#include "pepper-internal.h"
#include <tizen-extension-server-protocol.h>
#include <pepper-xkb.h>
-#ifdef HAVE_CYNARA
-#include <cynara-session.h>
-#include <cynara-client.h>
-#include <cynara-creds-socket.h>
-#include <sys/smack.h>
-#include <stdio.h>
-#include <stdarg.h>
-#endif
+#include <pepper-utils.h>
#define MIN(a,b) ((a)<(b)?(a):(b))
devicemgr_t *devicemgr;
int ref;
-#ifdef HAVE_CYNARA
- cynara *p_cynara;
-#endif
+ pepper_bool_t pepper_security_init_done;
};
struct pepper_devicemgr_resource {
static void _pepper_devicemgr_ungrab_keyboard(pepper_devicemgr_t *pepper_devicemgr);
-#ifdef HAVE_CYNARA
-static void
-_pepper_devicemgr_util_cynara_log(int err, const char *fmt, ...)
-{
-#define CYNARA_BUFSIZE 128
- char buf[CYNARA_BUFSIZE] = "\0", tmp[CYNARA_BUFSIZE + CYNARA_BUFSIZE] = "\0";
- va_list args;
- int ret;
-
- if (fmt) {
- va_start(args, fmt);
- vsnprintf(tmp, CYNARA_BUFSIZE + CYNARA_BUFSIZE, fmt, args);
- va_end(args);
- }
-
- ret = cynara_strerror(err, buf, CYNARA_BUFSIZE);
- if (ret != CYNARA_API_SUCCESS) {
- PEPPER_ERROR("Failed to cynara_strerror: %d (error log about %s: %d)\n", ret, tmp, err);
- return;
- }
-
- PEPPER_ERROR("%s is failed: %s\n", tmp, buf);
-}
-#endif
-
-static pepper_bool_t
-_pepper_devicemgr_util_cynara_init(pepper_devicemgr_t *pepper_devicemgr)
-{
-#ifdef HAVE_CYNARA
- int ret;
- if (pepper_devicemgr->p_cynara) return PEPPER_TRUE;
-
- ret = cynara_initialize(&pepper_devicemgr->p_cynara, NULL);
- if (CYNARA_API_SUCCESS != ret) {
- _pepper_devicemgr_util_cynara_log(ret, "cynara_initialize");
- return PEPPER_FALSE;
- }
-#endif
- return PEPPER_TRUE;
-}
-
-static void
-_pepper_devicemgr_util_cynara_deinit(pepper_devicemgr_t *pepper_devicemgr)
-{
-#ifdef HAVE_CYNARA
- if (pepper_devicemgr->p_cynara) cynara_finish(pepper_devicemgr->p_cynara);
-#else
- ;
-#endif
-}
-
static pepper_bool_t
_pepper_devicemgr_util_do_privilege_check(pepper_devicemgr_t *pepper_devicemgr, struct wl_client *client, const char *rule)
{
- pepper_bool_t res = PEPPER_TRUE;
-#ifdef HAVE_CYNARA
- int ret, retry_cnt = 0, len = 0;
- char *clientSmack = NULL, *client_session = NULL, uid2[16]={0, };
- static pepper_bool_t retried = PEPPER_FALSE;
pid_t pid = 0;
uid_t uid = 0;
gid_t gid = 0;
- res = PEPPER_FALSE;
-
- /* Top position grab is always allowed. This mode do not need privilege.*/
if (!client) return PEPPER_FALSE;
- /* If initialize cynara is failed, allow keygrabs regardless of the previlege permition. */
- if (pepper_devicemgr->p_cynara == NULL) {
- if (retried == PEPPER_FALSE) {
- retried = PEPPER_TRUE;
- for(retry_cnt = 0; retry_cnt < 5; retry_cnt++) {
- PEPPER_TRACE("Retry cynara initialize: %d\n", retry_cnt + 1);
-
- ret = cynara_initialize(&pepper_devicemgr->p_cynara, NULL);
- if (CYNARA_API_SUCCESS != ret) {
- _pepper_devicemgr_util_cynara_log(ret, "cynara_initialize retry..");
- pepper_devicemgr->p_cynara = NULL;
- } else {
- PEPPER_TRACE("Success cynara initialize to try %d times\n", retry_cnt + 1);
- break;
- }
- }
- }
- if (!pepper_devicemgr->p_cynara) return PEPPER_TRUE;
- }
-
wl_client_get_credentials(client, &pid, &uid, &gid);
- len = smack_new_label_from_process((int)pid, &clientSmack);
- if (len <= 0) goto finish;
-
- snprintf(uid2, 15, "%d", (int)uid);
- client_session = cynara_session_from_pid(pid);
-
- ret = cynara_check(pepper_devicemgr->p_cynara, clientSmack, client_session, uid2, rule);
- if (CYNARA_API_ACCESS_ALLOWED == ret) {
- res = PEPPER_TRUE;
- PEPPER_TRACE("Success to check cynara, clientSmack: %s client_session: %s, uid2: %s\n", clientSmack, client_session, uid2);
- } else {
- _pepper_devicemgr_util_cynara_log(ret, "rule: %s, clientsmack: %s, pid: %d", rule, clientSmack, pid);
- }
-
-finish:
- if (client_session) free(client_session);
- if (clientSmack) free(clientSmack);
-#endif
- return res;
+ return pepper_security_privilege_check(pid, uid, rule);
}
static void
pepper_devicemgr->devicemgr = devicemgr_create(compositor, seat);
PEPPER_CHECK(pepper_devicemgr->devicemgr, goto failed, "Failed to create devicemgr\n");
- ret = _pepper_devicemgr_util_cynara_init(pepper_devicemgr);
- if (!ret) PEPPER_TRACE("cynara initialize is failed. process devicemgr without cynara\n");
+ pepper_devicemgr->pepper_security_init_done = ret = pepper_security_init();
+ if (!ret) PEPPER_TRACE("pepper_security_init() is failed. Devicemgr will work without pepper_security.\n");
return pepper_devicemgr;
PEPPER_CHECK(pepper_devicemgr, return, "Pepper devicemgr is not initialized\n");
- _pepper_devicemgr_util_cynara_deinit(pepper_devicemgr);
+ if (pepper_devicemgr->pepper_security_init_done)
+ pepper_security_deinit();
+ pepper_devicemgr->pepper_security_init_done = PEPPER_FALSE;
pepper_list_for_each_safe(rdata, rtmp, &pepper_devicemgr->resources, link) {
wl_resource_destroy(rdata->resource);