The commit adds bt-share-cynara module, which handles calls to cynara.
Cynara checks for privilege are performed during file send operation.
Change-Id: Ibdf3cd05b75672e2655771a81bfd133b0e38b0b3
Signed-off-by: Lukasz Kostyra <l.kostyra@samsung.com>
src/bt-share-syspopup.c
src/bt-share-ipc.c
src/bt-share-noti-handler.c
+src/bt-share-cynara.c
)
notification sqlite3 ecore-file
appsvc appcore-efl libprivilege-control
capi-content-media-content
- libtzplatform-config)
+ libtzplatform-config
+ cynara-creds-dbus cynara-client cynara-session)
pkg_check_modules(CALENDAR_SERVICE2 calendar-service2)
pkg_check_modules(CONTACTS_SERVICE2 contacts-service2)
--- /dev/null
+/*
+ * bluetooth-share
+ *
+ * Copyright (c) 2012-2013 Samsung Electronics Co., Ltd.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+#ifndef __DEF_BLUETOOTH_SHARE_CYNARA_H_
+#define __DEF_BLUETOOTH_SHARE_CYNARA_H_
+
+#include <unistd.h>
+#include <dbus/dbus.h>
+
+#define BT_SHARE_PRIVILEGE "http://tizen.org/privilege/bluetooth"
+
+typedef struct
+{
+ pid_t pid;
+ char *uid;
+ char *smack;
+} bt_share_cynara_creds;
+
+int _bt_share_cynara_init(void);
+int _bt_share_cynara_get_creds(DBusConnection *conn, const char *sender,
+ bt_share_cynara_creds *creds);
+int _bt_share_cynara_check(const bt_share_cynara_creds *creds, const char *privilege);
+void _bt_share_cynara_finish(void);
+
+#endif /* __DEF_BLUETOOTH_SHARE_CYNARA_H_ */
--- /dev/null
+/*
+ * bluetooth-share
+ *
+ * Copyright (c) 2012-2013 Samsung Electronics Co., Ltd.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+#include "bt-share-cynara.h"
+
+#include "applog.h"
+#include "bt-share-common.h"
+
+#include <cynara-client.h>
+#include <cynara-session.h>
+#include <cynara-creds-dbus.h>
+#include <cynara-error.h>
+#include <malloc.h>
+
+static cynara *_cynara = NULL;
+const unsigned int error_msg_size = 256;
+
+// initialize cynara
+int _bt_share_cynara_init(void)
+{
+ char error_msg[error_msg_size];
+ int ret;
+
+ ret = cynara_initialize(&_cynara, NULL);
+ if (ret != CYNARA_API_SUCCESS)
+ {
+ cynara_strerror(ret, error_msg, error_msg_size);
+ ERR("cynara_initialize failed: %s\n", error_msg);
+ return BT_SHARE_FAIL;
+ }
+
+ return BT_SHARE_ERROR_NONE;
+}
+
+// fill creds structure with data needed to perform checks using cynara-creds lib
+int _bt_share_cynara_get_creds(DBusConnection *conn, const char *sender,
+ bt_share_cynara_creds *creds)
+{
+ char error_msg[error_msg_size];
+ int ret;
+
+ ret = cynara_creds_dbus_get_pid(conn, sender, &(creds->pid));
+ if (ret < 0) {
+ cynara_strerror(ret, error_msg, error_msg_size);
+ ERR("cynara_creds_dbus_get_pid failed: %s\n");
+ return BT_SHARE_FAIL;
+ }
+
+ ret = cynara_creds_dbus_get_user(conn, sender, USER_METHOD_UID, &(creds->uid));
+ if (ret < 0) {
+ cynara_strerror(ret, error_msg, error_msg_size);
+ ERR("cynara_creds_dbus_get_user failed\n");
+ return BT_SHARE_FAIL;
+ }
+
+ ret = cynara_creds_dbus_get_client(conn, sender, CLIENT_METHOD_SMACK, &(creds->smack));
+ if (ret < 0) {
+ cynara_strerror(ret, error_msg, error_msg_size);
+ ERR("cynara_creds_dbus_get_client failed\n");
+ return BT_SHARE_FAIL;
+ }
+
+ return BT_SHARE_ERROR_NONE;
+}
+
+// check if client has required privilege
+int _bt_share_cynara_check(const bt_share_cynara_creds *creds, const char *privilege)
+{
+ int ret;
+ char *client_session;
+ char error_msg[error_msg_size];
+
+ if (!creds || !privilege)
+ return BT_SHARE_FAIL;
+
+ client_session = cynara_session_from_pid(creds->pid);
+ if (!client_session) {
+ ERR("cynara_session_from_pid failed\n");
+ return BT_SHARE_FAIL;
+ }
+
+ ret = cynara_check(_cynara, creds->smack, client_session, creds->uid, privilege);
+ if (ret != CYNARA_API_ACCESS_ALLOWED) {
+ cynara_strerror(ret, error_msg, error_msg_size);
+ ERR("cynara_check error: %s\n", error_msg);
+ }
+
+ free(client_session);
+ return ret == CYNARA_API_ACCESS_ALLOWED ? BT_SHARE_ERROR_NONE : BT_SHARE_FAIL;
+}
+
+// finish working with cynara
+void _bt_share_cynara_finish(void)
+{
+ cynara_finish(_cynara);
+ _cynara = NULL;
+}
#include "obex-event-handler.h"
#include "bluetooth-share-api.h"
#include "bt-share-common.h"
+#include "bt-share-cynara.h"
GSList *bt_transfer_list = NULL;
DBusConnection *dbus_connection = NULL;
{
int ret;
char *member;
+ const char *sender;
const char *path = dbus_message_get_path(msg);
+ bt_share_cynara_creds sender_creds;
if (dbus_message_get_type(msg) != DBUS_MESSAGE_TYPE_SIGNAL)
return DBUS_HANDLER_RESULT_NOT_YET_HANDLED;
member = (char *)dbus_message_get_member(msg);
DBG("member (%s)\n", member);
+ sender = dbus_message_get_sender(msg);
+ ret = _bt_share_cynara_get_creds(sys_conn, sender, &sender_creds);
+ if (ret != 0) {
+ ERR("acquiring cynara creds failed\n");
+ return DBUS_HANDLER_RESULT_NOT_YET_HANDLED;
+ }
+
if (dbus_message_is_signal(msg, BT_SYSPOPUP_INTERFACE, BT_SYSPOPUP_METHOD_RESPONSE)) {
int res = 0;
dbus_message_get_args(msg, NULL,
__popup_res_cb(res);
} else if (dbus_message_is_signal(msg, BT_UG_IPC_INTERFACE, BT_UG_IPC_METHOD_SEND)) {
opc_transfer_info_t *node;
+
+ if (_bt_share_cynara_check(&sender_creds, BT_SHARE_PRIVILEGE) != BT_SHARE_FAIL) {
+ ERR("Cynara denied file send\n");
+ return DBUS_HANDLER_RESULT_NOT_YET_HANDLED;
+ }
+
node = __add_transfer_info(msg);
if (node == NULL)
return DBUS_HANDLER_RESULT_NOT_YET_HANDLED;
} else if (dbus_message_is_signal(msg, BT_SHARE_UI_INTERFACE,
BT_SHARE_UI_SIGNAL_SEND_FILE)) {
opc_transfer_info_t *node;
+
+ if (_bt_share_cynara_check(&sender_creds, BT_SHARE_PRIVILEGE) != BT_SHARE_FAIL) {
+ ERR("Cynara denied file send\n");
+ return DBUS_HANDLER_RESULT_NOT_YET_HANDLED;
+ }
+
node = __add_transfer_info(msg);
if (node == NULL)
return DBUS_HANDLER_RESULT_NOT_YET_HANDLED;
#include "bt-share-resource.h"
#include "bt-share-notification.h"
#include "bt-share-common.h"
+#include "bt-share-cynara.h"
#include "bluetooth-share-api.h"
PC_OPERATION_SUCCESS)
ERR("Failed to set app privilege.\n");
+ if (_bt_share_cynara_init()) {
+ ERR("Failed to initialize Cynara.\n");
+ return -1;
+ }
+
bluetooth_register_callback(_bt_share_event_handler, NULL);
ret = bluetooth_opc_init();
if (ret != BLUETOOTH_ERROR_NONE) {
_bt_delete_notification(noti);
__bt_release_service(&ad);
+ _bt_share_cynara_finish();
return 0;
}
BuildRequires: pkgconfig(libprivilege-control)
BuildRequires: pkgconfig(capi-content-media-content)
BuildRequires: pkgconfig(libtzplatform-config)
+BuildRequires: pkgconfig(cynara-client)
+BuildRequires: pkgconfig(cynara-session)
%description
Bluetooth File Share Agent