ADD_SUBDIRECTORY(osquery)
ADD_SUBDIRECTORY(tools/sqlite3)
+
+IF(DEFINED GBS_BUILD)
+ ADD_SUBDIRECTORY(plugins)
+ENDIF()
ADD_OSQUERY_TEST(${OSQUERY_TIZEN_TESTS})
IF(DEFINED GBS_BUILD)
- ADD_OSQUERY_LIBRARY(wifi_policy device_policy/wifi_policy.cpp)
-
# tables
FILE(GLOB TIZEN_TABLES "tables/*.cpp")
ADD_OSQUERY_LIBRARY(tizen_tables ${TIZEN_TABLES})
+++ /dev/null
-/*
- * Copyright (c) 2019 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License
- */
-
-#pragma once
-
-#include <string>
-
-#include <bluetooth.h>
-#include <bluetooth-api.h>
-#include <bluetooth_internal.h>
-
-/// TODO(Sangwan): Move rmi header to policy-model
-#include <klay/rmi/service.h>
-#include <dpm/pil/policy-model.h>
-
-namespace osquery {
-
-/*
- TODO List:
- 1. Change VLOG to LOG(ERROR).
- 2. Make sure that privilege model works with cynara.
- 3. Consider policy-violation model.
- 4. Unify exeception handling among getter/setter APIs.
- 5. Verify with full-DPM at runtime.
-*/
-
-class BluetoothPolicy final : public AbstractPolicyProvider {
-public:
- struct Bluetooth : public GlobalPolicy<DataSetInt> {
- Bluetooth();
- bool apply(const DataType&) override;
- };
-
- struct DesktopConnectivity : public GlobalPolicy<DataSetInt> {
- DesktopConnectivity();
- bool apply(const DataType&) override;
- };
-
- struct Paring : public GlobalPolicy<DataSetInt> {
- Paring();
- bool apply(const DataType&) override;
- };
-
- struct Tethering : public GlobalPolicy<DataSetInt> {
- Tethering();
- bool apply(const DataType&) override;
- };
-
- BluetoothPolicy();
- ~BluetoothPolicy();
-
- BluetoothPolicy(const BluetoothPolicy&) = delete;
- BluetoothPolicy& operator=(const BluetoothPolicy&) = delete;
-
-/* TODO: Support move semantic from parent class (GlobalPolicy)
- BluetoothPolicy(BluetoothPolicy&&) noexcept;
- BluetoothPolicy& operator=(BluetoothPolicy&&) noexcept;
-*/
- void setBluetooth(bool enable);
- bool getBluetooth(void);
-
- void setDesktopConnectivity(bool enable);
- bool getDesktopConnectivity(void);
-
- void setParing(bool enable);
- bool getParing(void);
-
- void setTethering(bool enable);
- bool getTethering(void);
-
- static void onConnection(int result, bt_adapter_state_e state, void *user_data);
-
- static const std::string PRIVILEGE;
-
-private:
- Bluetooth bluetooth;
- DesktopConnectivity desktopConnectivity;
- Paring Paring;
- Tethering tethering;
-
-};
-
-} // namespace osquery
+++ /dev/null
-/*
- * Copyright (c) 2019 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License
- */
-
-#include <gtest/gtest.h>
-
-#include <osquery/logger.h>
-
-#include "../wifi_policy.h"
-
-class WifiPolicyTests : public testing::Test {};
-
-using namespace osquery;
-
-TEST_F(WifiPolicyTests, Wifi) {
- WifiPolicy policy;
- policy.setWifi(true);
- EXPECT_EQ(policy.getWifi(), true);
-
- policy.setWifi(false);
- EXPECT_EQ(policy.getWifi(), false);
-}
-
-TEST_F(WifiPolicyTests, Profile) {
- WifiPolicy policy;
- policy.setProfile(true);
- EXPECT_EQ(policy.getProfile(), true);
-
- policy.setProfile(false);
- EXPECT_EQ(policy.getProfile(), false);
-}
-
-TEST_F(WifiPolicyTests, Hotspot) {
- WifiPolicy policy;
- policy.setHotspot(true);
- EXPECT_EQ(policy.getHotspot(), true);
-
- policy.setHotspot(false);
- EXPECT_EQ(policy.getHotspot(), false);
-}
+++ /dev/null
-/*
- * Copyright (c) 2019 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License
- */
-
-#pragma once
-
-#include <string>
-
-/// TODO(Sangwan): Move rmi header to policy-model
-#include <klay/rmi/service.h>
-#include <dpm/pil/policy-model.h>
-
-namespace osquery {
-
-/*
- TODO List:
- 1. Change VLOG to LOG(ERROR).
- 2. Make sure that privilege model works with cynara.
- 3. Consider policy-violation model.
- 4. Unify exeception handling among getter/setter APIs.
- 5. Verify with full-DPM at runtime.
-*/
-
-class UsbPolicy final : public AbstractPolicyProvider {
-public:
- /// usb-client
- struct Usb : public GlobalPolicy<DataSetInt> {
- Usb();
- bool apply(const DataType&) override;
- };
-
- struct Debugging : public GlobalPolicy<DataSetInt> {
- Debugging();
- bool apply(const DataType&) override;
- };
-
- struct Tethering : public GlobalPolicy<DataSetInt> {
- Tethering();
- bool apply(const DataType&) override;
- };
-
- UsbPolicy() = default;
- ~UsbPolicy() = default;
-
- UsbPolicy(const UsbPolicy&) = delete;
- UsbPolicy& operator=(const UsbPolicy&) = delete;
-
-/* TODO: Support move semantic from parent class (GlobalPolicy)
- UsbPolicy(UsbPolicy&&) noexcept;
- UsbPolicy& operator=(UsbPolicy&&) noexcept;
-*/
- void setUsb(bool enable);
- bool getUsb(void);
-
- void setDebugging(bool enable);
- bool getDebugging(void);
-
- void setTethering(bool enable);
- bool getTethering(void);
-
- static const std::string PRIVILEGE;
-
-private:
- Usb Usb;
- Debugging debugging;
- Tethering tethering;
-};
-
-} // namespace osquery
+++ /dev/null
-/*
- * Copyright (c) 2019 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or ManagerImplied.
- * See the License for the specific language governing permissions and
- * limitations under the License
- */
-
-#include "wifi_policy.h"
-
-/// TODO: Resolve macro ERROR conflicts.
-#define GLOG_NO_ABBREVIATED_SEVERITIES
-#include <osquery/logger.h>
-
-#include <dpm/pil/policy-event.h>
-#include <klay/dbus/connection.h>
-
-namespace {
-
-const std::string NETCONFIG_BUSNAME = "net.netconfig";
-const std::string NETCONFIG_OBJECT = "net/netconfig/network";
-const std::string NETCONFIG_INTERFACE = "net.netconfig.network";
-
-} // anonymous namespace
-
-namespace osquery {
-
-const std::string WifiPolicy::PRIVILEGE = "http://tizen.org/privilege/dpm.wifi";
-
-WifiPolicy::Wifi::Wifi() : GlobalPolicy("wifi")
-{
- PolicyEventNotifier::create("wifi");
-}
-
-bool WifiPolicy::Wifi::apply(const DataType& value) try
-{
- int enable = value;
- klay::dbus::Connection &systemDBus = klay::dbus::Connection::getSystem();
- systemDBus.methodcall(NETCONFIG_BUSNAME,
- NETCONFIG_OBJECT,
- NETCONFIG_INTERFACE,
- "DevicePolicySetWifi",
- -1,
- "",
- "(i)",
- enable);
- PolicyEventNotifier::emit("wifi", enable ? "allowed" : "disallowed");
- return true;
-} catch (runtime::Exception& e)
-{
- VLOG(1) << "Failed to change Wi-Fi state";
- return false;
-}
-
-WifiPolicy::Profile::Profile() : GlobalPolicy("wifi-profile-change")
-{
- PolicyEventNotifier::create("wifi_profile_change");
-}
-
-bool WifiPolicy::Profile::apply(const DataType& value) try
-{
- int enable = value;
- klay::dbus::Connection &systemDBus = klay::dbus::Connection::getSystem();
- systemDBus.methodcall(NETCONFIG_BUSNAME,
- NETCONFIG_OBJECT,
- NETCONFIG_INTERFACE,
- "DevicePolicySetWifiProfile",
- -1,
- "",
- "(i)",
- enable);
- PolicyEventNotifier::emit("wifi_profile_change", enable ? "allowed" : "disallowed");
- return true;
-} catch (runtime::Exception& e)
-{
- VLOG(1) << "Failed to change Profile state";
- return false;
-}
-
-WifiPolicy::Hotspot::Hotspot() : GlobalPolicy("wifi-hotspot")
-{
- PolicyEventNotifier::create("wifi_hotspot");
-}
-
-bool WifiPolicy::Hotspot::apply(const DataType& value) try
-{
- int enable = value;
- PolicyEventNotifier::emit("wifi_hotspot", enable ? "allowed" : "disallowed");
- return true;
-} catch (runtime::Exception& e)
-{
- VLOG(1) << "Failed to change Hotspot state";
- return false;
-}
-
-WifiPolicy::WifiPolicy()
-{
- int ret = ::wifi_manager_initialize(&handle);
- if (ret != WIFI_MANAGER_ERROR_NONE) {
- if (ret == WIFI_MANAGER_ERROR_NOT_SUPPORTED)
- throw std::runtime_error("WiFi Manager isn't supported.");
-
- throw std::runtime_error("WiFi Manager initialization failed");
- }
-
- ret = ::wifi_manager_set_connection_state_changed_cb(handle, &onConnection, nullptr);
- if (ret != WIFI_MANAGER_ERROR_NONE)
- VLOG(1) << "WiFi Manager set connection state changed callback failed";
-}
-
-WifiPolicy::~WifiPolicy()
-{
- ::wifi_manager_unset_connection_state_changed_cb(handle);
- ::wifi_manager_deinitialize(handle);
-}
-
-void WifiPolicy::onConnection(wifi_manager_connection_state_e state,
- wifi_manager_ap_h ap,
- void *user_data)
-{
- /// TODO: This section is able to check policy violation.
- if (state == WIFI_MANAGER_CONNECTION_STATE_FAILURE ||
- state == WIFI_MANAGER_CONNECTION_STATE_DISCONNECTED)
- return;
-}
-
-void WifiPolicy::setWifi(bool enable)
-{
- wifi.set(enable);
-}
-
-bool WifiPolicy::getWifi()
-{
- return wifi.get();
-}
-
-void WifiPolicy::setProfile(bool enable)
-{
- profile.set(enable);
-}
-
-bool WifiPolicy::getProfile()
-{
- return profile.get();
-}
-
-void WifiPolicy::setHotspot(bool enable)
-{
- hotspot.set(enable);
-}
-
-bool WifiPolicy::getHotspot()
-{
- return hotspot.get();
-}
-
-} // namespace osquery
+++ /dev/null
-/*
- * Copyright (c) 2019 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License
- */
-
-#pragma once
-
-#include <string>
-#include <stdexcept>
-
-#include <wifi-manager.h>
-
-/// TODO(Sangwan): Move rmi header to policy-model
-#include <klay/rmi/service.h>
-#include <dpm/pil/policy-model.h>
-
-namespace osquery {
-
-/*
- TODO List:
- 1. Change VLOG to LOG(ERROR).
- 2. Make sure that privilege model works with cynara.
- 3. Consider policy-violation model.
- 4. Unify exeception handling among getter/setter APIs.
- 5. Verify with full-DPM at runtime.
-*/
-
-class WifiPolicy final : public AbstractPolicyProvider {
-public:
- struct Wifi : public GlobalPolicy<DataSetInt> {
- Wifi();
- bool apply(const DataType&) override;
- };
-
- struct Profile : public GlobalPolicy<DataSetInt> {
- Profile();
- bool apply(const DataType&) override;
- };
-
- struct Hotspot : public GlobalPolicy<DataSetInt> {
- Hotspot();
- bool apply(const DataType&) override;
- };
-
- WifiPolicy();
- ~WifiPolicy();
-
- WifiPolicy(const WifiPolicy&) = delete;
- WifiPolicy& operator=(const WifiPolicy&) = delete;
-
-/* TODO: Support move semantic from parent class (GlobalPolicy)
- WifiPolicy(WifiPolicy&&) noexcept;
- WifiPolicy& operator=(WifiPolicy&&) noexcept;
-*/
- void setWifi(bool enable);
- bool getWifi(void);
-
- void setProfile(bool enable);
- bool getProfile(void);
-
- void setHotspot(bool enable);
- bool getHotspot(void);
-
- static void onConnection(wifi_manager_connection_state_e state,
- wifi_manager_ap_h ap,
- void *user_data);
-
- static const std::string PRIVILEGE;
-
-private:
- Wifi wifi;
- Profile profile;
- Hotspot hotspot;
-
- wifi_manager_h handle;
-};
-
-} // namespace osquery
--- /dev/null
+/*
+ * Copyright (c) 2019 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+/*
+ * @file bluetooth_policy.cpp
+ * @author Sangwan Kwon (sangwan.kwon@samsung.com)
+ * @brief Implementation of bluetooth_policy table
+ */
+
+#include <string>
+#include <memory>
+#include <stdexcept>
+
+#include <osquery/sql.h>
+#include <osquery/logger.h>
+#include <osquery/tables.h>
+
+#include <dpm/device-policy-manager.h>
+#include <dpm/pil/policy-client.h>
+
+namespace osquery {
+namespace tables {
+
+QueryData genBluetoothPolicy(QueryContext& context) try {
+ std::shared_ptr<void> handle(dpm_manager_create(), dpm_manager_destroy);
+ if (handle == nullptr)
+ throw std::runtime_error("Cannot create dpm-client handle.");
+
+ /// This status is defined at DPM
+ ::Status<bool> status { true };
+ Row r;
+
+ DevicePolicyClient &client = GetDevicePolicyClient(handle.get());
+ status = client.methodCall<bool>("Bluetooth::getModeChangeState");
+ r["mode_change_state"] = INTEGER(status.get());
+
+ status = client.methodCall<bool>("Bluetooth::getDesktopConnectivityState");
+ r["desktop_connectivity_state"] = INTEGER(status.get());
+
+ status = client.methodCall<bool>("Bluetooth::getTetheringState");
+ r["tethering_state"] = INTEGER(status.get());
+
+ status = client.methodCall<bool>("Bluetooth::getPairingState");
+ r["paring_state"] = INTEGER(status.get());
+
+ return { r };
+} catch (...) {
+// TODO(Sangwan): Resolve duplicated "ERROR" macro with DPM
+// LOG(ERROR) << "Exception occured";
+ Row r;
+ return { r };
+}
+
+} // namespace tables
+} // namespace osquery
--- /dev/null
+/*
+ * Copyright (c) 2019 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+
+#include <gtest/gtest.h>
+
+#include <osquery/sql.h>
+#include <osquery/logger.h>
+
+#include <dpm/device-policy-manager.h>
+#include <dpm/pil/policy-client.h>
+
+class PolicyTests : public testing::Test {};
+
+using namespace osquery;
+
+TEST_F(PolicyTests, Bluetooth) {
+ std::shared_ptr<void> handle(dpm_manager_create(), dpm_manager_destroy);
+ if (handle == nullptr)
+ throw std::runtime_error("Cannot create dpm-client handle.");
+
+ ::Status<bool> status { true };
+
+ DevicePolicyClient &client = GetDevicePolicyClient(handle.get());
+ status = client.methodCall<bool>("Bluetooth::getModeChangeState");
+ EXPECT_EQ(true, status.get());
+
+ status = client.methodCall<bool>("Bluetooth::getDesktopConnectivityState");
+ EXPECT_EQ(true, status.get());
+
+ status = client.methodCall<bool>("Bluetooth::getTetheringState");
+ EXPECT_EQ(true, status.get());
+
+ status = client.methodCall<bool>("Bluetooth::getPairingState");
+ EXPECT_EQ(true, status.get());
+}
+
+TEST_F(PolicyTests, Wifi) {
+ std::shared_ptr<void> handle(dpm_manager_create(), dpm_manager_destroy);
+ if (handle == nullptr)
+ throw std::runtime_error("Cannot create dpm-client handle.");
+
+ ::Status<bool> status { true };
+
+ DevicePolicyClient &client = GetDevicePolicyClient(handle.get());
+ status = client.methodCall<bool>("Wifi::getState");
+ EXPECT_EQ(true, status.get());
+
+ status = client.methodCall<bool>("Wifi::isProfileChangeRestricted");
+ EXPECT_EQ(true, status.get());
+
+ status = client.methodCall<bool>("Wifi::getHotspotState");
+ EXPECT_EQ(true, status.get());
+}
+
+TEST_F(PolicyTests, Usb) {
+ std::shared_ptr<void> handle(dpm_manager_create(), dpm_manager_destroy);
+ if (handle == nullptr)
+ throw std::runtime_error("Cannot create dpm-client handle.");
+
+ ::Status<bool> status { true };
+
+ DevicePolicyClient &client = GetDevicePolicyClient(handle.get());
+ status = client.methodCall<bool>("Usb::getDebuggingState");
+ EXPECT_EQ(true, status.get());
+
+ status = client.methodCall<bool>("Usb::getTetheringState");
+ EXPECT_EQ(true, status.get());
+
+ status = client.methodCall<bool>("Usb::getClientState");
+ EXPECT_EQ(true, status.get());
+}
--- /dev/null
+/*
+ * Copyright (c) 2019 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+/*
+ * @file usb_policy.cpp
+ * @author Sangwan Kwon (sangwan.kwon@samsung.com)
+ * @brief Implementation of usb_policy table
+ */
+
+#include <string>
+#include <memory>
+#include <stdexcept>
+
+#include <osquery/sql.h>
+#include <osquery/logger.h>
+#include <osquery/tables.h>
+
+#include <dpm/device-policy-manager.h>
+#include <dpm/pil/policy-client.h>
+
+namespace osquery {
+namespace tables {
+
+QueryData genUsbPolicy(QueryContext& context) try {
+ std::shared_ptr<void> handle(dpm_manager_create(), dpm_manager_destroy);
+ if (handle == nullptr)
+ throw std::runtime_error("Cannot create dpm-client handle.");
+
+ /// This status is defined at DPM
+ ::Status<bool> status { true };
+ Row r;
+
+ DevicePolicyClient &client = GetDevicePolicyClient(handle.get());
+ status = client.methodCall<bool>("Usb::getDebuggingState");
+ r["usb_debugging"] = INTEGER(status.get());
+
+ status = client.methodCall<bool>("Usb::getTetheringState");
+ r["usb_tethering"] = INTEGER(status.get());
+
+ status = client.methodCall<bool>("Usb::getClientState");
+ r["usb_client"] = INTEGER(status.get());
+
+ return { r };
+} catch (...) {
+// TODO(Sangwan): Resolve duplicated "ERROR" macro with DPM
+ Row r;
+ return { r };
+}
+
+} // namespace tables
+} // namespace osquery
/*
* @file wifi_policy.cpp
* @author Sangwan Kwon (sangwan.kwon@samsung.com)
- * @brief Implementation of wifi-policy table
+ * @brief Implementation of wifi_policy table
*/
#include <string>
namespace osquery {
namespace tables {
-/*
- TODO List
- 1. Migrate full DPM.
- 2. Expose client API.
- 3. Verfy below code.
-*/
-
QueryData genWifiPolicy(QueryContext& context) try {
std::shared_ptr<void> handle(dpm_manager_create(), dpm_manager_destroy);
if (handle == nullptr)
Row r;
DevicePolicyClient &client = GetDevicePolicyClient(handle.get());
- status = client.methodCall<bool>("Wifi::getWifi");
+ status = client.methodCall<bool>("Wifi::getState");
r["wifi"] = INTEGER(status.get());
- status = client.methodCall<bool>("Wifi::getProfile");
- r["profile"] = INTEGER(status.get());
+ status = client.methodCall<bool>("Wifi::isProfileChangeRestricted");
+ r["wifi_profile_change"] = INTEGER(status.get());
- status = client.methodCall<bool>("Wifi::getHotspot");
- r["hotspot"] = INTEGER(status.get());
+ status = client.methodCall<bool>("Wifi::getHotspotState");
+ r["wifi_hotspot"] = INTEGER(status.get());
return { r };
} catch (...) {
// TODO(Sangwan): Resolve duplicated "ERROR" macro with DPM
-// LOG(ERROR) << "Exception occured while getting wifi-policy" << s.toString();
Row r;
return { r };
}
--- /dev/null
+<manifest>
+ <request>
+ <domain name="_"/>
+ </request>
+</manifest>
Requires: procps-ng
Requires: libsystemd
Requires: iptables
-### Tizen dependencies
-BuildRequires: pkgconfig(buxton2)
-BuildRequires: pkgconfig(klay)
-BuildRequires: pkgconfig(dpm-pil)
-BuildRequires: pkgconfig(capi-network-wifi-manager)
-BuildRequires: pkgconfig(capi-network-connection)
-BuildRequires: pkgconfig(capi-system-info)
-BuildRequires: pkgconfig(capi-base-common)
%description
Osquery exposes an operating system as a high-performance relational database.
%{!?build_type:%define build_type "RELEASE"}
%cmake . -DCMAKE_BUILD_TYPE=%{build_type} \
-DOSQUERY_BUILD_VERSION=%{version} \
- -DGBS_BUILD="TRUE"
+ -DGBS_BUILD="TRUE" \
+ -DPLUGIN_INSTALL_DIR=%{_libdir}/dpm/plugins
make %{?jobs:-j%jobs}
%files test
%manifest %{name}.manifest
%{_bindir}/osquery-test
+
+## DPM Plugins - ############################################################
+%package plugins
+Summary: DPM plugins
+Group: Security/Other
+## Common
+BuildRequires: pkgconfig(buxton2)
+BuildRequires: pkgconfig(dlog)
+BuildRequires: pkgconfig(klay)
+BuildRequires: pkgconfig(dpm-pil)
+BuildRequires: pkgconfig(capi-system-info)
+BuildRequires: pkgconfig(capi-base-common)
+
+## Bluetooth
+BuildRequires: pkgconfig(bluetooth-api)
+BuildRequires: pkgconfig(capi-network-bluetooth)
+
+## Wifi
+BuildRequires: pkgconfig(capi-network-wifi-manager)
+BuildRequires: pkgconfig(capi-network-connection)
+
+%description plugins
+Provides plugins for device policy manager
+
+%files plugins
+%manifest packaging/%{name}-plugins.manifest
+%{_libdir}/dpm/plugins/bluetooth
+%{_libdir}/dpm/plugins/usb
+%{_libdir}/dpm/plugins/wifi
--- /dev/null
+# Copyright (c) 2019 Samsung Electronics Co., Ltd All Rights Reserved
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+INCLUDE(FindPkgConfig)
+
+ADD_SUBDIRECTORY(bluetooth)
+ADD_SUBDIRECTORY(usb)
+ADD_SUBDIRECTORY(wifi)
--- /dev/null
+# Copyright (c) 2019 Samsung Electronics Co., Ltd All Rights Reserved
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+SET(TARGET "dpm-plugin-bluetooth")
+
+SET(PLUGIN_SOURCES "bluetooth.cpp")
+
+SET(DEPENDENCY klay
+ dpm-pil
+ bluetooth-api
+ capi-network-bluetooth)
+
+PKG_CHECK_MODULES(PLUGIN_DEPS REQUIRED ${DEPENDENCY})
+
+SET(CMAKE_SHARED_LINKER_FLAGS "${CMAKE_SHARED_LINKER_FLAGS} -Wl,-z,noexecstack")
+
+ADD_LIBRARY(${TARGET} SHARED ${PLUGIN_SOURCES})
+SET_TARGET_PROPERTIES(${TARGET} PROPERTIES COMPILE_FLAGS "-fvisibility=default")
+INCLUDE_DIRECTORIES(SYSTEM ${PLUGIN_DEPS_INCLUDE_DIRS})
+TARGET_LINK_LIBRARIES(${TARGET} ${PLUGIN_DEPS_LIBRARIES})
+
+INSTALL(FILES libdpm-plugin-bluetooth.so
+ RENAME bluetooth
+ DESTINATION ${PLUGIN_INSTALL_DIR})
--- /dev/null
+/*
+ * Copyright (c) 2019 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+
+#include <bluetooth.h>
+#include <bluetooth-api.h>
+#include <bluetooth_internal.h>
+
+#include <dpm/pil/policy-context.h>
+#include <dpm/pil/policy-model.h>
+#include <dpm/pil/policy-storage.h>
+#include <dpm/pil/policy-event.h>
+
+#include "../dlog.h"
+
+#define BT_FAILED(ret) \
+ (((int)(ret) == BLUETOOTH_DPM_RESULT_ACCESS_DENIED) || \
+ ((int)(ret) == BLUETOOTH_DPM_RESULT_FAIL))
+
+#define POLICY_IS_ALLOWED(enable) \
+ ((int)(enable) ? BLUETOOTH_DPM_ALLOWED : \
+ BLUETOOTH_DPM_RESTRICTED)
+
+#define STATE_CHANGE_IS_ALLOWED(enable) \
+ ((int)(enable) ? BLUETOOTH_DPM_BT_ALLOWED : \
+ BLUETOOTH_DPM_BT_RESTRICTED)
+
+namespace {
+
+inline int canonicalize(int value)
+{
+ return -value;
+}
+
+} // namespace
+
+class ModeChange : public GlobalPolicy<DataSetInt> {
+public:
+ ModeChange() : GlobalPolicy("bluetooth")
+ {
+ PolicyEventNotifier::create("bluetooth");
+ }
+
+ bool apply(const DataType& value)
+ {
+ int ret = bluetooth_dpm_set_allow_mode(STATE_CHANGE_IS_ALLOWED(value));
+ if (!BT_FAILED(ret)) {
+ int enable = value;
+ PolicyEventNotifier::emit("bluetooth", enable ? "allowed" : "disallowed");
+ return true;
+ }
+ return false;
+ }
+};
+
+class DesktopConnectivity : public GlobalPolicy<DataSetInt> {
+public:
+ DesktopConnectivity() : GlobalPolicy("bluetooth-desktop-connectivity")
+ {
+ PolicyEventNotifier::create("bluetooth_desktop_connectivity");
+ }
+
+ bool apply(const DataType & value)
+ {
+ int ret = bluetooth_dpm_set_desktop_connectivity_state(POLICY_IS_ALLOWED(value));
+ if (!BT_FAILED(ret)) {
+ int enable = value;
+ PolicyEventNotifier::emit("bluetooth_desktop_connectivity",
+ enable ? "allowed" : "disallowed");
+ return true;
+ }
+ return false;
+ }
+};
+
+class Pairing: public GlobalPolicy<DataSetInt> {
+public:
+ Pairing() : GlobalPolicy("bluetooth-pairing")
+ {
+ PolicyEventNotifier::create("bluetooth_pairing");
+ }
+
+ bool apply(const DataType& value)
+ {
+ int ret = bluetooth_dpm_set_pairing_state(POLICY_IS_ALLOWED(value));
+ if (!BT_FAILED(ret)) {
+ int enable = value;
+ PolicyEventNotifier::emit("bluetooth_pairing",
+ enable ? "allowed" : "disallowed");
+ return true;
+ }
+ return false;
+ }
+};
+
+class Tethering: public GlobalPolicy<DataSetInt> {
+public:
+ Tethering() : GlobalPolicy("bluetooth-tethering")
+ {
+ PolicyEventNotifier::create("bluetooth_tethering");
+ }
+
+ bool apply(const DataType& value)
+ {
+ int enable = value;
+ PolicyEventNotifier::emit("bluetooth_tethering",
+ enable ? "allowed" : "disallowed");
+ return true;
+ }
+};
+
+class Bluetooth : public AbstractPolicyProvider {
+public:
+ Bluetooth();
+ ~Bluetooth();
+
+ int setModeChangeState(bool enable);
+ bool getModeChangeState();
+ int setDesktopConnectivityState(bool enable);
+ bool getDesktopConnectivityState();
+ int setTetheringState(bool enable);
+ bool getTetheringState();
+ int setPairingState(bool enable);
+ bool getPairingState();
+
+private:
+ static void onStateChanged(int result, bt_adapter_state_e state, void *user_data);
+
+private:
+ ModeChange modeChange;
+ DesktopConnectivity connectivity;
+ Pairing pairing;
+ Tethering tethering;
+};
+
+Bluetooth::Bluetooth()
+{
+ if (::bt_initialize() != BT_ERROR_NONE) {
+ ERROR(PLUGINS, "Bluetooth framework was not initilaized");
+ return;
+ }
+
+ if (::bt_adapter_set_state_changed_cb(onStateChanged, this) != BT_ERROR_NONE) {
+ ERROR(PLUGINS, "Failed to register Bluetooth callback");
+ return;
+ }
+}
+
+Bluetooth::~Bluetooth()
+{
+ ::bt_deinitialize();
+}
+
+void Bluetooth::onStateChanged(int result, bt_adapter_state_e state, void *user_data)
+{
+ Bluetooth *pimpl = reinterpret_cast<Bluetooth *>(user_data);
+ if (pimpl != nullptr && state == BT_ADAPTER_ENABLED) {
+// pimpl->modeChange.apply();
+// pimpl->desktopConnectivity.apply();
+// pimpl->pairing.apply();
+// pimpl->deviceRestriction.enforce();
+// pimpl->uuidRestriction.enforce();
+ }
+}
+
+int Bluetooth::setModeChangeState(bool enable)
+{
+ try {
+ modeChange.set(enable);
+ } catch (runtime::Exception& e) {
+ ERROR(PLUGINS, "Exception: " << e.what());
+ return -1;
+ }
+
+ return 0;
+}
+
+bool Bluetooth::getModeChangeState()
+{
+ return modeChange.get();
+}
+
+int Bluetooth::setDesktopConnectivityState(bool enable)
+{
+ try {
+ connectivity.set(enable);
+ } catch (runtime::Exception& e) {
+ ERROR(PLUGINS, "Exception: " << e.what());
+ return -1;
+ }
+
+ return 0;
+}
+
+bool Bluetooth::getDesktopConnectivityState()
+{
+ return connectivity.get();
+}
+
+int Bluetooth::setPairingState(bool enable)
+{
+ try {
+ pairing.set(enable);
+ } catch (runtime::Exception& e) {
+ ERROR(PLUGINS, "Exception: " << e.what());
+ return -1;
+ }
+
+ return 0;
+}
+
+bool Bluetooth::getPairingState()
+{
+ return pairing.get();
+}
+
+int Bluetooth::setTetheringState(bool enable)
+{
+ try {
+ tethering.set(enable);
+ } catch (runtime::Exception& e) {
+ ERROR(PLUGINS, "Exception " << e.what());
+ return -1;
+ }
+
+ return 0;
+}
+
+bool Bluetooth::getTetheringState()
+{
+ return tethering.get();
+}
+
+
+extern "C" {
+
+#define PRIVILEGE "http://tizen.org/privilege/dpm.bluetooth"
+
+AbstractPolicyProvider *PolicyFactory(PolicyControlContext& context)
+{
+ INFO(PLUGINS, "Bluetooth plugin loaded");
+ Bluetooth *policy = new Bluetooth();
+
+ context.expose(policy, PRIVILEGE, (int)(Bluetooth::setModeChangeState)(bool));
+ context.expose(policy, PRIVILEGE, (int)(Bluetooth::setDesktopConnectivityState)(bool));
+ context.expose(policy, PRIVILEGE, (int)(Bluetooth::setTetheringState)(bool));
+ context.expose(policy, PRIVILEGE, (int)(Bluetooth::setPairingState)(bool));
+
+ context.expose(policy, "", (bool)(Bluetooth::getModeChangeState)());
+ context.expose(policy, "", (bool)(Bluetooth::getDesktopConnectivityState)());
+ context.expose(policy, "", (bool)(Bluetooth::getTetheringState)());
+ context.expose(policy, "", (bool)(Bluetooth::getPairingState)());
+
+ return policy;
+}
+
+} // extern "C"
--- /dev/null
+/*
+ * Copyright (c) 2019 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or DLogied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+
+#pragma once
+
+#include <klay/audit/logger.h>
+#include <klay/audit/dlog-sink.h>
+
+#define PLUGINS osquery::DLog::getSink()
+
+namespace osquery {
+
+class DLog final {
+public:
+ DLog(const DLog&) = delete;
+ DLog& operator=(const DLog&) = delete;
+
+ DLog(DLog&&) noexcept = default;
+ DLog& operator=(DLog&&) noexcept = default;
+
+ static inline DLog& instance()
+ {
+ static DLog dlog;
+ return dlog;
+ }
+
+ static inline audit::LogSink* getSink()
+ {
+ return DLog::instance().logSink.get();
+ }
+
+private:
+ DLog()
+ {
+ auto dlog = new audit::DlogLogSink("DPM_PLUGIN");
+ this->logSink.reset(dynamic_cast<audit::LogSink*>(dlog));
+ }
+ ~DLog() noexcept = default;
+
+ std::unique_ptr<audit::LogSink> logSink;
+};
+
+} // namespace osquery
--- /dev/null
+# Copyright (c) 2019 Samsung Electronics Co., Ltd All Rights Reserved
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+SET(TARGET "dpm-plugin-usb")
+
+SET(PLUGIN_SOURCES "usb.cpp")
+
+SET(DEPENDENCY klay
+ dpm-pil)
+
+PKG_CHECK_MODULES(PLUGIN_DEPS REQUIRED ${DEPENDENCY})
+
+SET (CMAKE_SHARED_LINKER_FLAGS "${CMAKE_SHARED_LINKER_FLAGS} -Wl,-z,noexecstack")
+
+ADD_LIBRARY(${TARGET} SHARED ${PLUGIN_SOURCES})
+SET_TARGET_PROPERTIES(${TARGET} PROPERTIES COMPILE_FLAGS "-fvisibility=default")
+INCLUDE_DIRECTORIES(SYSTEM ${PLUGIN_DEPS_INCLUDE_DIRS})
+TARGET_LINK_LIBRARIES(${TARGET} ${PLUGIN_DEPS_LIBRARIES})
+
+INSTALL(FILES libdpm-plugin-usb.so
+ RENAME usb
+ DESTINATION ${PLUGIN_INSTALL_DIR})
--- /dev/null
+/*
+ * Copyright (c) 2019 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+
+#include <dpm/pil/policy-context.h>
+#include <dpm/pil/policy-model.h>
+#include <dpm/pil/policy-storage.h>
+#include <dpm/pil/policy-event.h>
+#include <dpm/pil/app-bundle.h>
+#include <dpm/pil/launchpad.h>
+
+#include <klay/auth/user.h>
+#include <klay/dbus/variant.h>
+#include <klay/dbus/connection.h>
+
+#include <tzplatform_config.h>
+
+#include "../dlog.h"
+
+#define DEVICED_SYSNOTI_INTERFACE \
+ "org.tizen.system.deviced", \
+ "/Org/Tizen/System/DeviceD/SysNoti", \
+ "org.tizen.system.deviced.SysNoti", \
+ "control"
+
+class DebuggingMode : public GlobalPolicy<DataSetInt> {
+public:
+ DebuggingMode() : GlobalPolicy("usb-debugging")
+ {
+ PolicyEventNotifier::create("usb_debugging");
+ }
+
+ bool apply(const DataType& value)
+ {
+ int enable = value;
+ PolicyEventNotifier::emit("usb_debugging", enable ? "allowed" : "disallowed");
+ return true;
+ }
+};
+
+class Tethering : public GlobalPolicy<DataSetInt> {
+public:
+ Tethering() : GlobalPolicy("usb-tethering")
+ {
+ PolicyEventNotifier::create("usb_tethering");
+ }
+
+ bool apply(const DataType& value)
+ {
+ int enable = value;
+ PolicyEventNotifier::emit("usb_tethering", enable ? "allowed" : "disallowed");
+ return true;
+ }
+};
+
+class Client : public GlobalPolicy<DataSetInt> {
+public:
+ Client() : GlobalPolicy("usb-client")
+ {
+ PolicyEventNotifier::create("usb_client");
+ sendDbusSignal();
+ }
+
+ bool apply(const DataType& value)
+ {
+ int ret;
+ int enable = value;
+
+ try {
+ std::string pid(std::to_string(::getpid()));
+ std::string state(std::to_string(enable));
+ dbus::Connection &systemDBus = dbus::Connection::getSystem();
+ systemDBus.methodcall(DEVICED_SYSNOTI_INTERFACE,
+ -1, "(i)", "(sisss)",
+ "control", 3, pid.c_str(), "1", state.c_str()).get("(i)", &ret);
+ } catch(runtime::Exception& e) {
+ ERROR(PLUGINS, "Failed to enforce usb client");
+ return false;
+ }
+
+ if (ret == 0) {
+ PolicyEventNotifier::emit("usb_client", enable ? "allowed" : "disallowed");
+ return true;
+ }
+
+ return false;
+ }
+
+ void sendDbusSignal(void)
+ {
+ int ret;
+ int enable = get().value;
+
+ try {
+ std::string pid(std::to_string(::getpid()));
+ std::string state(std::to_string(enable));
+ dbus::Connection &systemDBus = dbus::Connection::getSystem();
+ systemDBus.methodcall(DEVICED_SYSNOTI_INTERFACE,
+ -1, "(i)", "(sisss)",
+ "control", 3, pid.c_str(), "1", state.c_str()).get("(i)", &ret);
+ } catch(runtime::Exception& e) {
+ ERROR(PLUGINS, "Failed to enforce usb client");
+ }
+ }
+};
+
+class Usb : public AbstractPolicyProvider {
+public:
+ int setDebuggingState(bool enable);
+ bool getDebuggingState();
+
+ int setTetheringState(bool enable);
+ bool getTetheringState();
+
+ int setClientState(bool enable);
+ bool getClientState();
+
+private:
+ DebuggingMode debugging;
+ Tethering tethering;
+ Client client;
+};
+
+int Usb::setDebuggingState(bool enable)
+{
+ try {
+ debugging.set(enable);
+ } catch (runtime::Exception& e) {
+ ERROR(PLUGINS, e.what());
+ return -1;
+ }
+
+ return 0;
+}
+
+bool Usb::getDebuggingState()
+{
+ return debugging.get();
+}
+
+int Usb::setTetheringState(bool enable)
+{
+ try {
+ tethering.set(enable);
+ } catch (runtime::Exception& e) {
+ ERROR(PLUGINS, e.what());
+ return -1;
+ }
+
+ return 0;
+}
+
+bool Usb::getTetheringState()
+{
+ return tethering.get();
+}
+
+int Usb::setClientState(bool enable)
+{
+ try {
+ client.set(enable);
+ } catch (runtime::Exception& e) {
+ ERROR(PLUGINS, e.what());
+ return -1;
+ }
+
+ return 0;
+}
+
+bool Usb::getClientState()
+{
+ return client.get();
+}
+
+extern "C" {
+
+#define PRIVILEGE_USB "http://tizen.org/privilege/dpm.usb"
+#define PRIVILEGE_DEBUGGING "http://tizen.org/privilege/dpm.debugging"
+
+AbstractPolicyProvider *PolicyFactory(PolicyControlContext& context)
+{
+ INFO(PLUGINS, "Usb plugin loaded");
+ Usb *policy = new Usb();
+
+ context.expose(policy, PRIVILEGE_DEBUGGING, (int)(Usb::setDebuggingState)(bool));
+ context.expose(policy, PRIVILEGE_USB, (int)(Usb::setTetheringState)(bool));
+ context.expose(policy, PRIVILEGE_USB, (int)(Usb::setClientState)(bool));
+
+ context.expose(policy, "", (bool)(Usb::getDebuggingState)());
+ context.expose(policy, "", (bool)(Usb::getTetheringState)());
+ context.expose(policy, "", (bool)(Usb::getClientState)());
+
+ return policy;
+}
+
+} // extern "C"
--- /dev/null
+# Copyright (c) 2019 Samsung Electronics Co., Ltd All Rights Reserved
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+SET(TARGET "dpm-plugin-wifi")
+
+SET(PLUGIN_SOURCES "wifi.cpp")
+
+SET(DEPENDENCY klay
+ dpm-pil
+ capi-network-wifi-manager
+ capi-network-connection)
+
+PKG_CHECK_MODULES(PLUGIN_DEPS REQUIRED ${DEPENDENCY})
+
+SET(CMAKE_SHARED_LINKER_FLAGS "${CMAKE_SHARED_LINKER_FLAGS} -Wl,-z,noexecstack")
+
+ADD_LIBRARY(${TARGET} SHARED ${PLUGIN_SOURCES})
+SET_TARGET_PROPERTIES(${TARGET} PROPERTIES COMPILE_FLAGS "-fvisibility=default")
+INCLUDE_DIRECTORIES(SYSTEM ${PLUGIN_DEPS_INCLUDE_DIRS})
+TARGET_LINK_LIBRARIES(${TARGET} ${PLUGIN_DEPS_LIBRARIES})
+
+INSTALL(FILES libdpm-plugin-wifi.so
+ RENAME wifi
+ DESTINATION ${PLUGIN_INSTALL_DIR})
--- /dev/null
+/*
+ * Copyright (c) 2019 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+
+#include <arpa/inet.h>
+
+#include <cstdlib>
+#include <functional>
+#include <unordered_set>
+
+#include <wifi-manager.h>
+
+#include <klay/dbus/connection.h>
+
+#include <dpm/pil/policy-context.h>
+#include <dpm/pil/policy-model.h>
+#include <dpm/pil/policy-storage.h>
+#include <dpm/pil/policy-event.h>
+
+#include "../dlog.h"
+
+#define NETCONFIG_INTERFACE \
+ "net.netconfig", \
+ "/net/netconfig/network", \
+ "net.netconfig.network"
+
+class ModeChange : public GlobalPolicy<DataSetInt> {
+public:
+ ModeChange() : GlobalPolicy("wifi")
+ {
+ PolicyEventNotifier::create("wifi");
+ }
+
+ bool apply(const DataType& value)
+ {
+ int enable = value;
+ try {
+ dbus::Connection &systemDBus = dbus::Connection::getSystem();
+ systemDBus.methodcall(NETCONFIG_INTERFACE,
+ "DevicePolicySetWifi",
+ -1,
+ "",
+ "(i)",
+ enable);
+ } catch (runtime::Exception& e) {
+ ERROR(PLUGINS, "Failed to chaneg Wi-Fi state");
+ return false;
+ }
+
+ PolicyEventNotifier::emit("wifi", enable ? "allowed" : "disallowed");
+ return true;
+ }
+};
+
+class ProfileChange : public GlobalPolicy<DataSetInt> {
+public:
+ ProfileChange() : GlobalPolicy("wifi-profile-change")
+ {
+ PolicyEventNotifier::create("wifi_profile_change");
+ }
+
+ bool apply(const DataType& value)
+ {
+ int enable = value;
+ try {
+ dbus::Connection &systemDBus = dbus::Connection::getSystem();
+ systemDBus.methodcall(NETCONFIG_INTERFACE,
+ "DevicePolicySetWifiProfile",
+ -1,
+ "",
+ "(i)",
+ enable);
+ } catch (runtime::Exception& e) {
+ ERROR(PLUGINS, "Failed to set Wi-Fi profile change restriction");
+ return false;
+ }
+ PolicyEventNotifier::emit("wifi_profile_change", enable ? "allowed" : "disallowed");
+ return true;
+ }
+};
+
+class Hotspot : public GlobalPolicy<DataSetInt> {
+public:
+ Hotspot() : GlobalPolicy("wifi-hotspot")
+ {
+ PolicyEventNotifier::create("wifi_hotspot");
+ }
+
+ bool apply(const DataType& value)
+ {
+ int enable = value;
+ PolicyEventNotifier::emit("wifi_hotspot", enable ? "allowed" : "disallowed");
+ return true;
+ }
+};
+
+class Wifi : public AbstractPolicyProvider {
+public:
+ Wifi();
+ ~Wifi();
+
+ int setState(bool enable);
+ bool getState();
+ int setHotspotState(bool enable);
+ bool getHotspotState();
+ int setProfileChangeRestriction(bool enable);
+ bool isProfileChangeRestricted();
+
+ static void onConnectionStateChanged(wifi_manager_connection_state_e state,
+ wifi_manager_ap_h ap, void *user_data);
+
+private:
+ wifi_manager_h handle;
+
+ ModeChange modeChange;
+ ProfileChange profileChange;
+ Hotspot hotspot;
+};
+
+
+Wifi::Wifi() : handle(nullptr)
+{
+ int ret = 0;
+
+ ret = ::wifi_manager_initialize(&handle);
+ if (ret != WIFI_MANAGER_ERROR_NONE) {
+ if (ret == WIFI_MANAGER_ERROR_NOT_SUPPORTED) {
+ return;
+ }
+ throw runtime::Exception("WiFi Manager initialization failed");
+ }
+
+ ret = ::wifi_manager_set_connection_state_changed_cb(handle, &onConnectionStateChanged, this);
+ if (ret != WIFI_MANAGER_ERROR_NONE) {
+ throw runtime::Exception("WiFi Manager set connection state changed callback failed");
+ }
+}
+
+Wifi::~Wifi()
+{
+ if (handle) {
+ ::wifi_manager_unset_connection_state_changed_cb(handle);
+ ::wifi_manager_deinitialize(handle);
+ }
+}
+
+void Wifi::onConnectionStateChanged(wifi_manager_connection_state_e state,
+ wifi_manager_ap_h ap, void *user_data)
+{
+ if (state == WIFI_MANAGER_CONNECTION_STATE_FAILURE ||
+ state == WIFI_MANAGER_CONNECTION_STATE_DISCONNECTED) {
+ return;
+ }
+}
+
+int Wifi::setState(bool enable)
+{
+ try {
+ modeChange.set(enable);
+ } catch (runtime::Exception& e) {
+ ERROR(PLUGINS, e.what());
+ return -1;
+ }
+
+ return 0;
+}
+
+bool Wifi::getState()
+{
+ return modeChange.get();
+}
+
+int Wifi::setHotspotState(bool enable)
+{
+ try {
+ hotspot.set(enable);
+ } catch (runtime::Exception& e) {
+ ERROR(PLUGINS, e.what());
+ return -1;
+ }
+
+ return 0;
+}
+
+bool Wifi::getHotspotState()
+{
+ return hotspot.get();
+}
+
+int Wifi::setProfileChangeRestriction(bool enable)
+{
+ try {
+ profileChange.set(enable);
+ } catch (runtime::Exception& e) {
+ ERROR(PLUGINS, e.what());
+ return -1;
+ }
+
+ return 0;
+}
+
+bool Wifi::isProfileChangeRestricted()
+{
+ return profileChange.get();
+}
+
+extern "C" {
+
+#define PRIVILEGE "http://tizen.org/privilege/dpm.wifi"
+
+AbstractPolicyProvider *PolicyFactory(PolicyControlContext& context)
+{
+ INFO(PLUGINS, "Wifi plugin loaded");
+ Wifi *policy = new Wifi();
+
+ context.expose(policy, PRIVILEGE, (int)(Wifi::setState)(bool));
+ context.expose(policy, PRIVILEGE, (int)(Wifi::setHotspotState)(bool));
+ context.expose(policy, PRIVILEGE, (int)(Wifi::setProfileChangeRestriction)(bool));
+
+ context.expose(policy, "", (bool)(Wifi::getState)());
+ context.expose(policy, "", (bool)(Wifi::getHotspotState)());
+ context.expose(policy, "", (bool)(Wifi::isProfileChangeRestricted)());
+
+ return policy;
+}
+
+} // extern "C"
--- /dev/null
+table_name("bluetooth_policy")
+description("A single row containing the bluetooth policy.")
+schema([
+ Column("mode_change_state", INTEGER, "Bluetooth policy state"),
+ Column("desktop_connectivity_state", INTEGER, "Desktop connectivity policy state"),
+ Column("tethering_state", INTEGER, "Tethering policy state"),
+ Column("paring_state", INTEGER, "Paring policy state"),
+])
+implementation("bluetooth_policy@genBluetoothPolicy")
--- /dev/null
+table_name("usb_policy")
+description("A single row containing the usb policy.")
+schema([
+ Column("usb_debugging", INTEGER, "USB debugging mode policy state"),
+ Column("usb_tethering", INTEGER, "USB tethering policy state"),
+ Column("usb_client", INTEGER, "USB client policy state"),
+])
+implementation("usb_policy@genUsbPolicy")
description("A single row containing the wifi policy.")
schema([
Column("wifi", INTEGER, "Wi-Fi policy state"),
- Column("profile", INTEGER, "Profile policy state"),
- Column("hotspot", INTEGER, "Hotspot policy state"),
+ Column("wifi_profile_change", INTEGER, "Profile policy state"),
+ Column("wifi_hotspot", INTEGER, "Hotspot policy state"),
])
implementation("wifi_policy@genWifiPolicy")
projects / platform / core / security / vist.git / commitdiff