trigger: add PrivilegeChecker

Change-Id: I8cb0592a8bc3060cdd02e65f9df359c1ed09d8c2
Signed-off-by: Mu-Woong Lee <muwoong.lee@samsung.com>

diff --git a/CMakeLists.txt b/CMakeLists.txt
index 5c0df62713e3695833377555a3b004b462dd9794..97e5d3f3c560379a3a7ffdd0ab11ef833de68c42 100644 (file)
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -7,7 +7,7 @@ SET(target ${PROJECT_NAME})
 
 # Dependencies
 SET(DEPS "gio-2.0 jsoncpp bundle aul pkgmgr-info capi-base-common capi-appfw-app-control")
-SET(DEPS "${DEPS} cynara-creds-self cynara-client")
+SET(DEPS "${DEPS} cynara-creds-self cynara-session cynara-client")
 SET(DEPS "${DEPS} context-app-history-client context-job-scheduler-client")
 
 # Source Lists

diff --git a/packaging/capi-context.spec b/packaging/capi-context.spec
index 537914257a8ea857913cd251143303fe123caae9..1f0439558bd174c018862a9b453509b11d232c86 100644 (file)
--- a/packaging/capi-context.spec
+++ b/packaging/capi-context.spec
@@ -15,6 +15,7 @@ BuildRequires: pkgconfig(pkgmgr-info)
 BuildRequires: pkgconfig(capi-base-common)
 BuildRequires: pkgconfig(capi-appfw-app-control)
 BuildRequires: pkgconfig(cynara-creds-self)
+BuildRequires: pkgconfig(cynara-session)
 BuildRequires: pkgconfig(cynara-client)
 BuildRequires: pkgconfig(context-app-history-client)
 BuildRequires: pkgconfig(context-job-scheduler-client)

diff --git a/src/trigger/PrivilegeChecker.cpp b/src/trigger/PrivilegeChecker.cpp
new file mode 100644 (file)
index 0000000..fe39067
--- /dev/null
+++ b/src/trigger/PrivilegeChecker.cpp
@@ -0,0 +1,92 @@
+/*
+ * Copyright (c) 2017 Samsung Electronics Co., Ltd.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <cynara-creds-self.h>
+#include <cynara-session.h>
+#include <ScopeMutex.h>
+#include "PrivilegeChecker.h"
+
+#define CACHE_SIZE     10
+
+static GMutex __cynaraMutex;
+
+PrivilegeChecker::PrivilegeChecker() :
+       __client(NULL),
+       __session(NULL),
+       __user(NULL),
+       __cynara(NULL)
+{
+       cynara_creds_self_get_client(CLIENT_METHOD_DEFAULT, &__client);
+       cynara_creds_self_get_user(USER_METHOD_DEFAULT, &__user);
+
+       __session = cynara_session_from_pid(getpid());
+
+       if (!__client || !__user || !__session) {
+               _E("Self credentialing failed");
+               return;
+       }
+
+       cynara_configuration* conf = NULL;
+       int err = cynara_configuration_create(&conf);
+       IF_FAIL_VOID_TAG(err == CYNARA_API_SUCCESS, _E, "Cynara configuration creation failed");
+
+       err = cynara_configuration_set_cache_size(conf, CACHE_SIZE);
+       if (err != CYNARA_API_SUCCESS) {
+               _E("Cynara cache size set failed");
+               cynara_configuration_destroy(conf);
+               return;
+       }
+
+       err = cynara_initialize(&__cynara, conf);
+       cynara_configuration_destroy(conf);
+       if (err != CYNARA_API_SUCCESS) {
+               _E("Cynara initialization failed");
+               __cynara = NULL;
+               return;
+       }
+
+       _I("Cynara initialized");
+}
+
+PrivilegeChecker::~PrivilegeChecker()
+{
+       g_free(__client);
+       g_free(__session);
+       g_free(__user);
+
+       if (__cynara)
+               cynara_finish(__cynara);
+}
+
+bool PrivilegeChecker::hasPrivilege(const char* privil)
+{
+       if (!privil)
+               return true;
+
+       ctx::ScopeMutex sm(&__cynaraMutex);
+
+       static PrivilegeChecker checker;
+
+       return checker.__hasPrivilege(privil);
+}
+
+bool PrivilegeChecker::__hasPrivilege(const char* privil)
+{
+       IF_FAIL_RETURN_TAG(__cynara, false, _E, "Cynara not initialized");
+       int ret = cynara_check(__cynara, __client, __session, __user, privil);
+       _D("Check %s -> %d", privil, ret);
+       return (ret == CYNARA_API_ACCESS_ALLOWED);
+}

diff --git a/src/trigger/PrivilegeChecker.h b/src/trigger/PrivilegeChecker.h
new file mode 100644 (file)
index 0000000..3e272da
--- /dev/null
+++ b/src/trigger/PrivilegeChecker.h
@@ -0,0 +1,39 @@
+/*
+ * Copyright (c) 2017 Samsung Electronics Co., Ltd.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef __CONTEXT_TRIGGER_PRIVILEGE_CHECKER_H__
+#define __CONTEXT_TRIGGER_PRIVILEGE_CHECKER_H__
+
+#include <cynara-client.h>
+#include <ContextTypes.h>
+
+class PrivilegeChecker {
+public:
+       static bool hasPrivilege(const char* privil);
+
+private:
+       PrivilegeChecker();
+       ~PrivilegeChecker();
+
+       bool __hasPrivilege(const char* privil);
+
+       char* __client;
+       char* __session;
+       char* __user;
+       cynara* __cynara;
+};
+
+#endif /* __CONTEXT_TRIGGER_PRIVILEGE_CHECKER_H__ */