- remove passing cookie by parameter.
- use security_server_check_privilege_by_pid
Change-Id: I12f6534efdfdea6791345de32091d45b052ce9d5
# pkg config
INCLUDE(FindPkgConfig)
-SET(PKG_MODULE glib-2.0 security-server dlog)
+SET(PKG_MODULE glib-2.0 dlog)
IF(NOT DEFINED USE_GDBUS)
SET(PKG_MODULE ${PKG_MODULE} dbus-glib-1)
ENDIF()
if (smartcard_service_channel_call_close_channel_sync(
(SmartcardServiceChannel *)proxy,
- ClientGDBus::getCookie(),
GPOINTER_TO_UINT(context),
GPOINTER_TO_UINT(handle),
&ret, NULL, &error) == true) {
smartcard_service_channel_call_close_channel(
(SmartcardServiceChannel *)proxy,
- ClientGDBus::getCookie(),
GPOINTER_TO_UINT(context),
GPOINTER_TO_UINT(handle), NULL,
&ClientChannel::channel_close_cb, param);
if (smartcard_service_channel_call_transmit_sync(
(SmartcardServiceChannel *)proxy,
- ClientGDBus::getCookie(),
GPOINTER_TO_UINT(context),
GPOINTER_TO_UINT(handle),
var_command, &rv, &var_response,
smartcard_service_channel_call_transmit(
(SmartcardServiceChannel *)proxy,
- ClientGDBus::getCookie(),
GPOINTER_TO_UINT(context),
GPOINTER_TO_UINT(handle),
var_command, NULL,
#include <glib.h>
/* SLP library header */
-#ifdef USER_SPACE_SMACK
-#include "security-server.h"
-#endif
/* local header */
#include "smartcard-types.h"
namespace smartcard_service_api
{
- ByteArray ClientGDBus::cookie = ByteArray::EMPTY;
-
- GVariant *ClientGDBus::getCookie()
- {
- GVariant *result;
-#ifdef USER_SPACE_SMACK
- if (cookie.isEmpty()) {
- uint8_t *buffer;
- int len;
-
- len = security_server_get_cookie_size();
- if (len > 0) {
- buffer = new uint8_t[len];
- if (buffer != NULL) {
- if (security_server_request_cookie(
- (char *)buffer, len) == 0) {
- cookie.assign(buffer, len);
- } else {
- _ERR("security_server_request_cookie failed");
- }
-
- delete[] buffer;
- } else {
- _ERR("alloc failed");
- }
- } else {
- _ERR("security_server_get_cookie_size failed");
- }
- }
-#endif
- result = GDBusHelper::convertByteArrayToVariant(cookie);
-
- return result;
- }
} /* namespace smartcard_service_api */
#endif
#include "Session.h"
#ifdef USE_GDBUS
#include "ClientGDBus.h"
-#include "smartcard-service-gdbus.h"
#else
#include "Message.h"
#include "ClientIPC.h"
if (smartcard_service_reader_call_open_session_sync(
(SmartcardServiceReader *)proxy,
- ClientGDBus::getCookie(),
GPOINTER_TO_UINT(context),
GPOINTER_TO_UINT(handle),
&result, &session_id, NULL, &error) == true) {
smartcard_service_reader_call_open_session(
(SmartcardServiceReader *)proxy,
- ClientGDBus::getCookie(),
GPOINTER_TO_UINT(context),
GPOINTER_TO_UINT(handle),
NULL, &Reader::reader_open_session_cb, param);
#ifdef USE_GDBUS
smartcard_service_se_service_call_shutdown(
(SmartcardServiceSeService *)proxy,
- ClientGDBus::getCookie(),
handle,
NULL,
&SEService::se_service_shutdown_cb,
if (smartcard_service_se_service_call_shutdown_sync(
(SmartcardServiceSeService *)proxy,
- ClientGDBus::getCookie(),
handle,
&result,
NULL,
/* request reader */
smartcard_service_se_service_call_se_service(
(SmartcardServiceSeService *)proxy,
- ClientGDBus::getCookie(),
NULL,
&SEService::se_service_cb,
this);
if (smartcard_service_session_call_get_atr_sync(
(SmartcardServiceSession *)proxy,
- ClientGDBus::getCookie(),
GPOINTER_TO_UINT(context),
GPOINTER_TO_UINT(handle),
&ret, &var_atr, NULL, &error) == true) {
smartcard_service_session_call_get_atr(
(SmartcardServiceSession *)proxy,
- ClientGDBus::getCookie(),
GPOINTER_TO_UINT(context),
GPOINTER_TO_UINT(handle), NULL,
&Session::session_get_atr_cb, param);
if (smartcard_service_session_call_close_session_sync(
(SmartcardServiceSession *)proxy,
- ClientGDBus::getCookie(),
GPOINTER_TO_UINT(context),
GPOINTER_TO_UINT(handle),
&ret, NULL, &error) == true) {
smartcard_service_session_call_close_session(
(SmartcardServiceSession *)proxy,
- ClientGDBus::getCookie(),
GPOINTER_TO_UINT(context),
GPOINTER_TO_UINT(handle), NULL,
&Session::session_close_cb, param);
if (smartcard_service_session_call_open_channel_sync(
(SmartcardServiceSession *)proxy,
- ClientGDBus::getCookie(),
GPOINTER_TO_UINT(context),
GPOINTER_TO_UINT(handle),
(guint)id, var_aid, &ret, &channel_id,
smartcard_service_session_call_open_channel(
(SmartcardServiceSession *)proxy,
- ClientGDBus::getCookie(),
GPOINTER_TO_UINT(context),
GPOINTER_TO_UINT(handle),
(guint)id, var_aid, NULL,
{
class ClientGDBus
{
- public :
- static GVariant *getCookie();
-
- private :
- static ByteArray cookie;
};
} /* namespace smartcard_service_api */
#endif
SeService
-->
<method name="SeService">
- <arg type="a(y)" name="privilege" direction="in" />
<arg type="i" name="result" direction="out" />
<arg type="u" name="handle" direction="out" />
<arg type="a(us)" name="readers" direction="out" />
shutdown
-->
<method name="shutdown">
- <arg type="a(y)" name="privilege" direction="in" />
<arg type="u" name="service_id" direction="in" />
<arg type="i" name="result" direction="out" />
</method>
openSession
-->
<method name="openSession">
- <arg type="a(y)" name="privilege" direction="in" />
<arg type="u" name="service_id" direction="in" />
<arg type="u" name="reader_id" direction="in" />
<arg type="i" name="result" direction="out" />
getATR
-->
<method name="getATR">
- <arg type="a(y)" name="privilege" direction="in" />
<arg type="u" name="service_id" direction="in" />
<arg type="u" name="session_id" direction="in" />
<arg type="i" name="result" direction="out" />
openChannel
-->
<method name="openChannel">
- <arg type="a(y)" name="privilege" direction="in" />
<arg type="u" name="service_id" direction="in" />
<arg type="u" name="session_id" direction="in" />
<arg type="u" name="type" direction="in" />
closeSession
-->
<method name="closeSession">
- <arg type="a(y)" name="privilege" direction="in" />
<arg type="u" name="service_id" direction="in" />
<arg type="u" name="session_id" direction="in" />
<arg type="i" name="result" direction="out" />
transmit
-->
<method name="transmit">
- <arg type="a(y)" name="privilege" direction="in" />
<arg type="u" name="service_id" direction="in" />
<arg type="u" name="channel_id" direction="in" />
<arg type="a(y)" name="command" direction="in" />
closeChannel
-->
<method name="closeChannel">
- <arg type="a(y)" name="privilege" direction="in" />
<arg type="u" name="service_id" direction="in" />
<arg type="u" name="channel_id" direction="in" />
<arg type="i" name="result" direction="out" />
#include <sys/socket.h>
/* SLP library header */
+#ifdef USER_SPACE_SMACK
#include "security-server.h"
+#endif
/* local header */
#include "smartcard-types.h"
return pid;
}
- static bool _is_authorized_request(GVariant *privilege,
+ static bool _is_authorized_request(GDBusMethodInvocation *invocation,
const char *rights)
{
bool result = true;
#ifdef USER_SPACE_SMACK
- ByteArray temp;
+ pid_t pid;
+ const char *name;
+ ClientInstance *instance;
- /* apply user space smack */
- GDBusHelper::convertVariantToByteArray(privilege, temp);
+ name = g_dbus_method_invocation_get_sender(invocation);
- result = (security_server_check_privilege_by_cookie(
- (char *)temp.getBuffer(),
+ instance = ServerResource::getInstance().getClient(name);
+ if (instance != NULL) {
+ pid = instance->getPID();
+ } else {
+ pid = ServerGDBus::getInstance().getPID(name);
+ }
+
+ result = (security_server_check_privilege_by_pid(
+ pid,
"smartcard-service",
rights) == SECURITY_SERVER_API_SUCCESS);
#endif
GDBusMethodInvocation *invocation,
void *user_data)
{
- _INFO("[MSG_REQUEST_READERS]");
-
gint result = SCARD_ERROR_OK;
GVariant *readers = NULL;
vector<pair<unsigned int, string> > list;
unsigned int handle = IntegerHandle::INVALID_HANDLE;
const char *name;
+ pid_t pid;
+
+ _INFO("[MSG_REQUEST_READERS]");
ServerResource &resource = ServerResource::getInstance();
name = g_dbus_method_invocation_get_sender(invocation);
- pid_t pid;
-
/* load secure elements */
resource.loadSecureElements();
pid = ServerGDBus::getInstance().getPID(name);
- _INFO("service requested, pid [%d]", pid);
+ _DBG("service requested, pid [%d]", pid);
if (pid > 0) {
ClientInstance *instance;
static gboolean _handle_se_service(SmartcardServiceSeService *object,
GDBusMethodInvocation *invocation,
- GVariant *privilege,
void *user_data)
{
vector<void *> params;
/* apply user space smack */
- if (_is_authorized_request(privilege, "r") == true) {
+ if (_is_authorized_request(invocation, "r") == true) {
g_object_ref(object);
params.push_back((void *)object);
_INFO("[MSG_REQUEST_SHUTDOWN]");
- name = g_dbus_method_invocation_get_sender(invocation);
-
ServerResource &resource = ServerResource::getInstance();
+ name = g_dbus_method_invocation_get_sender(invocation);
+
resource.removeService(name, handle);
/* response to client */
static gboolean _handle_shutdown(SmartcardServiceSeService *object,
GDBusMethodInvocation *invocation,
- GVariant *privilege,
guint handle,
void *user_data)
{
vector<void *> params;
/* apply user space smack */
- if (_is_authorized_request(privilege, "r") == true) {
+ if (_is_authorized_request(invocation, "r") == true) {
g_object_ref(object);
params.push_back((void *)object);
static gboolean _handle_open_session(SmartcardServiceReader *object,
GDBusMethodInvocation *invocation,
- GVariant *privilege,
guint service_id,
guint reader_id, void *user_data)
{
vector<void *> params;
/* apply user space smack */
- if (_is_authorized_request(privilege, "r") == true) {
+ if (_is_authorized_request(invocation, "r") == true) {
g_object_ref(object);
params.push_back((void *)object);
static gboolean _handle_close_session(SmartcardServiceSession *object,
GDBusMethodInvocation *invocation,
- GVariant *privilege,
guint service_id,
guint session_id, void *user_data)
{
vector<void *> params;
/* apply user space smack */
- if (_is_authorized_request(privilege, "r") == true) {
+ if (_is_authorized_request(invocation, "r") == true) {
g_object_ref(object);
params.push_back((void *)object);
ByteArray resp;
GVariant *atr = NULL;
const char *name;
+ ServiceInstance *client = NULL;
_INFO("[MSG_REQUEST_GET_ATR]");
name = g_dbus_method_invocation_get_sender(invocation);
- ServiceInstance *client = NULL;
-
client = resource.getService(name, service_id);
if (client != NULL) {
Terminal *terminal;
static gboolean _handle_get_atr(SmartcardServiceSession *object,
GDBusMethodInvocation *invocation,
- GVariant *privilege,
guint service_id,
guint session_id, void *user_data)
{
vector<void *> params;
/* apply user space smack */
- if (_is_authorized_request(privilege, "r") == true) {
+ if (_is_authorized_request(invocation, "r") == true) {
g_object_ref(object);
params.push_back((void *)object);
static gboolean _handle_open_channel(SmartcardServiceSession *object,
GDBusMethodInvocation *invocation,
- GVariant *privilege,
guint service_id,
guint session_id, guint type, GVariant *aid, void *user_data)
{
vector<void *> params;
/* apply user space smack */
- if (_is_authorized_request(privilege, "rw") == true) {
+ if (_is_authorized_request(invocation, "rw") == true) {
g_object_ref(object);
params.push_back((void *)object);
static gboolean _handle_close_channel(SmartcardServiceChannel *object,
GDBusMethodInvocation *invocation,
- GVariant *privilege,
guint service_id, guint channel_id, void *user_data)
{
vector<void *> params;
/* apply user space smack */
- if (_is_authorized_request(privilege, "r") == true) {
+ if (_is_authorized_request(invocation, "r") == true) {
g_object_ref(object);
params.push_back((void *)object);
static gboolean _handle_transmit(SmartcardServiceChannel *object,
GDBusMethodInvocation *invocation,
- GVariant *privilege,
guint service_id,
guint channel_id,
GVariant *command,
vector<void *> params;
/* apply user space smack */
- if (_is_authorized_request(privilege, "r") == true) {
+ if (_is_authorized_request(invocation, "r") == true) {
/* enqueue message */
g_object_ref(object);
params.push_back((void *)object);
/* local header */
#include "Synchronous.h"
+#include "GDBusHelper.h"
#include "smartcard-service-gdbus.h"
using namespace std;