*
*/
+#include <cynara-client.h>
+#include <cynara-creds-socket.h>
+#include <cynara-session.h>
#include <permission_checker.h>
#include <sf_common.h>
#include <common.h>
#include <sensor_plugin_loader.h>
#include <sensor_base.h>
-#include <dlfcn.h>
-#define SECURITY_LIB "/usr/lib/libsecurity-server-client.so.1"
+static cynara *cynara_env = NULL;
+
+static bool check_privilege_by_sockfd(int sock_fd, const char *priv)
+{
+ retvm_if(cynara_env == NULL, false, "Cynara not initialized");
+
+ int ret;
+ int pid = -1;
+ char *client = NULL;
+ char *session = NULL;
+ char *user = NULL;
+
+ retvm_if(cynara_creds_socket_get_pid(sock_fd, &pid) != CYNARA_API_SUCCESS, false, "Getting PID failed");
+
+ if (cynara_creds_socket_get_client(sock_fd, CLIENT_METHOD_DEFAULT, &client) != CYNARA_API_SUCCESS ||
+ cynara_creds_socket_get_user(sock_fd, USER_METHOD_DEFAULT, &user) != CYNARA_API_SUCCESS ||
+ (session = cynara_session_from_pid(pid)) == NULL) {
+ ERR("Getting client info failed");
+ free(client);
+ free(user);
+ free(session);
+ return false;
+ }
+
+ ret = cynara_check(cynara_env, client, session, user, priv);
+
+ free(client);
+ free(session);
+ free(user);
+
+ return (ret == CYNARA_API_ACCESS_ALLOWED);
+}
permission_checker::permission_checker()
-: m_security_server_check_privilege_by_sockfd(NULL)
-, m_security_handle(NULL)
-, m_permission_set(0)
+: m_permission_set(0)
{
init();
}
permission_checker::~permission_checker()
{
- if (m_security_handle)
- dlclose(m_security_handle);
+ deinit();
}
permission_checker& permission_checker::get_instance()
return inst;
}
-bool permission_checker::init_security_lib(void)
-{
- m_security_handle = dlopen(SECURITY_LIB, RTLD_LAZY);
-
- if (!m_security_handle) {
- ERR("dlopen(%s) error, cause: %s", SECURITY_LIB, dlerror());
- return false;
- }
-
- m_security_server_check_privilege_by_sockfd =
- (security_server_check_privilege_by_sockfd_t) dlsym(m_security_handle, "security_server_check_privilege_by_sockfd");
-
- if (!m_security_server_check_privilege_by_sockfd) {
- ERR("Failed to load symbol");
- dlclose(m_security_handle);
- m_security_handle = NULL;
- return false;
- }
-
- return true;
-
-}
-
void permission_checker::init()
{
- m_permission_infos.push_back(std::make_shared<permission_info> (SENSOR_PERMISSION_STANDARD, false, "", ""));
- m_permission_infos.push_back(std::make_shared<permission_info> (SENSOR_PERMISSION_BIO, true, "sensord::bio", "rw"));
+ m_permission_infos.push_back(std::make_shared<permission_info> (SENSOR_PERMISSION_STANDARD, false, ""));
+ m_permission_infos.push_back(std::make_shared<permission_info> (SENSOR_PERMISSION_BIO, true, "http://tizen.org/privilege/healthinfo"));
vector<sensor_base *> sensors;
sensors = sensor_plugin_loader::get_instance().get_sensors(ALL_SENSOR);
INFO("Permission Set = %d", m_permission_set);
- if (!init_security_lib())
- ERR("Failed to init security lib: %s", SECURITY_LIB);
+ if (cynara_initialize(&cynara_env, NULL) != CYNARA_API_SUCCESS) {
+ cynara_env = NULL;
+ ERR("Cynara initialization failed");
+ }
+}
+
+void permission_checker::deinit()
+{
+ if (cynara_env)
+ cynara_finish(cynara_env);
+
+ cynara_env = NULL;
}
int permission_checker::get_permission(int sock_fd)
for (unsigned int i = 0; i < m_permission_infos.size(); ++i) {
if (!m_permission_infos[i]->need_to_check) {
permission |= m_permission_infos[i]->permission;
- } else if ((m_permission_set & m_permission_infos[i]->permission) && m_security_server_check_privilege_by_sockfd) {
- if (m_security_server_check_privilege_by_sockfd(sock_fd, m_permission_infos[i]->name.c_str(), m_permission_infos[i]->access_right.c_str()) == 1) {
+ } else if (m_permission_set & m_permission_infos[i]->permission) {
+ if (check_privilege_by_sockfd(sock_fd, m_permission_infos[i]->privilege.c_str())) {
permission |= m_permission_infos[i]->permission;
}
}
private:
class permission_info {
public:
- permission_info(int _permission, bool _need_to_check, std::string _name, std::string _access_right)
+ permission_info(int _permission, bool _need_to_check, std::string _priv)
: permission(_permission)
, need_to_check(_need_to_check)
- , name(_name)
- , access_right(_access_right)
+ , privilege(_priv)
{
}
int permission;
bool need_to_check;
- std::string name;
- std::string access_right;
+ std::string privilege;
};
typedef std::vector<std::shared_ptr<permission_info>> permission_info_vector;
- typedef int (*security_server_check_privilege_by_sockfd_t)(int sockfd,
- const char *object,
- const char *access_rights);
-
permission_checker();
~permission_checker();
permission_checker(permission_checker const&) {};
permission_checker& operator=(permission_checker const&);
- bool init_security_lib(void);
void init();
-
- security_server_check_privilege_by_sockfd_t m_security_server_check_privilege_by_sockfd;
- void *m_security_handle;
+ void deinit();
permission_info_vector m_permission_infos;
int m_permission_set;
+
public:
static permission_checker& get_instance();