As Cynara does not support client side privilege checking, three new DBus methods for checking app launch, call, notification privileges are added.
Change-Id: I2f065e70e48a213e60be3b74f65fec17f2bdc9b3
Signed-off-by: Mu-Woong Lee <muwoong.lee@samsung.com>
<busconfig>
<policy smack="System">
<allow own="org.tizen.context"/>
- <allow send_destination="org.tizen.context"/>
- <allow send_interface="org.tizen.context"/>
- </policy>
- <policy at_console="true">
- <allow send_destination="org.tizen.context"/>
+ <allow send_destination="org.tizen.context" send_interface="org.tizen.context" send_member="Request"/>
+ <allow send_interface="org.tizen.context" send_member="Respond"/>
</policy>
<policy smack="User">
- <allow send_destination="org.tizen.context"/>
+ <allow own="org.tizen.context"/>
+ <allow send_destination="org.tizen.context" send_interface="org.tizen.context" send_member="Request"/>
+ <allow send_interface="org.tizen.context" send_member="Respond"/>
</policy>
<policy context="default">
- <deny send_destination="org.tizen.context"/>
+ <check send_destination="org.tizen.context" send_interface="org.tizen.context"
+ send_member="ChkPrivAppLaunch" privilege="http://tizen.org/privilege/appmanager.launch"/>
+ <check send_destination="org.tizen.context" send_interface="org.tizen.context"
+ send_member="ChkPrivCall" privilege="http://tizen.org/privilege/call"/>
+ <check send_destination="org.tizen.context" send_interface="org.tizen.context"
+ send_member="ChkPrivNotification" privilege="http://tizen.org/privilege/notification"/>
</policy>
</busconfig>
" <arg type='s' name='" ARG_RESULT_ADD "' direction='out'/>"
" <arg type='s' name='" ARG_OUTPUT "' direction='out'/>"
" </method>"
+ " <method name='" METHOD_CHK_PRIV_APPLAUNCH "'>"
+ " <arg type='i' name='" ARG_RESULT_ERR "' direction='out'/>"
+ " </method>"
+ " <method name='" METHOD_CHK_PRIV_CALL "'>"
+ " <arg type='i' name='" ARG_RESULT_ERR "' direction='out'/>"
+ " </method>"
+ " <method name='" METHOD_CHK_PRIV_NOTIFICATION "'>"
+ " <arg type='i' name='" ARG_RESULT_ERR "' direction='out'/>"
+ " </method>"
" </interface>"
"</node>";
Server::sendRequest(request);
}
-void DBusServer::__onRequestReceived(GDBusConnection *conn, const gchar *sender,
+void DBusServer::__reply(GDBusMethodInvocation *invocation, int error)
+{
+ g_dbus_method_invocation_return_value(invocation, g_variant_new("(i)", error));
+}
+
+void DBusServer::__onMethodCalled(GDBusConnection *conn, const gchar *sender,
const gchar *path, const gchar *iface, const gchar *name,
GVariant *param, GDBusMethodInvocation *invocation, gpointer userData)
{
if (STR_EQ(name, METHOD_REQUEST)) {
__theInstance->__processRequest(sender, param, invocation);
} else {
- _W("Invalid method: %s", name);
+ __theInstance->__reply(invocation, ERR_NONE);
}
}
void DBusServer::__onBusAcquired(GDBusConnection *conn, const gchar *name, gpointer userData)
{
GDBusInterfaceVTable vtable;
- vtable.method_call = __onRequestReceived;
+ vtable.method_call = __onMethodCalled;
vtable.get_property = NULL;
vtable.set_property = NULL;
private:
DBusServer();
- static void __onRequestReceived(GDBusConnection *conn, const gchar *sender,
+ static void __onMethodCalled(GDBusConnection *conn, const gchar *sender,
const gchar *path, const gchar *iface, const gchar *name,
GVariant *param, GDBusMethodInvocation *invocation, gpointer user_data);
static void __onBusAcquired(GDBusConnection *conn, const gchar *name, gpointer userData);
void __call(const char *dest, const char *obj, const char *iface, const char *method, GVariant *param);
void __processRequest(const char *sender, GVariant *param, GDBusMethodInvocation *invocation);
+ void __reply(GDBusMethodInvocation *invocation, int error);
static DBusServer *__theInstance;