[Verificiation] Common module compiled with 3.0 repository (http://download.tizen.org/snapshots/tizen/mobile/latest/repos/arm-wayland/packages/).
Change-Id: I1d807f0c621bdac4481145d1ca534fcb8987da1d
Signed-off-by: Pawel Andruszkiewicz <p.andruszkie@samsung.com>
####################################################################
%if "%{?tizen_profile_name}" == "mobile"
+%define tizen_privilege_engine ACE
+
%define tizen_feature_account_support 1
%define tizen_feature_alarm_support 1
%define tizen_feature_application_support 1
####################################################################
%if "%{?tizen_profile_name}" == "wearable"
+%define tizen_privilege_engine ACE
+
# Account API is optional in Tizen Wearable Profile.
%define tizen_feature_account_support 0
####################################################################
%if "%{?tizen_profile_name}" == "tv"
+%define tizen_privilege_engine ACE
+
%define tizen_feature_account_support 0
%define tizen_feature_alarm_support 1
%define tizen_feature_application_support 1
BuildRequires: pkgconfig(capi-appfw-package-manager)
BuildRequires: pkgconfig(capi-content-media-content)
BuildRequires: pkgconfig(capi-media-metadata-extractor)
+
+%if "%{?tizen_privilege_engine}" == "ACE"
BuildRequires: pkgconfig(capi-security-privilege-manager)
+%endif
+
+%if "%{?tizen_privilege_engine}" == "CYNARA"
+BuildRequires: pkgconfig(cynara-client)
+BuildRequires: pkgconfig(libsmack)
+%endif
%if 0%{?tizen_feature_account_support}
BuildRequires: pkgconfig(accounts-svc)
%build
export GYP_GENERATORS='ninja'
-GYP_OPTIONS="--depth=. -Dtizen=1 -Dextension_build_type=Debug -Dextension_host_os=%{profile} -Dprivilege_engine=ACE"
+GYP_OPTIONS="--depth=. -Dtizen=1 -Dextension_build_type=Debug -Dextension_host_os=%{profile} -Dprivilege_engine=%{tizen_privilege_engine}"
GYP_OPTIONS="$GYP_OPTIONS -Ddisplay_type=x11"
# feature flags
'defines': ['PRIVILEGE_USE_ACE'],
'variables': {
'packages': [
- 'sqlite3',
'capi-security-privilege-manager',
],
},
'defines': ['PRIVILEGE_USE_CYNARA'],
'variables': {
'packages': [
+ 'cynara-client',
+ 'libsmack',
],
},
}],
#elif PRIVILEGE_USE_ACE
#include <privilege_checker.h>
#elif PRIVILEGE_USE_CYNARA
-// TODO
+#include <unistd.h>
+
+#include <cynara/cynara-client.h>
+#include <sys/smack.h>
#endif
#include "common/logger.h"
class AccessControlImpl {
public:
- AccessControlImpl() {
+ AccessControlImpl() : cynara_(nullptr) {
LoggerD("Privilege access checked using Cynara.");
- // TODO
+
+ char* smack_label = nullptr;
+ int ret = smack_new_label_from_self(&smack_label);
+
+ if (0 == ret && nullptr != smack_label) {
+ auto uid = getuid();
+
+ SLoggerD("uid: [%u]", uid);
+ SLoggerD("smack label: [%s]", smack_label);
+
+ uid_ = std::to_string(uid);
+ smack_label_ = smack_label;
+
+ free(smack_label);
+ } else {
+ LoggerE("Failed to get smack label");
+ return;
+ }
+
+ ret = cynara_initialize(&cynara_, nullptr);
+ if (CYNARA_API_SUCCESS != ret) {
+ LoggerE("Failed to initialize Cynara");
+ cynara_ = nullptr;
+ }
}
~AccessControlImpl() {
- // TODO
+ if (cynara_) {
+ auto ret = cynara_finish(cynara_);
+ if (CYNARA_API_SUCCESS != ret) {
+ LoggerE("Failed to finalize Cynara");
+ }
+ cynara_ = nullptr;
+ }
}
bool CheckAccess(const std::vector<std::string>& privileges) {
- // TODO
- return false;
+ if (cynara_) {
+ for (const auto& privilege : privileges) {
+ if (CYNARA_API_ACCESS_ALLOWED != cynara_simple_check(cynara_, // p_cynara
+ smack_label_.c_str(), // client
+ "", // client_session
+ uid_.c_str(), // user
+ privilege.c_str() // privilege
+ )) {
+ return false;
+ }
+ }
+ return true;
+ } else {
+ return false;
+ }
}
+
+ private:
+ cynara* cynara_;
+ std::string uid_;
+ std::string smack_label_;
};
#else
projects / platform / core / api / webapi-plugins.git / commitdiff