Change to operate in on-demand mode

Change-Id: I4005e4e7c98d234413659dfbebd8ab6077e7d296
Signed-off-by: hyunuktak <hyunuk.tak@samsung.com>

diff --git a/include/stc-iptables.h b/include/stc-iptables.h
index b2ce018..8bc2e16 100755 (executable)
--- a/include/stc-iptables.h
+++ b/include/stc-iptables.h
@@ -25,6 +25,8 @@
 
 typedef struct {
        GMainLoop *main_loop;
+       guint timer;
+       gboolean keep_alive;
 
        gpointer manager_obj;
        gpointer rule_obj;
@@ -37,5 +39,6 @@ typedef struct {
 
 stc_iptables_s *stc_get_iptables(void);
 void stc_stop_iptables(void);
+void stc_set_keep_alive(gboolean keep_alive);
 
 #endif /* __STC_IPTABLES_H__ */

diff --git a/packaging/stc-iptables.spec b/packaging/stc-iptables.spec
index eff0815..85cb17f 100644 (file)
--- a/packaging/stc-iptables.spec
+++ b/packaging/stc-iptables.spec
@@ -62,6 +62,9 @@ ln -s ../stc-iptables.service %{buildroot}%{_libdir}/systemd/system/multi-user.t
 mkdir -p %{buildroot}%{_sysconfdir}/dbus-1/system.d
 cp resources/dbus/stc-iptables.conf %{buildroot}%{_sysconfdir}/dbus-1/system.d/stc-iptables.conf
 
+mkdir -p %{buildroot}%{_datadir}/dbus-1/system-services/
+cp resources/dbus/net.stc-iptables.service %{buildroot}%{_datadir}/dbus-1/system-services/net.stc-iptables.service
+
 %post
 #Logs
 mkdir -p /opt/usr/data/network
@@ -83,6 +86,8 @@ chown network_fw:network_fw /opt/usr/data/network
 #DBus DAC
 %attr(644,root,root) %{_sysconfdir}/dbus-1/system.d/stc-iptables.conf
 
+%attr(644,root,root) %{_datadir}/dbus-1/system-services/net.stc-iptables.service
+
 #Test
 %{_bindir}/stc_ipt_test
 %attr(755,root,root) %{_bindir}/stc_ipt_test

diff --git a/resources/dbus/net.stc-iptables.service b/resources/dbus/net.stc-iptables.service
new file mode 100755 (executable)
index 0000000..c5e1b46
--- /dev/null
+++ b/resources/dbus/net.stc-iptables.service
@@ -0,0 +1,6 @@
+[D-BUS Service]
+Name=net.stc.iptables
+Exec=/bin/false
+User=network_fw
+Group=network_fw
+SystemdService=stc-iptables.service

diff --git a/resources/dbus/stc-iptables.conf b/resources/dbus/stc-iptables.conf
index fc035a0..bfaf82c 100755 (executable)
--- a/resources/dbus/stc-iptables.conf
+++ b/resources/dbus/stc-iptables.conf
@@ -4,10 +4,12 @@
        <policy user="root">
                <allow own="net.stc.iptables"/>
                <allow send_destination="net.stc.iptables"/>
+               <allow receive_sender="net.stc.iptables"/>
        </policy>
        <policy user="network_fw">
                <allow own="net.stc.iptables"/>
                <allow send_destination="net.stc.iptables"/>
+               <allow receive_sender="net.stc.iptables"/>
        </policy>
        <policy context="default">
                <deny own="net.stc.iptables"/>

diff --git a/resources/systemd/stc-iptables.service b/resources/systemd/stc-iptables.service
index 44046d9..6507ce0 100755 (executable)
--- a/resources/systemd/stc-iptables.service
+++ b/resources/systemd/stc-iptables.service
@@ -5,14 +5,14 @@ Before=stc-manager.service
 After=dbus.socket
 
 [Service]
-Type=forking
+Type=dbus
+BusName=net.stc.iptables
 User=network_fw
 Group=network_fw
 SmackProcessLabel=System
 ExecStart=/usr/bin/stc-iptables
 Capabilities=cap_net_bind_service,cap_net_raw,cap_net_admin=i
 SecureBits=keep-caps
-Restart=always
 
 [Install]
 WantedBy=multi-user.target

diff --git a/src/stc-iptables-util.c b/src/stc-iptables-util.c
index 8d57f4b..7bb99e2 100755 (executable)
--- a/src/stc-iptables-util.c
+++ b/src/stc-iptables-util.c
@@ -436,6 +436,7 @@ gboolean handle_iptables_stop(StcManager *object,
        GVariant *return_parameters = NULL;
 
        STC_LOGI("stc manager stop");
+       stc_set_keep_alive(TRUE);
 
        return_parameters = g_variant_new("(i)", STC_ERROR_NONE);
 
@@ -457,6 +458,8 @@ gboolean handle_iptables_add_rule(StcRule *object,
        stc_error_e ret = STC_ERROR_NONE;
        GVariant *return_parameters = NULL;
 
+       stc_set_keep_alive(TRUE);
+
        if (rules != NULL) {
                GVariantIter *iter = NULL;
 
@@ -515,6 +518,8 @@ gboolean handle_iptables_insert_rule(StcRule *object,
        stc_error_e ret = STC_ERROR_NONE;
        GVariant *return_parameters = NULL;
 
+       stc_set_keep_alive(TRUE);
+
        if (rules != NULL) {
                GVariantIter *iter = NULL;
 
@@ -573,6 +578,8 @@ gboolean handle_iptables_remove_rule(StcRule *object,
        stc_error_e ret = STC_ERROR_NONE;
        GVariant *return_parameters = NULL;
 
+       stc_set_keep_alive(TRUE);
+
        if (rules != NULL) {
                GVariantIter *iter = NULL;
                g_variant_get(rules, "a{sv}", &iter);
@@ -630,6 +637,8 @@ gboolean handle_iptables_add_chain(StcChain *object,
        stc_error_e ret = STC_ERROR_NONE;
        GVariant *return_parameters = NULL;
 
+       stc_set_keep_alive(TRUE);
+
        ret = iptables_add_chain(chain);
        if (ret < STC_ERROR_NONE) {
                STC_IPTABLES_DBUS_REPLY_ERROR(invocation, ret); //LCOV_EXCL_LINE
@@ -655,6 +664,8 @@ gboolean handle_iptables_remove_chain(StcChain *object,
        stc_error_e ret = STC_ERROR_NONE;
        GVariant *return_parameters = NULL;
 
+       stc_set_keep_alive(TRUE);
+
        ret = iptables_remove_chain(chain);
        if (ret < STC_ERROR_NONE) {
                STC_IPTABLES_DBUS_REPLY_ERROR(invocation, ret); //LCOV_EXCL_LINE
@@ -680,6 +691,8 @@ gboolean handle_iptables_flush_chain(StcChain *object,
        stc_error_e ret = STC_ERROR_NONE;
        GVariant *return_parameters = NULL;
 
+       stc_set_keep_alive(TRUE);
+
        ret = iptables_flush_chain(chain);
        if (ret < STC_ERROR_NONE) {
                STC_IPTABLES_DBUS_REPLY_ERROR(invocation, ret); //LCOV_EXCL_LINE
@@ -705,6 +718,8 @@ gboolean handle_ip6tables_add_rule(StcRule *object,
        stc_error_e ret = STC_ERROR_NONE;
        GVariant *return_parameters = NULL;
 
+       stc_set_keep_alive(TRUE);
+
        if (rules != NULL) {
                GVariantIter *iter = NULL;
 
@@ -763,6 +778,8 @@ gboolean handle_ip6tables_insert_rule(StcRule *object,
        stc_error_e ret = STC_ERROR_NONE;
        GVariant *return_parameters = NULL;
 
+       stc_set_keep_alive(TRUE);
+
        if (rules != NULL) {
                GVariantIter *iter = NULL;
 
@@ -821,6 +838,8 @@ gboolean handle_ip6tables_remove_rule(StcRule *object,
        stc_error_e ret = STC_ERROR_NONE;
        GVariant *return_parameters = NULL;
 
+       stc_set_keep_alive(TRUE);
+
        if (rules != NULL) {
                GVariantIter *iter = NULL;
                g_variant_get(rules, "a{sv}", &iter);
@@ -878,6 +897,8 @@ gboolean handle_ip6tables_add_chain(StcChain *object,
        stc_error_e ret = STC_ERROR_NONE;
        GVariant *return_parameters = NULL;
 
+       stc_set_keep_alive(TRUE);
+
        ret = ip6tables_add_chain(chain);
        if (ret < STC_ERROR_NONE) {
                STC_IPTABLES_DBUS_REPLY_ERROR(invocation, ret); //LCOV_EXCL_LINE
@@ -903,6 +924,8 @@ gboolean handle_ip6tables_remove_chain(StcChain *object,
        stc_error_e ret = STC_ERROR_NONE;
        GVariant *return_parameters = NULL;
 
+       stc_set_keep_alive(TRUE);
+
        ret = ip6tables_remove_chain(chain);
        if (ret < STC_ERROR_NONE) {
                STC_IPTABLES_DBUS_REPLY_ERROR(invocation, ret); //LCOV_EXCL_LINE
@@ -928,6 +951,8 @@ gboolean handle_ip6tables_flush_chain(StcChain *object,
        stc_error_e ret = STC_ERROR_NONE;
        GVariant *return_parameters = NULL;
 
+       stc_set_keep_alive(TRUE);
+
        ret = ip6tables_flush_chain(chain);
        if (ret < STC_ERROR_NONE) {
                STC_IPTABLES_DBUS_REPLY_ERROR(invocation, ret); //LCOV_EXCL_LINE

diff --git a/src/stc-iptables.c b/src/stc-iptables.c
index 96f26fc..cffa1e9 100755 (executable)
--- a/src/stc-iptables.c
+++ b/src/stc-iptables.c
@@ -95,6 +95,18 @@ static void __stc_inotify_handler(struct inotify_event *event,
        }
 }
 
+static gboolean __stc_timer_expired(gpointer data)
+{
+       if (g_stc_iptables->keep_alive) {
+               g_stc_iptables->keep_alive = FALSE;
+               return TRUE;
+       }
+
+       g_main_loop_quit(g_stc_iptables->main_loop);
+
+       return FALSE;
+}
+
 gint32 main(gint32 argc, gchar *argv[])
 {
        GMainLoop *main_loop = NULL;
@@ -106,8 +118,10 @@ gint32 main(gint32 argc, gchar *argv[])
        setenv("GCOV_PREFIX", "/tmp/daemon", 1);
 #endif
 
+/*
        if (daemon(0, 0) != 0)
                STC_LOGE("Can't start daemon"); //LCOV_EXCL_LINE
+*/
 
        /* Initialize required subsystems */
 #if !GLIB_CHECK_VERSION(2, 35, 0)
@@ -127,6 +141,9 @@ gint32 main(gint32 argc, gchar *argv[])
                goto fail;
        g_stc_iptables->main_loop = main_loop;
 
+       g_stc_iptables->timer = g_timeout_add_seconds(10, __stc_timer_expired, NULL);
+       g_stc_iptables->keep_alive = FALSE;
+
        /* Run the main loop */
        g_main_loop_run(main_loop);
 
@@ -150,10 +167,15 @@ stc_iptables_s *stc_get_iptables(void)
 {
        return g_stc_iptables;
 }
-//LCOV_EXCL_STOP
 
 void stc_stop_iptables(void)
 {
        if (g_stc_iptables && g_stc_iptables->main_loop)
                g_main_loop_quit(g_stc_iptables->main_loop);
 }
+
+void stc_set_keep_alive(gboolean keep_alive)
+{
+       g_stc_iptables->keep_alive = keep_alive;
+}
+//LCOV_EXCL_STOP