Re-design wifi-policy
authorSangwan Kwon <sangwan.kwon@samsung.com>
Sun, 28 Jul 2019 23:15:53 +0000 (08:15 +0900)
committer권상완/Security 2Lab(SR)/Engineer/삼성전자 <sangwan.kwon@samsung.com>
Thu, 1 Aug 2019 02:10:53 +0000 (11:10 +0900)
- Verification can be done with full-DPM

Signed-off-by: Sangwan Kwon <sangwan.kwon@samsung.com>
12 files changed:
osquery/CMakeLists.txt
osquery/tizen/CMakeLists.txt
osquery/tizen/device-policy/wifi/tests/wifi_tests.cpp [deleted file]
osquery/tizen/device-policy/wifi/wifi-impl.cpp [deleted file]
osquery/tizen/device-policy/wifi/wifi.cpp [deleted file]
osquery/tizen/device-policy/wifi/wifi.h [deleted file]
osquery/tizen/device_policy/tests/wifi_policy_tests.cpp [new file with mode: 0644]
osquery/tizen/device_policy/wifi_policy.cpp [new file with mode: 0644]
osquery/tizen/device_policy/wifi_policy.h [new file with mode: 0644]
osquery/tizen/manager/manager_impl.h
osquery/tizen/tables/wifi_policy.cpp [new file with mode: 0644]
specs/tizen/wifi_policy.table [new file with mode: 0644]

index 66ca685569681d3277dc4b186acd324d1fede0b1..da22c72f221232383a752d48ec96fbab6f90989f 100644 (file)
@@ -55,6 +55,23 @@ FILE(GLOB TABLE_FILES_UTILITY "${CMAKE_SOURCE_DIR}/specs/utility/*.table")
 LIST(APPEND TABLE_FILES ${TABLE_FILES_LINUX})
 LIST(APPEND TABLE_FILES ${TABLE_FILES_UTILITY})
 
+IF(DEFINED GBS_BUILD)
+       FILE(GLOB TABLE_FILES_TIZEN "${CMAKE_SOURCE_DIR}/specs/tizen/*.table")
+       LIST(APPEND TABLE_FILES ${TABLE_FILES_TIZEN})
+
+       SET(GBS_ONLY_PACKAGES klay
+                                                 dpm-pil
+                                                 capi-base-common
+                                                 capi-system-info
+                                                 capi-network-wifi-manager)
+
+       INCLUDE(FindPkgConfig)
+       PKG_CHECK_MODULES(GBS_DEPS REQUIRED ${GBS_ONLY_PACKAGES})
+       INCLUDE_DIRECTORIES(SYSTEM ${GBS_DEPS_INCLUDE_DIRS})
+
+       ADD_OSQUERY_LINK(${GBS_DEPS_LIBRARIES})
+ENDIF(DEFINED GBS_BUILD)
+
 SET(GENERATED_TABLES "")
 
 FILE(GLOB TABLE_FILES_TEMPLATES "${CMAKE_SOURCE_DIR}/tools/codegen/templates/*.in")
index f95192eb947308d623f8509d0e246eadb04e5dc2..4c0dbe5d1564d7e7c63ba826dba45d1785cd62a5 100644 (file)
@@ -21,20 +21,13 @@ FILE(GLOB OSQUERY_TIZEN_TESTS "[!d]*/tests/*.cpp")
 ADD_OSQUERY_TEST(${OSQUERY_TIZEN_TESTS})
 
 IF(DEFINED GBS_BUILD)
-       SET(GBS_ONLY_PACKAGES klay
-                                                 dpm-pil
-                                                 capi-base-common
-                                                 capi-system-info
-                                                 capi-network-wifi-manager)
+       ADD_OSQUERY_LIBRARY(wifi_policy device_policy/wifi_policy.cpp)
 
-       INCLUDE(FindPkgConfig)
-       PKG_CHECK_MODULES(GBS_DEPS REQUIRED ${GBS_ONLY_PACKAGES})
-       INCLUDE_DIRECTORIES(SYSTEM ${GBS_DEPS_INCLUDE_DIRS})
+       # tables
+       FILE(GLOB TIZEN_TABLES "tables/*.cpp")
+       ADD_OSQUERY_LIBRARY(tizen_tables ${TIZEN_TABLES})
 
-       ADD_OSQUERY_LINK(${GBS_DEPS_LIBRARIES})
-       ADD_OSQUERY_LIBRARY(device_policy_wifi device-policy/wifi/wifi.cpp
-                                                                                  device-policy/wifi/wifi-impl.cpp)
-
-       FILE(GLOB OSQUERY_GBS_TESTS "device-policy/*/tests/*.cpp")
-       ADD_OSQUERY_TEST(${OSQUERY_GBS_TESTS})
+# Verification can be done with full-DPM
+#      FILE(GLOB OSQUERY_GBS_TESTS "device_policy/tests/*.cpp")
+#      ADD_OSQUERY_TEST(${OSQUERY_GBS_TESTS})
 ENDIF(DEFINED GBS_BUILD)
diff --git a/osquery/tizen/device-policy/wifi/tests/wifi_tests.cpp b/osquery/tizen/device-policy/wifi/tests/wifi_tests.cpp
deleted file mode 100644 (file)
index 3cb0981..0000000
+++ /dev/null
@@ -1,85 +0,0 @@
-/*
- *  Copyright (c) 2019 Samsung Electronics Co., Ltd All Rights Reserved
- *
- *  Licensed under the Apache License, Version 2.0 (the "License");
- *  you may not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS,
- *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License
- */
-
-#include <gtest/gtest.h>
-
-#include <osquery/logger.h>
-
-#include "../wifi.h"
-
-#include <memory>
-
-class WifiPolicyTests : public testing::Test {};
-
-TEST_F(WifiPolicyTests, Wifi) {
-       /// device_policy_manager_h is void* type
-       std::shared_ptr<void> handle(dpm_manager_create(), dpm_manager_destroy);
-       ASSERT_TRUE(handle != nullptr);
-
-       bool isAllowed = false;
-       auto ret = dpm_wifi_get_state(handle.get(), &isAllowed);
-       EXPECT_EQ(ret, DPM_ERROR_NONE);
-
-       int id = 0;
-       auto callback = [](const char* name, const char* state, void* user_data) {
-               VLOG(1) << name << " policy changed to -> " << state;
-       };
-       ret = dpm_add_policy_changed_cb(handle.get(), "wifi", callback, NULL, &id);
-       EXPECT_EQ(ret, DPM_ERROR_NONE);
-
-       ret = dpm_remove_policy_changed_cb(handle.get(), id);
-       EXPECT_EQ(ret, DPM_ERROR_NONE);
-}
-
-TEST_F(WifiPolicyTests, Hotspot) {
-       /// device_policy_manager_h is void* type
-       std::shared_ptr<void> handle(dpm_manager_create(), dpm_manager_destroy);
-       ASSERT_TRUE(handle != nullptr);
-
-       bool isAllowed = false;
-       auto ret = dpm_wifi_get_hotspot_state(handle.get(), &isAllowed);
-       EXPECT_EQ(ret, DPM_ERROR_NONE);
-
-       int id = 0;
-       auto callback = [](const char* name, const char* state, void* user_data) {
-               VLOG(1) << name << " policy changed to -> " << state;
-       };
-       ret = dpm_add_policy_changed_cb(handle.get(), "wifi_hotspot", callback, NULL, &id);
-       EXPECT_EQ(ret, DPM_ERROR_NONE);
-
-       ret = dpm_remove_policy_changed_cb(handle.get(), id);
-       EXPECT_EQ(ret, DPM_ERROR_NONE);
-}
-
-TEST_F(WifiPolicyTests, ProfileChange) {
-       /// device_policy_manager_h is void* type
-       std::shared_ptr<void> handle(dpm_manager_create(), dpm_manager_destroy);
-       ASSERT_TRUE(handle != nullptr);
-
-       bool isAllowed = false;
-       auto ret = dpm_wifi_is_profile_change_restricted(handle.get(), &isAllowed);
-       EXPECT_EQ(ret, DPM_ERROR_NONE);
-
-       int id = 0;
-       auto callback = [](const char* name, const char* state, void* user_data) {
-               VLOG(1) << name << " policy changed to -> " << state;
-       };
-       ret = dpm_add_policy_changed_cb(handle.get(), "wifi_profile_change", callback, NULL, &id);
-       EXPECT_EQ(ret, DPM_ERROR_NONE);
-
-       ret = dpm_remove_policy_changed_cb(handle.get(), id);
-       EXPECT_EQ(ret, DPM_ERROR_NONE);
-}
diff --git a/osquery/tizen/device-policy/wifi/wifi-impl.cpp b/osquery/tizen/device-policy/wifi/wifi-impl.cpp
deleted file mode 100644 (file)
index e62e6d0..0000000
+++ /dev/null
@@ -1,236 +0,0 @@
-/*
- *  Copyright (c) 2016 Samsung Electronics Co., Ltd All Rights Reserved
- *
- *  Licensed under the Apache License, Version 2.0 (the "License");
- *  you may not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS,
- *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License
- */
-
-#include <arpa/inet.h>
-
-#include <cstdlib>
-#include <functional>
-#include <unordered_set>
-
-#include <wifi-manager.h>
-
-#include <klay/dbus/connection.h>
-
-#include <dpm/pil/policy-context.h>
-#include <dpm/pil/policy-model.h>
-#include <dpm/pil/policy-storage.h>
-#include <dpm/pil/policy-event.h>
-
-#define NETCONFIG_INTERFACE            \
-       "net.netconfig",                        \
-       "/net/netconfig/network",       \
-       "net.netconfig.network"
-
-class ModeChange : public GlobalPolicy<DataSetInt> {
-public:
-       ModeChange() : GlobalPolicy("wifi")
-       {
-               PolicyEventNotifier::create("wifi");
-       }
-
-       bool apply(const DataType& value)
-       {
-               int enable = value;
-               try {
-                       dbus::Connection &systemDBus = dbus::Connection::getSystem();
-                       systemDBus.methodcall(NETCONFIG_INTERFACE,
-                                                                 "DevicePolicySetWifi",
-                                                                 -1,
-                                                                 "",
-                                                                 "(i)",
-                                                                 enable);
-               } catch (runtime::Exception& e) {
-                       ERROR("Failed to chaneg Wi-Fi state");
-                       return false;
-               }
-
-               PolicyEventNotifier::emit("wifi", enable ? "allowed" : "disallowed");
-               return true;
-       }
-};
-
-class ProfileChange : public GlobalPolicy<DataSetInt> {
-public:
-       ProfileChange() : GlobalPolicy("wifi-profile-change")
-       {
-               PolicyEventNotifier::create("wifi_profile_change");
-       }
-
-       bool apply(const DataType& value)
-       {
-               int enable = value;
-               try {
-                       dbus::Connection &systemDBus = dbus::Connection::getSystem();
-                       systemDBus.methodcall(NETCONFIG_INTERFACE,
-                                                                 "DevicePolicySetWifiProfile",
-                                                                 -1,
-                                                                 "",
-                                                                 "(i)",
-                                                                 enable);
-               } catch (runtime::Exception& e) {
-                       ERROR("Failed to set Wi-Fi profile change restriction");
-                       return false;
-               }
-               PolicyEventNotifier::emit("wifi_profile_change", enable ? "allowed" : "disallowed");
-               return true;
-       }
-};
-
-class Hotspot : public GlobalPolicy<DataSetInt> {
-public:
-       Hotspot() : GlobalPolicy("wifi-hotspot")
-       {
-               PolicyEventNotifier::create("wifi_hotspot");
-       }
-
-       bool apply(const DataType& value)
-       {
-               int enable = value;
-               PolicyEventNotifier::emit("wifi_hotspot", enable ? "allowed" : "disallowed");
-               return true;
-       }
-};
-
-class Wifi : public AbstractPolicyProvider {
-public:
-       Wifi();
-       ~Wifi();
-
-       int setState(bool enable);
-       bool getState();
-       int setHotspotState(bool enable);
-       bool getHotspotState();
-       int setProfileChangeRestriction(bool enable);
-       bool isProfileChangeRestricted();
-
-       static void onConnectionStateChanged(wifi_manager_connection_state_e state,
-                                                                                wifi_manager_ap_h ap, void *user_data);
-
-private:
-       wifi_manager_h handle;
-
-       ModeChange modeChange;
-       ProfileChange profileChange;
-       Hotspot hotspot;
-};
-
-
-Wifi::Wifi() : handle(nullptr)
-{
-       int ret = 0;
-
-       ret = ::wifi_manager_initialize(&handle);
-       if (ret != WIFI_MANAGER_ERROR_NONE) {
-               if (ret == WIFI_MANAGER_ERROR_NOT_SUPPORTED) {
-                       return;
-               }
-               throw runtime::Exception("WiFi Manager initialization failed");
-       }
-
-       ret = ::wifi_manager_set_connection_state_changed_cb(handle, &onConnectionStateChanged, this);
-       if (ret != WIFI_MANAGER_ERROR_NONE) {
-               throw runtime::Exception("WiFi Manager set connection state changed callback failed");
-       }
-}
-
-Wifi::~Wifi()
-{
-       if (handle) {
-               ::wifi_manager_unset_connection_state_changed_cb(handle);
-               ::wifi_manager_deinitialize(handle);
-       }
-}
-
-void Wifi::onConnectionStateChanged(wifi_manager_connection_state_e state,
-                                                                       wifi_manager_ap_h ap, void *user_data)
-{
-       if (state == WIFI_MANAGER_CONNECTION_STATE_FAILURE ||
-               state == WIFI_MANAGER_CONNECTION_STATE_DISCONNECTED) {
-               return;
-       }
-}
-
-int Wifi::setState(bool enable)
-{
-       try {
-               modeChange.set(enable);
-       } catch (runtime::Exception& e) {
-               ERROR(e.what());
-               return -1;
-       }
-
-       return 0;
-}
-
-bool Wifi::getState()
-{
-       return modeChange.get();
-}
-
-int Wifi::setHotspotState(bool enable)
-{
-       try {
-               hotspot.set(enable);
-       } catch (runtime::Exception& e) {
-               ERROR(e.what());
-               return -1;
-       }
-
-       return 0;
-}
-
-bool Wifi::getHotspotState()
-{
-       return hotspot.get();
-}
-
-int Wifi::setProfileChangeRestriction(bool enable)
-{
-       try {
-               profileChange.set(enable);
-       } catch (runtime::Exception& e) {
-               ERROR(e.what());
-               return -1;
-       }
-
-       return 0;
-}
-
-bool Wifi::isProfileChangeRestricted()
-{
-       return profileChange.get();
-}
-
-extern "C" {
-
-#define PRIVILEGE "http://tizen.org/privilege/dpm.wifi"
-
-AbstractPolicyProvider *PolicyFactory(PolicyControlContext& context)
-{
-       Wifi *policy = new Wifi();
-
-       context.expose(policy, PRIVILEGE, (int)(Wifi::setState)(bool));
-       context.expose(policy, PRIVILEGE, (int)(Wifi::setHotspotState)(bool));
-       context.expose(policy, PRIVILEGE, (int)(Wifi::setProfileChangeRestriction)(bool));
-
-       context.expose(policy, "", (bool)(Wifi::getState)());
-       context.expose(policy, "", (bool)(Wifi::getHotspotState)());
-       context.expose(policy, "", (bool)(Wifi::isProfileChangeRestricted)());
-
-       return policy;
-}
-
-} // extern "C"
diff --git a/osquery/tizen/device-policy/wifi/wifi.cpp b/osquery/tizen/device-policy/wifi/wifi.cpp
deleted file mode 100644 (file)
index d71fb8a..0000000
+++ /dev/null
@@ -1,126 +0,0 @@
-/*
- *  Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- *  Licensed under the Apache License, Version 2.0 (the "License");
- *  you may not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS,
- *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License
- */
-#include <tizen.h>
-#include <tizen_type.h>
-
-#include <dpm/pil/policy-client.h>
-
-#include "wifi.h"
-
-#define RET_ON_FAILURE(cond, ret) \
-{                                 \
-       if (!(cond))                  \
-               return (ret);             \
-}
-
-EXPORT_API int dpm_wifi_set_state(device_policy_manager_h handle, bool allow)
-{
-       RET_ON_FAILURE(handle, DPM_ERROR_INVALID_PARAMETER);
-
-       DevicePolicyClient &client = GetDevicePolicyClient(handle);
-
-       try {
-               Status<int> status { -1 };
-               status = client.methodCall<int>("Wifi::setState", allow);
-               return status.get();
-       } catch (...) {
-               return -1;
-       }
-}
-
-EXPORT_API int dpm_wifi_get_state(device_policy_manager_h handle, bool *is_allowed)
-{
-       RET_ON_FAILURE(handle, DPM_ERROR_INVALID_PARAMETER);
-       RET_ON_FAILURE(is_allowed, DPM_ERROR_INVALID_PARAMETER);
-
-       DevicePolicyClient &client = GetDevicePolicyClient(handle);
-
-    try {
-               Status<bool> status { true };
-               status = client.methodCall<bool>("Wifi::getState");
-               *is_allowed = status.get();
-       } catch (...) {
-               return -1;
-       }
-
-       return DPM_ERROR_NONE;
-}
-
-EXPORT_API int dpm_wifi_set_hotspot_state(device_policy_manager_h handle, bool allow)
-{
-       RET_ON_FAILURE(handle, DPM_ERROR_INVALID_PARAMETER);
-
-       DevicePolicyClient &client = GetDevicePolicyClient(handle);
-
-       try {
-               Status<int> status { -1 };
-               status = client.methodCall<int>("Wifi::setHotspotState", allow);
-               return status.get();
-       } catch (...) {
-               return -1;
-       }
-}
-
-EXPORT_API int dpm_wifi_get_hotspot_state(device_policy_manager_h handle, bool *is_allowed)
-{
-       RET_ON_FAILURE(handle, DPM_ERROR_INVALID_PARAMETER);
-       RET_ON_FAILURE(is_allowed, DPM_ERROR_INVALID_PARAMETER);
-
-       DevicePolicyClient &client = GetDevicePolicyClient(handle);
-
-       try {
-               Status<bool> status { true };
-               status = client.methodCall<bool>("Wifi::getHotspotState");
-               *is_allowed = status.get();
-       } catch (...) {
-               return -1;
-       }
-
-       return DPM_ERROR_NONE;
-}
-
-EXPORT_API int dpm_wifi_set_profile_change_restriction(device_policy_manager_h handle, bool enable)
-{
-       RET_ON_FAILURE(handle, DPM_ERROR_INVALID_PARAMETER);
-
-       DevicePolicyClient &client = GetDevicePolicyClient(handle);
-
-       try {
-               Status<int> status { -1 };
-               status = client.methodCall<int>("Wifi::setProfileChangeRestriction", enable);
-               return status.get();
-       } catch (...) {
-               return -1;
-       }
-}
-
-EXPORT_API int dpm_wifi_is_profile_change_restricted(device_policy_manager_h handle, bool *enable)
-{
-       RET_ON_FAILURE(handle, DPM_ERROR_INVALID_PARAMETER);
-       RET_ON_FAILURE(enable, DPM_ERROR_INVALID_PARAMETER);
-
-       DevicePolicyClient &client = GetDevicePolicyClient(handle);
-
-       try {
-               Status<bool> status { false };
-               status = client.methodCall<bool>("Wifi::isProfileChangeRestricted");
-               *enable = status.get();
-       } catch (...) {
-               return -1;
-       }
-
-       return DPM_ERROR_NONE;
-}
diff --git a/osquery/tizen/device-policy/wifi/wifi.h b/osquery/tizen/device-policy/wifi/wifi.h
deleted file mode 100644 (file)
index 15095d7..0000000
+++ /dev/null
@@ -1,167 +0,0 @@
-/*
- *  Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
- *
- *  Licensed under the Apache License, Version 2.0 (the "License");
- *  you may not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS,
- *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License
- */
-
-/// These APIs would be deprecated.
-
-#ifndef __CAPI_DPM_WIFI_POLICY_H__
-#define __CAPI_DPM_WIFI_POLICY_H__
-
-#include <stdbool.h>
-
-#include <dpm/device-policy-manager.h>
-
-/**
- * @file wifi.h
- * @brief This file provides APIs to control wifi policy
- */
-
-
-/**
- * @addtogroup  CAPI_DPM_WIFI_POLICY_MODULE
- * @{
- */
-
-/**
- * @partner
- * @brief       Allows or disallows user to change the Wi-Fi state.
- * @details     An administrator can use this API to allow or disallow user to
- *              change the Wi-Fi state. If it is disallowed, user does not have UI
- *              access to change the state.
- * @since_tizen 3.0
- * @privlevel   partner
- * @privilege   %http://tizen.org/privilege/dpm.wifi
- * @param[in]   handle Device policy manager handle
- * @param[in]   allow If true, allow user to change Wi-Fi state,
- *              if false, disallow user to change Wi-Fi state.
- * @return      #DPM_ERROR_NONE on success, otherwise a negative value
- * @retval      #DPM_ERROR_NONE Successful
- * @retval      #DPM_ERROR_TIMED_OUT Time out
- * @retval      #DPM_ERROR_INVALID_PARAMETER Invalid parameter
- * @retval      #DPM_ERROR_PERMISSION_DENIED The application does not have
- *              the privilege to call this API
- * @pre         The handle must be created by dpm_manager_create().
- * @see         dpm_manager_create()
- * @see         dpm_wifi_get_state()
- */
-int dpm_wifi_set_state(device_policy_manager_h handle, bool allow);
-
-/**
- * @brief       Checks whether the Wi-Fi state change is allowed or not.
- * @details     An administrator can use this API to check whether user is
- *              allowed to change Wi-Fi state or not.
- * @since_tizen 3.0
- * @param[in]   handle Device policy manager handle
- * @param[out]  is_allowed true if the change is allowed, false otherwise.
- * @return      #DPM_ERROR_NONE on success, otherwise a negative value
- * @retval      #DPM_ERROR_NONE Successful
- * @retval      #DPM_ERROR_TIMED_OUT Time out
- * @retval      #DPM_ERROR_INVALID_PARAMETER Invalid parameter
- * @pre         The handle must be created by dpm_manager_create().
- * @see         dpm_manager_create()
- * @see         dpm_wifi_set_state()
- */
-int dpm_wifi_get_state(device_policy_manager_h handle, bool *is_allowed);
-
-/**
- * @partner
- * @brief       Allows or disallows user to change Wi-Fi hotspot state change.
- * @details     An administrator can use this API to allow or disallow user to change Wi-Fi
- *              hotspot state. When it is disallowed, the UI is grayed out so user cannot
- *              change Wi-Fi hotspot state.
- * @since_tizen 3.0
- * @privlevel   partner
- * @privilege   %http://tizen.org/privilege/dpm.wifi
- * @param[in]   handle Device policy manager handle
- * @param[in]   allow If true, allow user to change Wi-Fi hostspot state,
- *              if false, disallow user to change Wi-Fi hotspot state.
- * @return      #DPM_ERROR_NONE on success, otherwise a negative value
- * @retval      #DPM_ERROR_NONE Successful
- * @retval      #DPM_ERROR_TIMED_OUT Time out
- * @retval      #DPM_ERROR_INVALID_PARAMETER Invalid parameter
- * @retval      #DPM_ERROR_PERMISSION_DENIED The application does not have
- *              the privilege to call this API
- * @pre         The handle must be created by dpm_manager_create().
- * @see         dpm_manager_create()
- * @see         dpm_wifi_get_hotspot_state()
- */
-int dpm_wifi_set_hotspot_state(device_policy_manager_h handle, bool allow);
-
-/**
- * @brief       Checks whether the the Wi-Fi hotspot state change is allowed or not.
- * @details     An administrator can use this API to check whether user is allowed to change
- *              Wi-Fi hotspot state or not.
- *              If the Wi-Fi hotspot state change is disallowed, the UI is grayed out so user can not
- *              change its state.
- * @since_tizen 3.0
- * @param[in]   handle Device policy manager handle
- * @param[out]  is_allowed true if the state change is allowed, false otherwise.
- * @return      #DPM_ERROR_NONE on success, otherwise a negative value
- * @retval      #DPM_ERROR_NONE Successful
- * @retval      #DPM_ERROR_TIMED_OUT Time out
- * @retval      #DPM_ERROR_INVALID_PARAMETER Invalid parameter
- * @pre         The handle must be created by dpm_manager_create().
- * @see         dpm_manager_create()
- * @see         dpm_wifi_set_hotspot_state()
- */
-int dpm_wifi_get_hotspot_state(device_policy_manager_h handle, bool *is_allowed);
-
-/**
- * @brief       Allows or disallows user to modify some Wi-Fi profiles of network settings.
- * @details     An administrator can use this API to allow or disallow users to modify selected
- *              Wi-Fi profiles like static ip configuration, proxy settings, security type
- *              and others. When this policy is in effect the user is only allowed to
- *              modify only the username, password, anonymous identity, and wep key.
- *              In addition, the user cannot remove the network. When false, the user can
- *              modify all Wi-fi network profiles normally and also remove it.
- * @since_tizen 3.0
- * @param[in]   handle The device policy manager handle
- * @param[in]   enable true to enable restriction mode for wifi profile changes, else false
- * @return      #DPM_ERROR_NONE on success, otherwise a negative value
- * @retval      #DPM_ERROR_NONE Successful
- * @retval      #DPM_ERROR_TIMEOUT Time out
- * @retval      #DPM_ERROR_INVALID_PARAMETER Invalid parameter
- * @retval      #DPM_ERROR_PERMISSION_DENIED The application does not have
- *              the privilege to call this API
- * @pre         handle must be created by dpm_context_acquire_wifi_policy()
- * @see         dpm_manager_create()
- * @see         dpm_wifi_is_profile_change_restricted()
- */
-int dpm_wifi_set_profile_change_restriction(device_policy_manager_h handle, bool enable);
-
-/**
- * @brief       Checks if the user is allowed to modify certain Wi-Fi profiles.
- * @details     An administrator can use this API to check whether the user is
- *              allowed to modify Wi-Fi profiles. The user is restricted in modifying
- *              Wi-Fi profiles if at least one administrator has set the value to TRUE.
- * @since_tizen 3.0
- * @param[in]   handle The device policy manager handle
- * @param[out]  is_enabled true if one or more administrators enabled restriction
- *              false if user can change all Wi-Fi profiles
- * @return      #DPM_ERROR_NONE on success, otherwise a negative value
- * @retval      #DPM_ERROR_NONE Successful
- * @retval      #DPM_ERROR_TIMEOUT Time out
- * @retval      #DPM_ERROR_INVALID_PARAMETER Invalid parameter
- * @pre         handle must be created by dpm_context_acquire_wifi_policy()
- * @see         dpm_manager_create()
- * @see         dpm_wifi_set_profile_change_restriction()
- */
-int dpm_wifi_is_profile_change_restricted(device_policy_manager_h handle, bool *is_enabled);
-
-/**
- * @}
- */
-
-#endif //! __CAPI_DPM_WIFI_POLICY_H__
diff --git a/osquery/tizen/device_policy/tests/wifi_policy_tests.cpp b/osquery/tizen/device_policy/tests/wifi_policy_tests.cpp
new file mode 100644 (file)
index 0000000..5dd1e66
--- /dev/null
@@ -0,0 +1,52 @@
+/*
+ *  Copyright (c) 2019 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License
+ */
+
+#include <gtest/gtest.h>
+
+#include <osquery/logger.h>
+
+#include "../wifi_policy.h"
+
+class WifiPolicyTests : public testing::Test {};
+
+using namespace osquery;
+
+TEST_F(WifiPolicyTests, Wifi) {
+       WifiPolicy policy;
+       policy.setWifi(true);
+       EXPECT_EQ(policy.getWifi(), true);
+
+       policy.setWifi(false);
+       EXPECT_EQ(policy.getWifi(), false);
+}
+
+TEST_F(WifiPolicyTests, Profile) {
+       WifiPolicy policy;
+       policy.setProfile(true);
+       EXPECT_EQ(policy.getProfile(), true);
+
+       policy.setProfile(false);
+       EXPECT_EQ(policy.getProfile(), false);
+}
+
+TEST_F(WifiPolicyTests, Hotspot) {
+       WifiPolicy policy;
+       policy.setHotspot(true);
+       EXPECT_EQ(policy.getHotspot(), true);
+
+       policy.setHotspot(false);
+       EXPECT_EQ(policy.getHotspot(), false);
+}
diff --git a/osquery/tizen/device_policy/wifi_policy.cpp b/osquery/tizen/device_policy/wifi_policy.cpp
new file mode 100644 (file)
index 0000000..336d485
--- /dev/null
@@ -0,0 +1,165 @@
+/*
+ *  Copyright (c) 2019 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or ManagerImplied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License
+ */
+
+#include "wifi_policy.h"
+
+/// TODO: Resolve macro ERROR conflicts.
+#define GLOG_NO_ABBREVIATED_SEVERITIES
+#include <osquery/logger.h>
+
+#include <dpm/pil/policy-event.h>
+#include <klay/dbus/connection.h>
+
+namespace {
+
+const std::string NETCONFIG_BUSNAME = "net.netconfig";
+const std::string NETCONFIG_OBJECT = "net/netconfig/network";
+const std::string NETCONFIG_INTERFACE = "net.netconfig.network";
+
+} // anonymous namespace
+
+namespace osquery {
+
+const std::string WifiPolicy::PRIVILEGE = "http://tizen.org/privilege/dpm.wifi";
+
+WifiPolicy::Wifi::Wifi() : GlobalPolicy("wifi")
+{
+       PolicyEventNotifier::create("wifi");
+}
+
+bool WifiPolicy::Wifi::apply(const DataType& value) try
+{
+       int enable = value;
+       klay::dbus::Connection &systemDBus = klay::dbus::Connection::getSystem();
+       systemDBus.methodcall(NETCONFIG_BUSNAME,
+                                                 NETCONFIG_OBJECT,
+                                                 NETCONFIG_INTERFACE,
+                                                 "DevicePolicySetWifi",
+                                                 -1,
+                                                 "",
+                                                 "(i)",
+                                                 enable);
+       PolicyEventNotifier::emit("wifi", enable ? "allowed" : "disallowed");
+       return true;
+} catch (runtime::Exception& e)
+{
+       VLOG(1) << "Failed to change Wi-Fi state";
+       return false;
+}
+
+WifiPolicy::Profile::Profile() : GlobalPolicy("wifi-profile-change")
+{
+       PolicyEventNotifier::create("wifi_profile_change");
+}
+
+bool WifiPolicy::Profile::apply(const DataType& value) try
+{
+       int enable = value;
+       klay::dbus::Connection &systemDBus = klay::dbus::Connection::getSystem();
+       systemDBus.methodcall(NETCONFIG_BUSNAME,
+                                                 NETCONFIG_OBJECT,
+                                                 NETCONFIG_INTERFACE,
+                                                 "DevicePolicySetWifiProfile",
+                                                 -1,
+                                                 "",
+                                                 "(i)",
+                                                 enable);
+       PolicyEventNotifier::emit("wifi_profile_change", enable ? "allowed" : "disallowed");
+       return true;
+} catch (runtime::Exception& e)
+{
+       VLOG(1) << "Failed to change Profile state";
+       return false;
+}
+
+WifiPolicy::Hotspot::Hotspot() : GlobalPolicy("wifi-hotspot")
+{
+       PolicyEventNotifier::create("wifi_hotspot");
+}
+
+bool WifiPolicy::Hotspot::apply(const DataType& value) try
+{
+       int enable = value;
+       PolicyEventNotifier::emit("wifi_hotspot", enable ? "allowed" : "disallowed");
+       return true;
+} catch (runtime::Exception& e)
+{
+       VLOG(1) << "Failed to change Hotspot state";
+       return false;
+}
+
+WifiPolicy::WifiPolicy()
+{
+       int ret = ::wifi_manager_initialize(&handle);
+       if (ret != WIFI_MANAGER_ERROR_NONE) {
+               if (ret == WIFI_MANAGER_ERROR_NOT_SUPPORTED)
+                       throw std::runtime_error("WiFi Manager isn't supported.");
+
+               throw std::runtime_error("WiFi Manager initialization failed");
+       }
+
+       ret = ::wifi_manager_set_connection_state_changed_cb(handle, &onConnection, nullptr);
+       if (ret != WIFI_MANAGER_ERROR_NONE)
+               VLOG(1) << "WiFi Manager set connection state changed callback failed";
+}
+
+WifiPolicy::~WifiPolicy()
+{
+       ::wifi_manager_unset_connection_state_changed_cb(handle);
+       ::wifi_manager_deinitialize(handle);
+}
+
+void WifiPolicy::onConnection(wifi_manager_connection_state_e state,
+                                                         wifi_manager_ap_h ap,
+                                                         void *user_data)
+{
+       /// TODO: This section is able to check policy violation.
+       if (state == WIFI_MANAGER_CONNECTION_STATE_FAILURE ||
+               state == WIFI_MANAGER_CONNECTION_STATE_DISCONNECTED)
+               return;
+}
+
+void WifiPolicy::setWifi(bool enable)
+{
+       wifi.set(enable);
+}
+
+bool WifiPolicy::getWifi()
+{
+       return wifi.get();
+}
+
+void WifiPolicy::setProfile(bool enable)
+{
+       profile.set(enable);
+}
+
+bool WifiPolicy::getProfile()
+{
+       return profile.get();
+}
+
+void WifiPolicy::setHotspot(bool enable)
+{
+       hotspot.set(enable);
+}
+
+bool WifiPolicy::getHotspot()
+{
+       return hotspot.get();
+}
+
+} // namespace osquery
diff --git a/osquery/tizen/device_policy/wifi_policy.h b/osquery/tizen/device_policy/wifi_policy.h
new file mode 100644 (file)
index 0000000..815c797
--- /dev/null
@@ -0,0 +1,89 @@
+/*
+ *  Copyright (c) 2019 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License
+ */
+
+#pragma once
+
+#include <string>
+#include <stdexcept>
+
+#include <wifi-manager.h>
+
+/// TODO(Sangwan): Move rmi header to policy-model
+#include <klay/rmi/service.h>
+#include <dpm/pil/policy-model.h>
+
+namespace osquery {
+
+/*
+       TODO List:
+               1. Change VLOG to LOG(ERROR).
+               2. Make sure that privilege model works with cynara.
+               3. Consider policy-violation model.
+               4. Unify exeception handling among getter/setter APIs.
+               5. Verify with full-DPM at runtime.
+*/
+
+class WifiPolicy final : public AbstractPolicyProvider {
+public:
+       struct Wifi : public GlobalPolicy<DataSetInt> {
+               Wifi();
+               bool apply(const DataType&) override;
+       };
+
+       struct Profile : public GlobalPolicy<DataSetInt> {
+               Profile();
+               bool apply(const DataType&) override;
+       };
+
+       struct Hotspot : public GlobalPolicy<DataSetInt> {
+               Hotspot();
+               bool apply(const DataType&) override;
+       };
+
+       WifiPolicy();
+       ~WifiPolicy();
+
+       WifiPolicy(const WifiPolicy&) = delete;
+       WifiPolicy& operator=(const WifiPolicy&) = delete;
+
+/* TODO: Support move semantic from parent class (GlobalPolicy)
+       WifiPolicy(WifiPolicy&&) noexcept;
+       WifiPolicy& operator=(WifiPolicy&&) noexcept;
+*/
+       void setWifi(bool enable);
+       bool getWifi(void);
+
+       void setProfile(bool enable);
+       bool getProfile(void);
+
+       void setHotspot(bool enable);
+       bool getHotspot(void);
+
+       static void onConnection(wifi_manager_connection_state_e state,
+                                                        wifi_manager_ap_h ap,
+                                                        void *user_data);
+
+       static const std::string PRIVILEGE;
+
+private:
+       Wifi wifi;
+       Profile profile;
+       Hotspot hotspot;
+
+       wifi_manager_h handle;
+};
+
+} // namespace osquery
index 9783b0771e3d31782c5e4dfbbc369eafca271c29..dcfe2cbd58dd01d3983176d54e5ed0d42aa2e41c 100644 (file)
@@ -19,6 +19,8 @@
  * @brief Implementation interface of osquery manager
  */
 
+#pragma once
+
 #include <osquery_manager.h>
 
 #include <string>
diff --git a/osquery/tizen/tables/wifi_policy.cpp b/osquery/tizen/tables/wifi_policy.cpp
new file mode 100644 (file)
index 0000000..43add00
--- /dev/null
@@ -0,0 +1,71 @@
+/*
+ *  Copyright (c) 2019 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License
+ */
+/*
+ * @file wifi_policy.cpp
+ * @author Sangwan Kwon (sangwan.kwon@samsung.com)
+ * @brief Implementation of wifi-policy table
+ */
+
+#include <string>
+#include <memory>
+#include <stdexcept>
+
+#include <osquery/sql.h>
+#include <osquery/logger.h>
+#include <osquery/tables.h>
+
+#include <dpm/device-policy-manager.h>
+#include <dpm/pil/policy-client.h>
+
+namespace osquery {
+namespace tables {
+
+/*
+       TODO List
+               1. Migrate full DPM.
+               2. Expose client API.
+               3. Verfy below code.
+*/
+
+QueryData genWifiPolicy(QueryContext& context) try {
+       std::shared_ptr<void> handle(dpm_manager_create(), dpm_manager_destroy);
+       if (handle == nullptr)
+               throw std::runtime_error("Cannot create dpm-client handle.");
+
+       /// This status is defined at DPM
+       ::Status<bool> status { true };
+       Row r;
+
+       DevicePolicyClient &client = GetDevicePolicyClient(handle.get());
+       status = client.methodCall<bool>("Wifi::getWifi");
+       r["wifi"] =  INTEGER(status.get());
+
+       status = client.methodCall<bool>("Wifi::getProfile");
+       r["profile"] =  INTEGER(status.get());
+
+       status = client.methodCall<bool>("Wifi::getHotspot");
+       r["hotspot"] =  INTEGER(status.get());
+
+       return { r };
+} catch (...) {
+// TODO(Sangwan): Resolve duplicated "ERROR" macro with DPM
+//    LOG(ERROR) << "Exception occured while getting wifi-policy" << s.toString();
+       Row r;
+       return { r };
+}
+
+} // namespace tables
+} // namespace osquery
diff --git a/specs/tizen/wifi_policy.table b/specs/tizen/wifi_policy.table
new file mode 100644 (file)
index 0000000..020c327
--- /dev/null
@@ -0,0 +1,8 @@
+table_name("wifi_policy")
+description("A single row containing the wifi policy.")
+schema([
+  Column("wifi", INTEGER, "Wi-Fi policy state"),
+  Column("profile", INTEGER, "Profile policy state"),
+  Column("hotspot", INTEGER, "Hotspot policy state"),
+])
+implementation("wifi_policy@genWifiPolicy")