SET(PREFIX ${CMAKE_INSTALL_PREFIX})
SET(VERSION 0.0.1)
-SET(dependents "dlog glib-2.0 gio-2.0 gio-unix-2.0 libsystemd-daemon iniparser libudev")
+SET(dependents "dlog glib-2.0 gio-2.0 gio-unix-2.0 libsystemd-daemon iniparser libudev cynara-creds-gdbus cynara-client cynara-session")
FIND_PROGRAM(GDBUS_CODEGEN NAMES gdbus-codegen)
EXEC_PROGRAM(${GDBUS_CODEGEN} ARGS
src/daemon/peripheral_bus_spi.c
src/daemon/peripheral_bus_board.c
src/daemon/peripheral_io_gdbus.c
+ src/daemon/privilege_checker.c
src/interface/gpio.c
src/interface/i2c.c
src/interface/pwm.c
BuildRequires: pkgconfig(capi-system-peripheral-io)
BuildRequires: pkgconfig(iniparser)
BuildRequires: pkgconfig(libudev)
+BuildRequires: pkgconfig(cynara-creds-gdbus)
+BuildRequires: pkgconfig(cynara-client)
+BuildRequires: pkgconfig(cynara-session)
Requires(post): /sbin/ldconfig
Requires(postun): /sbin/ldconfig
#include "peripheral_io_gdbus.h"
#include "peripheral_bus_board.h"
+#define PERIPHERAL_PRIVILEGE "http://tizen.org/privilege/peripheralio"
+
typedef enum {
PERIPHERAL_BUS_TYPE_GPIO = 0,
PERIPHERAL_BUS_TYPE_I2C,
--- /dev/null
+/*
+ * Copyright (c) 2016-2017 Samsung Electronics Co., Ltd.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef __PRIVILEGE_CHECKER_H__
+#define __PRIVILEGE_CHECKER_H__
+
+#include <stdbool.h>
+
+void peripheral_privilege_init(void);
+void peripheral_privilege_deinit(void);
+bool peripheral_privilege_check(const char* client, const char* session, const char* user, const char* privilege);
+
+#endif /* __PRIVILEGE_CHECKER_H__ */
#include "peripheral_bus_gdbus_spi.h"
#include "peripheral_bus_gdbus_uart.h"
+#include "privilege_checker.h"
+
static gboolean __gpio_init(peripheral_bus_s *pb_data)
{
GDBusObjectManagerServer *manager;
peripheral_bus_s *pb_data = (peripheral_bus_s*)user_data;
pb_data->connection = connection;
+
if (__gpio_init(pb_data) == FALSE)
_E("Can not signal connect");
g_idle_add(peripheral_bus_notify, NULL);
+ peripheral_privilege_init();
+
_D("Enter main loop!");
g_main_loop_run(loop);
+ peripheral_privilege_deinit();
+
if (pb_data) {
peripheral_bus_board_deinit(pb_data->board);
free(pb_data);
if ((ret = peripheral_bus_gpio_open(pin, &gpio_handle, user_data)) < PERIPHERAL_ERROR_NONE)
goto out;
- if (peripheral_bus_get_client_info(invocation, pb_data, &gpio_handle->client_info) < 0) {
+ if ((ret = peripheral_bus_get_client_info(invocation, pb_data, &gpio_handle->client_info)) < 0) {
peripheral_bus_gpio_close(gpio_handle);
- ret = PERIPHERAL_ERROR_UNKNOWN;
gpio_handle = NULL;
goto out;
}
#include <string.h>
#include <gio/gio.h>
+#include <cynara-creds-gdbus.h>
+#include <cynara-client.h>
+#include <cynara-session.h>
+
#include "peripheral_bus.h"
#include "peripheral_common.h"
+#include "privilege_checker.h"
+
GVariant *peripheral_bus_build_variant_ay(uint8_t *data, int length)
{
GVariantBuilder *builder;
return 0;
}
+static int peripheral_bus_check_privilege(
+ GDBusMethodInvocation *invocation,
+ peripheral_bus_s *pb_data)
+{
+ int pid;
+ const char *sender;
+ char *session;
+ char *client;
+ char *user;
+
+ sender = g_dbus_method_invocation_get_sender(invocation);
+
+ cynara_creds_gdbus_get_pid(pb_data->connection, sender, &pid);
+ session = cynara_session_from_pid(pid);
+
+ cynara_creds_gdbus_get_client(pb_data->connection, sender, CLIENT_METHOD_DEFAULT, &client);
+ cynara_creds_gdbus_get_user(pb_data->connection, sender, USER_METHOD_DEFAULT, &user);
+
+ if (!session || !client || !user) {
+ _E("Failed to get client info");
+ return -1;
+ }
+
+ if (!peripheral_privilege_check(client, session, user, PERIPHERAL_PRIVILEGE)) {
+ g_free(session);
+ g_free(client);
+ g_free(user);
+ return -EACCES;
+ }
+
+ g_free(session);
+ g_free(client);
+ g_free(user);
+
+ return 0;
+}
+
int peripheral_bus_get_client_info(
GDBusMethodInvocation *invocation,
peripheral_bus_s *pb_data,
GError *error = NULL;
GVariant *_ret;
const gchar *id;
+ int err;
id = g_dbus_method_invocation_get_sender(invocation);
if (id == NULL) {
g_variant_get(_ret, "(u)", &pid);
g_variant_unref(_ret);
+ if ((err = peripheral_bus_check_privilege(invocation, pb_data)) < 0) {
+ _E("Permission denied(%d)", pid);
+ return err;
+ }
+
client_info->pid = (pid_t)pid;
client_info->pgid = getpgid(pid);
client_info->id = strdup(id);
--- /dev/null
+/*
+ * Copyright (c) 2017 Samsung Electronics Co., Ltd.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <sys/types.h>
+#include <unistd.h>
+#include <glib.h>
+#include <stdio.h>
+#include <stdlib.h>
+
+#include <peripheral_io.h>
+
+#include <cynara-creds-gdbus.h>
+#include <cynara-client.h>
+#include <cynara-session.h>
+
+#include "peripheral_bus.h"
+#include "peripheral_common.h"
+
+#define CACHE_SIZE 100
+
+static cynara *__cynara;
+
+void peripheral_privilege_init(void)
+{
+ int err;
+ cynara_configuration* conf = NULL;
+
+ err = cynara_configuration_create(&conf);
+ RETM_IF(err != CYNARA_API_SUCCESS, "Failed to create cynara configuration");
+
+ err = cynara_configuration_set_cache_size(conf, CACHE_SIZE);
+ if (err != CYNARA_API_SUCCESS) {
+ _E("Failed to set cynara cache size");
+ cynara_configuration_destroy(conf);
+ return;
+ }
+
+ err = cynara_initialize(&__cynara, conf);
+ cynara_configuration_destroy(conf);
+ if (err != CYNARA_API_SUCCESS) {
+ _E("Failed to initialize cynara");
+ __cynara = NULL;
+ return;
+ }
+
+ _D("Cynara initialized");
+}
+
+void peripheral_privilege_deinit(void)
+{
+ if (__cynara)
+ cynara_finish(__cynara);
+
+ _D("Cynara deinitialized");
+}
+
+bool peripheral_privilege_check(const char* client, const char* session, const char* user, const char* privilege)
+{
+ RETVM_IF(!privilege, true, "Invalid parameter");
+ RETVM_IF(!__cynara, false, "Cynara does not initialized");
+
+ int ret = cynara_check(__cynara, client, session, user, privilege);
+ return (ret == CYNARA_API_ACCESS_ALLOWED);
+}