s ../context-service.service %{SERVICE_UNIT_DIR}/default.target.wants/
/sbin/ldconfig
#systemctl daemon-reload
#fi
%postun
-rm -f %{_unitdir_user}/default.target.wants/context-service.service
+rm -f %{SERVICE_UNIT_DIR}/default.target.wants/context-service.service
#systemctl daemon-reload
/sbin/ldconfig
%files
%manifest packaging/%{name}.manifest
+%if ! %{LEGACY_SECURITY}
%config %{_sysconfdir}/dbus-1/session.d/*
+%endif
%{_bindir}/*
-%{_unitdir_user}/context-service.service
+%{SERVICE_UNIT_DIR}/context-service.service
%{_datadir}/license/%{name}
Credentials *creds = NULL;
- if (!peer_creds::get(__connection, sender, &creds)) {
+ if (!peer_creds::get(__connection, sender, cookie, &creds)) {
_E("Peer credentialing failed");
g_dbus_method_invocation_return_value(invocation, g_variant_new("(iss)", ERR_OPERATION_FAILED, EMPTY_JSON_OBJECT, EMPTY_JSON_OBJECT));
return;
__nodeInfo = g_dbus_node_info_new_for_xml(__introspection_xml, NULL);
IF_FAIL_RETURN_TAG(__nodeInfo != NULL, false, _E, "Initialization failed");
+#ifdef SYSTEM_SERVICE
+ __owner = g_bus_own_name(G_BUS_TYPE_SYSTEM, DBUS_DEST, G_BUS_NAME_OWNER_FLAGS_NONE,
+ __onBusAcquired, __onNameAcquired, __onNameLost, NULL, NULL);
+#else
__owner = g_bus_own_name(G_BUS_TYPE_SESSION, DBUS_DEST, G_BUS_NAME_OWNER_FLAGS_NONE,
__onBusAcquired, __onNameAcquired, __onNameLost, NULL, NULL);
+#endif
__theInstance = this;
return true;
* limitations under the License.
*/
-#include <cynara-creds-gdbus.h>
-#include <cynara-session.h>
#include <app_manager.h>
#include <package_manager.h>
#include <Types.h>
#include "PeerCreds.h"
+#ifdef LEGACY_SECURITY
+#include <security-server.h>
+#else
+#include <cynara-creds-gdbus.h>
+#include <cynara-session.h>
+#endif
+
ctx::Credentials::Credentials(char *pkgId, char *cli, char *sess, char *usr) :
packageId(pkgId),
client(cli),
g_free(user);
}
-bool ctx::peer_creds::get(GDBusConnection *connection, const char *uniqueName, ctx::Credentials **creds)
+bool ctx::peer_creds::get(GDBusConnection *connection, const char *uniqueName, const char *cookie, ctx::Credentials **creds)
{
pid_t pid = 0;
char *app_id = NULL;
gchar *client = NULL;
char *session = NULL;
gchar *user = NULL;
- int err;
- err = cynara_creds_gdbus_get_pid(connection, uniqueName, &pid);
+#ifdef LEGACY_SECURITY
+ gsize size;
+ char *decoded = reinterpret_cast<char*>(g_base64_decode(cookie, &size));
+ IF_FAIL_RETURN_TAG(decoded, false, _E, "Cookie decoding failed");
+
+ pid = security_server_get_cookie_pid(decoded);
+ if (pid <= 0) {
+ _E("security_server_get_cookie_pid() failed");
+ g_free(decoded);
+ return false;
+ }
+ client = security_server_get_smacklabel_cookie(decoded);
+ g_free(decoded);
+ IF_FAIL_RETURN_TAG(client, false, _E, "security_server_get_smacklabel_cookie() failed");
+#else
+ int err = cynara_creds_gdbus_get_pid(connection, uniqueName, &pid);
IF_FAIL_RETURN_TAG(err == CYNARA_API_SUCCESS, false, _E, "Peer credentialing failed");
- app_manager_get_app_id(pid, &app_id);
- package_manager_get_package_id_by_app_id(app_id, &packageId);
- _D("AppId: %s, PackageId: %s", app_id, packageId);
+ session = cynara_session_from_pid(pid);
+ IF_FAIL_CATCH_TAG(session, _E, "Peer credentialing failed");
err = cynara_creds_gdbus_get_client(connection, uniqueName, CLIENT_METHOD_DEFAULT, &client);
IF_FAIL_CATCH_TAG(err == CYNARA_API_SUCCESS, _E, "Peer credentialing failed");
- session = cynara_session_from_pid(pid);
- IF_FAIL_CATCH_TAG(session, _E, "Peer credentialing failed");
-
err = cynara_creds_gdbus_get_user(connection, uniqueName, USER_METHOD_DEFAULT, &user);
IF_FAIL_CATCH_TAG(err == CYNARA_API_SUCCESS, _E, "Peer credentialing failed");
+#endif
+
+ app_manager_get_app_id(pid, &app_id);
+ package_manager_get_package_id_by_app_id(app_id, &packageId);
+ _D("AppId: %s, PackageId: %s", app_id, packageId);
+ g_free(app_id);
*creds = new(std::nothrow) Credentials(packageId, client, session, user);
IF_FAIL_CATCH_TAG(*creds, _E, "Memory allocation failed");
- g_free(app_id);
return true;
CATCH:
- g_free(app_id);
g_free(packageId);
g_free(client);
g_free(session);
namespace peer_creds {
- bool get(GDBusConnection *connection, const char *uniqueName, Credentials **creds);
+ bool get(GDBusConnection *connection, const char *uniqueName, const char *cookie, Credentials **creds);
} /* namespace peer_creds */
} /* namespace ctx */
*/
#include <string>
-#include <cynara-client.h>
#include <Types.h>
#include "PeerCreds.h"
#include "Privilege.h"
+#ifdef LEGACY_SECURITY
+
+#include <sys/smack.h>
+#define PRIV_PREFIX "privilege::tizen::"
+
+#else
+
+#include <cynara-client.h>
+#define PRIV_PREFIX "http://tizen.org/privilege/"
#define CACHE_SIZE 100
class PermissionChecker {
return (ret == CYNARA_API_ACCESS_ALLOWED);
}
};
+#endif
bool ctx::privilege_manager::isAllowed(const ctx::Credentials *creds, const char *privilege)
{
IF_FAIL_RETURN(creds && privilege, true);
- std::string priv = "http://tizen.org/privilege/";
+ std::string priv = PRIV_PREFIX;
priv += privilege;
+#ifdef LEGACY_SECURITY
+ int ret = smack_have_access(creds->client, priv.c_str(), "rw");
+ _SD("Client: %s, Priv: %s, Enabled: %d", creds->client, privilege, ret);
+ return (ret == 1);
+#else
return PermissionChecker::getInstance().hasPermission(creds, priv.c_str());
+#endif
}
#ifndef _CONTEXT_PRIVILEGE_MANAGER_H_
#define _CONTEXT_PRIVILEGE_MANAGER_H_
-#include <string>
-
-#define PRIV_ALARM_SET "alarm.set"
-
namespace ctx {
/* Forward declaration */