Apply Cynara API

Change-Id: I8bd020538e757b97e6ea5bbc84abd970a72e36ea
Signed-off-by: Sangkoo Kim <sangkoo.kim@samsung.com>

diff --git a/externals/CMakeLists.txt b/externals/CMakeLists.txt
index 9f49019..d2773e7 100755 (executable)
--- a/externals/CMakeLists.txt
+++ b/externals/CMakeLists.txt
@@ -32,7 +32,7 @@ INCLUDE_DIRECTORIES(
 )
 
 INCLUDE(FindPkgConfig)
-pkg_check_modules(externals_pkgs REQUIRED glib-2.0 deviced mm-session alarm-service notification secure-storage badge iniparser capi-appfw-application lbs-dbus mm-fileinfo mm-player mm-sound sensor feedback db-util)
+pkg_check_modules(externals_pkgs REQUIRED glib-2.0 deviced mm-session alarm-service notification badge iniparser capi-appfw-application lbs-dbus mm-fileinfo mm-player mm-sound sensor feedback db-util)
 
 FOREACH(flag ${externals_pkgs_CFLAGS})
        SET(EXTRA_CFLAGS "${EXTRA_CFLAGS} ${flag}")

diff --git a/framework/CMakeLists.txt b/framework/CMakeLists.txt
index bc39d74..2cf6d2a 100755 (executable)
--- a/framework/CMakeLists.txt
+++ b/framework/CMakeLists.txt
@@ -108,7 +108,7 @@ INCLUDE_DIRECTORIES(
 )
 
 INCLUDE(FindPkgConfig)
-pkg_check_modules(trans_manager_pkgs REQUIRED glib-2.0 security-server dlog vconf)
+pkg_check_modules(trans_manager_pkgs REQUIRED glib-2.0 dlog vconf cynara-client cynara-creds-socket cynara-session cynara-creds-commons)
 
 FOREACH(flag ${trans_manager_pkgs_CFLAGS})
        SET(EXTRA_CFLAGS "${EXTRA_CFLAGS} ${flag}")

diff --git a/framework/main.cpp b/framework/main.cpp
index c8b413f..fdb17d5 100755 (executable)
--- a/framework/main.cpp
+++ b/framework/main.cpp
@@ -180,6 +180,10 @@ void* StartMsgServer(void*)
 {
        try
        {
+               if (MsgTransactionManager::instance()->initCynara() == false) {
+                       MSG_ERR("Cynara initialize failed. It will try again when API is called.");
+               }
+
                MsgTransactionManager::instance()->run();
        }
        catch (MsgException& e)
@@ -250,6 +254,8 @@ int main(void)
                MSG_DEBUG("Fail to start Messaging Framework!!!");
        }
 
+       MsgTransactionManager::instance()->finishCynara();
+
        // Remove vconf CB
        MsgSettingRemoveVconfCB();
        //contacts-service is not used for gear

diff --git a/framework/transaction-manager/MsgTransManager.cpp b/framework/transaction-manager/MsgTransManager.cpp
index 3c80160..c1f0e91 100755 (executable)
--- a/framework/transaction-manager/MsgTransManager.cpp
+++ b/framework/transaction-manager/MsgTransManager.cpp
@@ -20,8 +20,6 @@
 #include <sys/stat.h>
 #include <pthread.h>
 
-#include <security-server.h>
-
 #include "MsgDebug.h"
 #include "MsgMemory.h"
 #include "MsgException.h"
@@ -613,10 +611,52 @@ void MsgTransactionManager::cleanup(int fd)
 }
 
 
-#if 1
 bool MsgTransactionManager::checkPrivilege(int fd, MSG_CMD_TYPE_T CmdType)
 {
        bool bAllowed = true;
+
+       int ret;
+       char *peer_client = NULL;
+       char *peer_user = NULL;
+       char *peer_session = NULL;
+       pid_t peer_pid;
+
+       if (p_cynara == NULL) {
+               if (this->initCynara() == false) {
+                       MSG_ERR("Cynara initialize failed. It will try again when API is called.");
+                       bAllowed = false;
+                       goto _END_OF_FUNC;
+               }
+       }
+
+       ret = cynara_creds_socket_get_client(fd, client_method, &peer_client);
+       if (ret != CYNARA_API_SUCCESS) {
+               MSG_ERR("cynara_creds_socket_get_client() is failed [%d]", ret);
+               bAllowed = false;
+               goto _END_OF_FUNC;
+       }
+
+       ret = cynara_creds_socket_get_user(fd, user_method, &peer_user);
+       if (ret != CYNARA_API_SUCCESS) {
+               MSG_ERR("cynara_creds_socket_get_user() is failed [%d]", ret);
+               bAllowed = false;
+               goto _END_OF_FUNC;
+       }
+
+       ret =  cynara_creds_socket_get_pid(fd, &peer_pid);
+       if (ret != CYNARA_API_SUCCESS) {
+               MSG_ERR("cynara_creds_socket_get_pid() is failed [%d]", ret);
+               bAllowed = false;
+               goto _END_OF_FUNC;
+       }
+
+       peer_session = cynara_session_from_pid(peer_pid);
+       if (peer_session == NULL) {
+               MSG_ERR("cynara_session_from_pid() is failed");
+               bAllowed = false;
+               goto _END_OF_FUNC;
+       }
+
        switch(CmdType)
        {
        case MSG_CMD_GET_MSG:
@@ -653,9 +693,10 @@ bool MsgTransactionManager::checkPrivilege(int fd, MSG_CMD_TYPE_T CmdType)
        case MSG_CMD_GET_GENERAL_MSG_OPT:
        case MSG_CMD_GET_MSG_SIZE_OPT:
        {
-               int ret = security_server_check_privilege_by_sockfd(fd, "msg-service::read", "rw");
-               if (ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED) {
-                       MSG_DEBUG("No msg-service::read rw rule.");
+               ret = cynara_check(p_cynara, peer_client, peer_session, peer_user,
+                               "http://tizen.org/privilege/message.read");
+               if (ret != CYNARA_API_ACCESS_ALLOWED) {
+                       MSG_INFO("privilege [read] not allowd : [%d]", ret);
                        bAllowed = false;
                }
        }
@@ -696,92 +737,24 @@ bool MsgTransactionManager::checkPrivilege(int fd, MSG_CMD_TYPE_T CmdType)
        case MSG_CMD_SET_GENERAL_MSG_OPT:
        case MSG_CMD_SET_MSG_SIZE_OPT:
        {
-               int ret = security_server_check_privilege_by_sockfd(fd, "msg-service::write", "rw");
-               if (ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED) {
-                       MSG_DEBUG("No msg-service::write rw rule.");
+               ret = cynara_check(p_cynara, peer_client, peer_session, peer_user,
+                               "http://tizen.org/privilege/message.write");
+               if (ret != CYNARA_API_ACCESS_ALLOWED) {
+                       MSG_INFO("privilege [write] not allowd : [%d]", ret);
                        bAllowed = false;
                }
        }
        break;
        }
 
+_END_OF_FUNC:
+       MSG_FREE(peer_client);
+       MSG_FREE(peer_user);
+       MSG_FREE(peer_session);
+
        return bAllowed;
 }
-#else
-bool MsgTransactionManager::checkPrivilege(MSG_CMD_TYPE_T CmdType, const char *pCookie)
-{
-       if (CmdType >= MSG_CMD_PLG_SENT_STATUS_CNF && CmdType <= MSG_CMD_PLG_INIT_SIM_BY_SAT)
-       {
-               MSG_DEBUG("Request from Plug-in");
-               return true;
-       }
-
-       // Get Cookie from APP
-       if (pCookie == NULL)
-       {
-               MSG_DEBUG("Cookie is NULL");
-               return false;
-       }
-
-#ifdef MSG_FOR_DEBUG
-       for (int i = 0; i < MAX_COOKIE_LEN; i++)
-       {
-               MSG_DEBUG("cookie : [%02x]", pCookie[i]);
-       }
-#endif
-
-       // Check Cookie
-       size_t cookieSize;
-       gid_t gid;
-
-       cookieSize = security_server_get_cookie_size();
-
-       MSG_DEBUG("cookie size : [%d]", cookieSize);
-
-//     char cookie[MAX_COOKIE_LEN];
-
-       // Get GID
-       if (CmdType == MSG_CMD_REG_INCOMING_SYNCML_MSG_CB)
-       {
-               MSG_DEBUG("get GID for message_sync");
-               gid = security_server_get_gid("message_sync");
-       }
-       else if (CmdType == MSG_CMD_REG_INCOMING_LBS_MSG_CB)
-       {
-               MSG_DEBUG("get GID for message_lbs");
-               gid = security_server_get_gid("message_lbs");
-       }
-       else
-       {
-               MSG_DEBUG("get GID for message");
-               gid = security_server_get_gid("message");
-       }
-
-       MSG_DEBUG("gid [%d]", gid);
-
-       int retVal = 0;
 
-       retVal = security_server_check_privilege(pCookie, gid);
-
-       if (retVal < 0)
-       {
-               if (retVal == SECURITY_SERVER_API_ERROR_ACCESS_DENIED)
-               {
-                       MSG_DEBUG("access denied !! [%d]", retVal);
-               }
-               else
-               {
-                       MSG_DEBUG("fail to check privilege [%d]", retVal);
-               }
-
-               return false;
-       }
-
-       MSG_DEBUG("privilege check success !!");
-
-       return true;
-}
-#endif
 
 void MsgTransactionManager::setSentStatusCB(int listenerFd)
 {
@@ -1332,6 +1305,51 @@ void MsgTransactionManager::getTMStatus()
        MSG_END();
 }
 
+bool MsgTransactionManager::initCynara()
+{
+       int ret;
+
+       ret = cynara_initialize(&p_cynara, NULL);
+
+       if (ret == CYNARA_API_SUCCESS) {
+               MSG_INFO("cynara_initialize() is successful");
+       } else {
+               MSG_INFO("cynara_initialize() is failed [%d]", ret);
+               return false;
+       }
+
+       ret = cynara_creds_get_default_client_method(&client_method);
+       if (ret != CYNARA_API_SUCCESS) {
+               MSG_ERR("cynara_creds_get_default_client_method() is failed [%d]", ret);
+               return false;
+       }
+
+       ret = cynara_creds_get_default_user_method(&user_method);
+       if (ret != CYNARA_API_SUCCESS) {
+               MSG_ERR("cynara_creds_get_default_user_method() is failed [%d]", ret);
+               return false;
+       }
+
+       return true;
+}
+
+
+void MsgTransactionManager::finishCynara()
+{
+       int ret;
+
+       ret = cynara_finish(p_cynara);
+
+       if (ret == CYNARA_API_SUCCESS) {
+               MSG_INFO("cynara_finish() is successful");
+       } else {
+               MSG_INFO("cynara_finish() is failed [%d]",ret);
+       }
+
+       p_cynara = NULL;
+}
+
+
 #ifdef MSG_PENDING_PUSH_MESSAGE
 void MsgTransactionManager::sendPendingPushMsg(void)
 {

diff --git a/include/framework/MsgTransManager.h b/include/framework/MsgTransManager.h
index f9eeb94..81a32af 100755 (executable)
--- a/include/framework/MsgTransManager.h
+++ b/include/framework/MsgTransManager.h
@@ -31,7 +31,10 @@
 #include "MsgInternalTypes.h"
 #include "MsgTransportTypes.h"
 
-
+#include <cynara-client.h>
+#include <cynara-creds-socket.h>
+#include <cynara-session.h>
+#include <cynara-creds-commons.h>
 
 
 /*==================================================================================================
@@ -99,6 +102,9 @@ public:
        void setTMStatus();
        void getTMStatus();
 
+       bool initCynara();
+       void finishCynara();
+
 private:
        MsgTransactionManager();
        ~MsgTransactionManager();
@@ -135,6 +141,10 @@ private:
        Mutex mx;
        CndVar cv;
        MsgSimpleQ<MSG_CMD_S*> eventQueue;
+
+       cynara *p_cynara;
+       enum cynara_client_creds client_method;
+       enum cynara_user_creds user_method;
 };
 
 #endif //MSG_TRANSACTION_MANAGER_H

diff --git a/msg-service.rule b/msg-service.rule
index 00626ca..69a6c9c 100755 (executable)
--- a/msg-service.rule
+++ b/msg-service.rule
@@ -22,7 +22,6 @@ msg-service data-provider-master::notification.client -w---- ------
 msg-service data-provider-master::badge rw---- ------
 msg-service data-provider-master::badge.client -w---- ------
 msg-service oma-dm-agent::vconf_external r----- ------
-msg-service secure-storage rw---- ------
 msg-service deviced::display rw---- ------
 msg-service net-config rw---- ------
 msg-service connman rw---- ------
@@ -31,9 +30,6 @@ msg-service connman::set rw---- ------
 msg-service connman::profile rw---- ------
 msg-service aul::launch --x--- ------
 msg-service alarm-server::alarm rw---- ------
-msg-service security-server::api-get-gid -w---- ------
-msg-service security-server::api-cookie-check -w---- ------
-msg-service security-server::api-privilege-by-pid -w---- ------
 msg-service device::app_logging -w---- ------
 msg-service device::sys_logging -w---- ------
 msg-service system::share -wx--- ------

diff --git a/packaging/msg-service.spec b/packaging/msg-service.spec
index a304d19..0eb2a36 100755 (executable)
--- a/packaging/msg-service.spec
+++ b/packaging/msg-service.spec
@@ -27,6 +27,10 @@ BuildRequires: pkgconfig(capi-network-connection)
 BuildRequires: pkgconfig(capi-system-info)
 #BuildRequires: pkgconfig(capi-telephony)
 BuildRequires: pkgconfig(contacts-service2)
+BuildRequires: pkgconfig(cynara-client)
+BuildRequires: pkgconfig(cynara-creds-commons)
+BuildRequires: pkgconfig(cynara-creds-socket)
+BuildRequires: pkgconfig(cynara-session)
 BuildRequires: pkgconfig(db-util)
 BuildRequires: pkgconfig(dbus-glib-1)
 BuildRequires: pkgconfig(deviced)
@@ -50,8 +54,6 @@ BuildRequires: pkgconfig(mmutil-imgp)
 BuildRequires: pkgconfig(mmutil-jpeg)
 BuildRequires: pkgconfig(notification)
 BuildRequires: pkgconfig(privacy-manager-client)
-BuildRequires: pkgconfig(secure-storage)
-BuildRequires: pkgconfig(security-server)
 BuildRequires: pkgconfig(sensor)
 BuildRequires: pkgconfig(storage)
 BuildRequires: pkgconfig(tapi)

diff --git a/proxy/CMakeLists.txt b/proxy/CMakeLists.txt
index f54e982..7fbd079 100755 (executable)
--- a/proxy/CMakeLists.txt
+++ b/proxy/CMakeLists.txt
@@ -31,7 +31,7 @@ INCLUDE_DIRECTORIES(
 )
 
 INCLUDE(FindPkgConfig)
-pkg_check_modules(trans_proxy_pkgs REQUIRED glib-2.0 dlog vconf security-server db-util)
+pkg_check_modules(trans_proxy_pkgs REQUIRED glib-2.0 dlog vconf db-util)
 
 FOREACH(flag ${trans_proxy_pkgs_CFLAGS})
        SET(EXTRA_CFLAGS "${EXTRA_CFLAGS} ${flag}")

diff --git a/proxy/MsgHandleControl.cpp b/proxy/MsgHandleControl.cpp
index 7c8f5c3..423e017 100755 (executable)
--- a/proxy/MsgHandleControl.cpp
+++ b/proxy/MsgHandleControl.cpp
@@ -17,8 +17,6 @@
 #include <errno.h>
 #include <stdlib.h>
 
-#include <security-server.h>
-
 #include "MsgDebug.h"
 #include "MsgCppTypes.h"
 #include "MsgException.h"
@@ -47,9 +45,6 @@ MsgHandle::~MsgHandle()
 
 void MsgHandle::openHandle()
 {
-//     int ret = 0;
-//     size_t cookieSize;
-
        bool bReady = false;
 
        // server is currently booting and service is not available until the end of booting
@@ -61,22 +56,8 @@ void MsgHandle::openHandle()
                MSG_INFO("Msg Server is ready !!!!!");
        }
 
-       // Get Cookie Size
-//     cookieSize = security_server_get_cookie_size();
-
-//     MSG_DEBUG("cookie size : [%d]", cookieSize);
-
-       // Request Cookie
-//     ret = security_server_request_cookie(mCookie, cookieSize);
-
-//     if (ret < 0) {
-//             MSG_DEBUG("security_server_request_cookie() error!! [%d]", ret);
-//             return;
-//     }
-
        // Open Socket IPC
        connectSocket();
-//     getDbHandle(); /* register db handler */
 }