SET(CMAKE_C_FLAGS_CCOV "-O2 -g --coverage")
SET(CMAKE_CXX_FLAGS_CCOV "-O2 -std=c++0x -g --coverage")
-#SET(SMACK_ENABLE ON)
-
-#OPTION(DPL_LOG "DPL logs status" ON)
-#IF(DPL_LOG)
-# MESSAGE(STATUS "Logging enabled for DPL")
-# ADD_DEFINITIONS("-DDPL_LOGS_ENABLED")
-#ELSE(DPL_LOG)
-# MESSAGE(STATUS "Logging disabled for DPL")
-#ENDIF(DPL_LOG)
-
# If supported for the target machine, emit position-independent code,suitable
# for dynamic linking and avoiding any limit on the size of the global offset
# table. This option makes a difference on the m68k, PowerPC and SPARC.
# (BJ: our ARM too?)
ADD_DEFINITIONS("-fPIC")
-# Set the default ELF image symbol visibility to hidden - all symbols will be
-# marked with this unless overridden within the code.
-#ADD_DEFINITIONS("-fvisibility=hidden")
# Set compiler warning flags
-#ADD_DEFINITIONS("-Werror") # Make all warnings into errors.
ADD_DEFINITIONS("-Wall") # Generate all warnings
ADD_DEFINITIONS("-Wextra") # Generate even more extra warnings
-#ADD_DEFINITIONS("-Wno-variadic-macros") # Inhibit variadic macros warnings (needed for ORM)
-#ADD_DEFINITIONS("-Wno-deprecated") # No warnings about deprecated features
-#ADD_DEFINITIONS("-std=c++0x") # No warnings about deprecated features
-
-#ADD_DEFINITIONS("-DSOCKET_CONNECTION") #defines sockets as used IPC
-#ADD_DEFINITIONS("-DDBUS_CONNECTION") #defines DBus as used IPC
STRING(REGEX MATCH "([^.]*)" API_VERSION "${VERSION}")
ADD_DEFINITIONS("-DAPI_VERSION=\"$(API_VERSION)\"")
-# Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-#
-# @file CMakeLists.txt
-# @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
-#
-
-#SET(DAEMON_BASIC_DEP
-# dpl-efl
-# dpl-dbus-efl
-# dpl-utils-efl
-# libsoup-2.4
-# openssl
-# libsmack
-# )
-#
-#IF(SMACK_ENABLE)
-# LIST(APPEND DAEMON_BASIC_DEP libprivilege-control)
-#ENDIF(SMACK_ENABLE)
-#
-#PKG_CHECK_MODULES(DAEMON_DEP
-# ${DAEMON_BASIC_DEP}
-# REQUIRED)
-#
-#SET(DAEMON_SOURCES_PATH ${PROJECT_SOURCE_DIR}/src)
-#
-#SET(DAEMON_SOURCES
-# #socket connection
-# ${PROJECT_SOURCE_DIR}/socket_connection/connection/SocketConnection.cpp
-# ${PROJECT_SOURCE_DIR}/socket_connection/connection/SocketStream.cpp
-# #caller
-# ${DAEMON_SOURCES_PATH}/services/caller/security_caller.cpp
-# #daemon
-# ${DAEMON_SOURCES_PATH}/daemon/dbus/security_dbus_service.cpp
-# ${DAEMON_SOURCES_PATH}/daemon/sockets/security_socket_service.cpp
-# ${DAEMON_SOURCES_PATH}/daemon/security_daemon.cpp
-# ${DAEMON_SOURCES_PATH}/main.cpp
-# #ocsp
-# ${DAEMON_SOURCES_PATH}/services/ocsp/dbus/ocsp_server_dbus_interface.cpp
-# ${DAEMON_SOURCES_PATH}/services/ocsp/socket/ocsp_service_callbacks.cpp
-# ${DAEMON_SOURCES_PATH}/services/ocsp/ocsp_service.cpp
-# #ace
-# ${DAEMON_SOURCES_PATH}/services/ace/dbus/ace_server_dbus_interface.cpp
-# ${DAEMON_SOURCES_PATH}/services/ace/socket/ace_service_callbacks.cpp
-# ${DAEMON_SOURCES_PATH}/services/ace/ace_service.cpp
-# ${DAEMON_SOURCES_PATH}/services/ace/logic/security_controller.cpp
-# ${DAEMON_SOURCES_PATH}/services/ace/logic/attribute_facade.cpp
-# ${DAEMON_SOURCES_PATH}/services/ace/logic/security_logic.cpp
-# ${DAEMON_SOURCES_PATH}/services/ace/logic/simple_roaming_agent.cpp
-# #popup
-# ${DAEMON_SOURCES_PATH}/services/popup/dbus/popup_response_dbus_interface.cpp
-# ${DAEMON_SOURCES_PATH}/services/popup/socket/popup_service_callbacks.cpp
-# )
-#
-#SET_SOURCE_FILES_PROPERTIES(${DAEMON_SOURCES} PROPERTIES COMPILE_FLAGS "-std=c++0x")
-#
-############################## Lets start compilation process ##################
-##ace library
-#INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/ace/include)
-##socket connection library
-#INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/socket_connection/connection)
-##daemon
-#INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src)
-#INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/daemon)
-#INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/daemon/dbus)
-#INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/daemon/sockets/api)
-#INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/daemon/sockets)
-##caller
-#INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/services/caller)
-##ace
-#INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/services/ace)
-#INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/services/ace/dbus)
-#INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/services/ace/socket)
-#INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/services/ace/socket/api)
-#INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/services/ace/logic)
-##ocsp
-#INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/services/ocsp)
-#INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/services/ocsp/dbus)
-#INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/services/ocsp/socket)
-#INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/services/ocsp/socket/api)
-#INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/services/ocsp/logic)
-##popup
-#INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/services/popup)
-#INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/services/popup/dbus)
-#INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/services/popup/socket)
-#INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/services/popup/socket/api)
-#INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/services/popup/logic)
-#INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/ace/include)
-#INCLUDE_DIRECTORIES(${DAEMON_DEP_INCLUDE_DIRS})
-#
-#ADD_EXECUTABLE(${TARGET_DAEMON}
-# ${DAEMON_SOURCES})
-#
-#TARGET_LINK_LIBRARIES(${TARGET_DAEMON}
-# ${DAEMON_DEP_LIBRARIES}
-# ${TARGET_ACE_LIB}
-# ${TARGET_ACE_DAO_RW_LIB})
-#
-#INSTALL(TARGETS ${TARGET_DAEMON}
-# DESTINATION bin)
-#
-#INSTALL(FILES
-# ${PROJECT_SOURCE_DIR}/src/daemon/dbus/org.tizen.SecurityDaemon.service
-# DESTINATION /usr/share/dbus-1/services
-# )
-#
-#INSTALL(FILES
-# ${PROJECT_SOURCE_DIR}/src/services/ace/ace_server_api.h
-# ${PROJECT_SOURCE_DIR}/src/services/ocsp/ocsp_server_api.h
-# ${PROJECT_SOURCE_DIR}/src/services/popup/popup_response_server_api.h
-# ${PROJECT_SOURCE_DIR}/src/services/popup/popup_ace_data_types.h
-# ${PROJECT_SOURCE_DIR}/src/daemon/dbus/security_daemon_dbus_config.h
-# DESTINATION /usr/include/wrt-security
-# )
-#
-ADD_SUBDIRECTORY(security-srv)
+PKG_CHECK_MODULES(SECURITY_SERVER_DEP
+ dlog
+ openssl
+ libsmack
+ REQUIRED
+ )
+
+SET(SECURITY_SERVER_PATH ${PROJECT_SOURCE_DIR}/src)
+
+SET(SECURITY_SERVER_SOURCES
+ ${SECURITY_SERVER_PATH}/communication/security-server-comm.c
+ ${SECURITY_SERVER_PATH}/server/security-server-cookie.c
+ ${SECURITY_SERVER_PATH}/server/security-server-main.c
+ ${SECURITY_SERVER_PATH}/server/security-server-password.c
+ ${SECURITY_SERVER_PATH}/util/security-server-util-common.c
+ )
+
+SET_SOURCE_FILES_PROPERTIES(
+ ${SECURITY_SERVER_SOURCES}
+ PROPERTIES
+ COMPILE_FLAGS "-D_GNU_SOURCE -DSECURITY_SERVER_DEBUG_DLOG")
+
+INCLUDE_DIRECTORIES(
+ ${SECURITY_SERVER_PATH}/include
+ ${SECURITY_SERVER_DEP_INCLUDE_DIRS}
+ )
+
+ADD_EXECUTABLE(${TARGET_SECURITY_SERVER} ${SECURITY_SERVER_SOURCES})
+
+TARGET_LINK_LIBRARIES(${TARGET_SECURITY_SERVER}
+ ${SECURITY_SERVER_DEP_LIBRARIES}
+ )
+
+################################################################################
+
+SET(SECURITY_CLIENT_VERSION_MAJOR 1)
+SET(SECURITY_CLIENT_VERSION ${SECURITY_CLIENT_VERSION_MAJOR}.0.1)
+
+SET(SECURITY_CLIENT_SOURCES
+ ${SECURITY_SERVER_PATH}/client/security-server-client.c
+ ${SECURITY_SERVER_PATH}/communication/security-server-comm.c
+ )
+
+ADD_LIBRARY(${TARGET_SECURITY_CLIENT} SHARED ${SECURITY_CLIENT_SOURCES})
+
+SET_TARGET_PROPERTIES(
+ ${TARGET_SECURITY_CLIENT}
+ PROPERTIES
+ LINK_FLAGS "-module -avoid-version"
+ COMPILE_FLAGS "-D_GNU_SOURCE -DSECURITY_SERVER_DEBUG_DLOG -fPIC"
+ SOVERSION ${SECURITY_CLIENT_VERSION_MAJOR}
+ VERSION ${SECURITY_CLIENT_VERSION}
+ )
+
+TARGET_LINK_LIBRARIES(${TARGET_SECURITY_CLIENT}
+ ${SECURITY_SERVER_DEP_LIBRARIES}
+ )
+
+################################################################################
+
+INSTALL(TARGETS ${TARGET_SECURITY_CLIENT} DESTINATION lib)
+
+INSTALL(TARGETS ${TARGET_SECURITY_SERVER} DESTINATION bin)
+
+INSTALL(FILES
+ ${SECURITY_SERVER_PATH}/include/security-server.h
+ DESTINATION /usr/include/security-server
+ )
+
+INSTALL(FILES
+ ${SECURITY_SERVER_PATH}/mw-list
+ DESTINATION /usr/share/security-server
+ )
+
+INSTALL(FILES
+ ${SECURITY_SERVER_PATH}/security-serverd
+ DESTINATION /etc/rc.d/init.d
+ )
+
+################################################################################
+
+#CONFIGURE_FILE(security-server.pc.in security-server.pc @ONLY)
+#INSTALL
+
+################################################################################
+++ /dev/null
-[D-BUS Service]
-Name=org.tizen.SecurityDaemon
-Exec=/usr/bin/security-server
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/**
- * @file security_daemon_dbus_config.h
- * @author Tomasz Swierczek (t.swierczek@samsung.com)
- * @version 1.0
- * @brief This file contains security daemon DBus configuration.
- */
-#ifndef WRT_SRC_RPC_SECURITY_DAEMON_DBUS_CONFIG_H_
-#define WRT_SRC_RPC_SECURITY_DAEMON_DBUS_CONFIG_H_
-
-#include <string>
-
-namespace WrtSecurity {
-
-struct SecurityDaemonConfig {
- static const std::string OBJECT_PATH()
- {
- return "/org/tizen/SecurityDaemon";
- }
-
- static const std::string SERVICE_NAME()
- {
- return "org.tizen.SecurityDaemon";
- }
-};
-
-} // namespace WrtSecurity
-
-#endif // WRT_SRC_RPC_SECURITY_DAEMON_DBUS_CONFIG_H_
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/**
- * @file security_dbus_service.cpp
- * @author Tomasz Swierczek (t.swierczek@samsung.com)
- * @author Zbigniew Kostrzewa (z.kostrzewa@samsung.com)
- * @version 1.0
- * @brief This file contains implementation of security DBus service.
- */
-#include <dpl/log/log.h>
-#include <algorithm>
-#include <gio/gio.h>
-#include <dpl/exception.h>
-#include <dpl/dbus/interface.h>
-#include <dpl/dbus/connection.h>
-#include "security_dbus_service.h"
-#include "security_daemon_dbus_config.h"
-#include <ace_server_dbus_interface.h>
-#include <ocsp_server_dbus_interface.h>
-#include <popup_response_dbus_interface.h>
-
-
-void SecurityDBusService::start()
-{
- LogDebug("SecurityDBusService starting");
- m_connection = DPL::DBus::Connection::systemBus();
- std::for_each(m_objects.begin(),
- m_objects.end(),
- [&m_connection] (const DPL::DBus::ObjectPtr& object)
- {
- m_connection->registerObject(object);
- });
- m_connection->registerService(
- WrtSecurity::SecurityDaemonConfig::SERVICE_NAME());
-}
-
-void SecurityDBusService::stop()
-{
- LogDebug("SecurityDBusService stopping");
- m_connection.reset();
-}
-
-void SecurityDBusService::initialize()
-{
- LogDebug("SecurityDBusService initializing");
- g_type_init();
-
- addInterface(WrtSecurity::SecurityDaemonConfig::OBJECT_PATH(),
- std::make_shared<RPC::AceServerDBusInterface>());
- addInterface(WrtSecurity::SecurityDaemonConfig::OBJECT_PATH(),
- std::make_shared<RPC::OcspServerDBusInterface>());
- addInterface(WrtSecurity::SecurityDaemonConfig::OBJECT_PATH(),
- std::make_shared<RPC::PopupResponseDBusInterface>());
-}
-
-void SecurityDBusService::addInterface(const std::string& objectPath,
- const InterfaceDispatcherPtr& dispatcher)
-{
- auto ifaces =
- DPL::DBus::Interface::fromXMLString(dispatcher->getXmlSignature());
- if (ifaces.empty())
- {
- ThrowMsg(DPL::Exception, "No interface description.");
- }
-
- auto iface = ifaces.at(0);
- iface->setDispatcher(dispatcher.get());
-
- m_dispatchers.push_back(dispatcher);
- m_objects.push_back(DPL::DBus::Object::create(objectPath, iface));
-}
-
-void SecurityDBusService::deinitialize()
-{
- LogDebug("SecurityDBusService deinitializing");
- m_objects.clear();
- m_dispatchers.clear();
-}
-
-#ifdef DBUS_CONNECTION
-DAEMON_REGISTER_SERVICE_MODULE(SecurityDBusService)
-#endif //DBUS_CONNECTION
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file security_dbus_service.h
- * @author Tomasz Swierczek (t.swierczek@samsung.com)
- * @author Zbigniew Kostrzewa (z.kostrzewa@samsung.com)
- * @version 1.0
- * @brief This file contains definitions of security DBus service.
- */
-#ifndef WRT_SRC_RPC_SECURITY_DBUS_SERVICE_H_
-#define WRT_SRC_RPC_SECURITY_DBUS_SERVICE_H_
-
-#include <memory>
-#include <vector>
-#include <dpl/dbus/connection.h>
-#include <dpl/dbus/object.h>
-#include <dpl/dbus/dispatcher.h>
-#include <dpl/dbus/dbus_interface_dispatcher.h>
-#include <security_daemon.h>
-
-class SecurityDBusService : public SecurityDaemon::DaemonService {
-private:
- virtual void initialize();
- virtual void start();
- virtual void stop();
- virtual void deinitialize();
-
-private:
- typedef std::shared_ptr<DPL::DBus::InterfaceDispatcher> InterfaceDispatcherPtr;
- typedef std::shared_ptr<DPL::DBus::Dispatcher> DispatcherPtr;
-
- void addInterface(const std::string& objectPath,
- const InterfaceDispatcherPtr& dispatcher);
-
- DPL::DBus::ConnectionPtr m_connection;
- std::vector<DPL::DBus::ObjectPtr> m_objects;
- std::vector<DispatcherPtr> m_dispatchers;
-};
-
-#endif // WRT_SRC_RPC_SECURITY_DBUS_SERVICE_H_
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file security_daemon.cpp
- * @author Lukasz Wrzosek (l.wrzosek@samsung.com)
- * @version 1.0
- * @brief This is implementation file of Security Daemon
- */
-
-#include "security_daemon.h"
-
-#include <dpl/assert.h>
-#include <dpl/foreach.h>
-#include <dpl/log/log.h>
-
-#include <dpl/framework_efl.h>
-
-#include <dpl/singleton_impl.h>
-IMPLEMENT_SINGLETON(SecurityDaemon::SecurityDaemon)
-
-#include <ace-dao-rw/AceDAO.h>
-
-namespace SecurityDaemon {
-
-//This is declared not in SecurityDaemon class, so no Ecore.h is needed there.
-static Ecore_Event_Handler *g_exitHandler;
-static Eina_Bool exitHandler(void */*data*/, int /*type*/, void */*event*/)
-{
- auto& daemon = SecurityDaemonSingleton::Instance();
- daemon.terminate(0);
-
- return ECORE_CALLBACK_CANCEL;
-}
-
-SecurityDaemon::SecurityDaemon() :
- m_initialized(false),
- m_terminating(false),
- m_returnValue(0)
-{
-}
-
-void SecurityDaemon::initialize(int& /*argc*/, char** /*argv*/)
-{
- DPL::Log::LogSystemSingleton::Instance().SetTag("SECURITY_DAEMON");
- LogDebug("Initializing");
- Assert(!m_initialized && "Already Initialized");
-
- g_exitHandler = ecore_event_handler_add(ECORE_EVENT_SIGNAL_EXIT,
- &exitHandler,
- NULL);
-
- DatabaseService::initialize();
- FOREACH (service, m_servicesList) {
- (*service)->initialize();
- }
- m_initialized = true;
- LogDebug("Initialized");
-}
-
-int SecurityDaemon::execute()
-{
- Assert(m_initialized && "Not Initialized");
- LogDebug("Starting execute");
- FOREACH (service, m_servicesList) {
- (*service)->start();
- }
- ecore_main_loop_begin();
- return m_returnValue;
-}
-
-void SecurityDaemon::terminate(int returnValue)
-{
- Assert(m_initialized && "Not Initialized");
- Assert(!m_terminating && "Already terminating");
- LogDebug("Terminating");
-
- ecore_event_handler_del(g_exitHandler);
-
- m_returnValue = returnValue;
- m_terminating = true;
-
- FOREACH (service, m_servicesList) {
- (*service)->stop();
- }
-
- ecore_main_loop_quit();
-}
-
-void SecurityDaemon::shutdown()
-{
- LogDebug("Shutdown");
- Assert(m_initialized && "Not Initialized");
- Assert(m_terminating && "Not terminated");
-
- DatabaseService::deinitialize();
- FOREACH (service, m_servicesList) {
- (*service)->deinitialize();
- }
-
- m_initialized = false;
-}
-
-namespace DatabaseService {
-
-void initialize(void)
-{
- LogDebug("Ace/Wrt database services initializing...");
- AceDB::AceDAO::attachToThreadRW();
-}
-
-void deinitialize(void)
-{
- LogDebug("Ace/Wrt database services deinitializing...");
- AceDB::AceDAO::detachFromThread();
-}
-
-} //namespace DatabaseService
-
-} //namespace SecurityDaemon
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file security_daemon.h
- * @author Lukasz Wrzosek (l.wrzosek@samsung.com)
- * @version 1.0
- * @brief This is header file of Security Daemon
- */
-
-#ifndef WRT_SRC_SECURITY_DAEMON_SECURITY_DAEMON_H
-#define WRT_SRC_SECURITY_DAEMON_SECURITY_DAEMON_H
-
-#include <utility>
-#include <memory>
-#include <list>
-#include <dpl/noncopyable.h>
-#include <dpl/singleton.h>
-#include <dpl/assert.h>
-
-
-namespace SecurityDaemon {
-
-class DaemonService : DPL::Noncopyable {
- public:
- virtual void initialize() = 0;
- virtual void start() = 0;
- virtual void stop() = 0;
- virtual void deinitialize() = 0;
-};
-
-class SecurityDaemon : DPL::Noncopyable
-{
- public:
- SecurityDaemon();
-
- void initialize(int& argc, char** argv);
- int execute();
- void terminate(int returnValue = 0);
-
- template<typename ServiceType, typename ...Args>
- void registerService(Args&&... args)
- {
- Assert(!m_initialized && "Too late for registration");
-
- m_servicesList.push_back(
- std::make_shared<ServiceType>(std::forward<Args>(args)...));
- }
-
- void shutdown();
-
- private:
- bool m_initialized;
- bool m_terminating;
- int m_returnValue;
- typedef std::list<std::shared_ptr<DaemonService>> DaemonServiceList;
- DaemonServiceList m_servicesList;
-};
-
-namespace DatabaseService {
- void initialize();
- void deinitialize();
-};
-
-} //namespace SecurityDaemon
-
-typedef DPL::Singleton<SecurityDaemon::SecurityDaemon> SecurityDaemonSingleton;
-
-#define DAEMON_REGISTER_SERVICE_MODULE(Type) \
- namespace { \
- static int initializeModule(); \
- static int initializeModuleHelper = initializeModule(); \
- int initializeModule() \
- { \
- (void)initializeModuleHelper; \
- SecurityDaemonSingleton::Instance().registerService<Type>(); \
- return 0; \
- } \
- }
-
-
-#endif /* WRT_SRC_SECURITY_DAEMON_SECURITY_DAEMON_H */
+++ /dev/null
-/*
- * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file callback_api.h
- * @author Zofia Abramowska (z.abramowska@samsung.com)
- * @version 1.0
- * @brief This header provides types and exceptions required for security service callbacks
- */
-
-#ifndef CALLBACK_API_H_
-#define CALLBACK_API_H_
-
-#include <dpl/exception.h>
-
-typedef void (*socketServerCallback) (SocketConnection * connector);
-
-typedef bool (*securityCheck) (int socketfd);
-
-namespace ServiceCallbackApi{
-
- class Exception{
- public:
- DECLARE_EXCEPTION_TYPE(DPL::Exception, Base)
- DECLARE_EXCEPTION_TYPE(Base, ServiceCallbackException)
- };
-
-}
-
-#endif /* CALLBACK_API_H_ */
+++ /dev/null
-/*
- * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/**
- * @file security_daemon_socket_config.h
- * @author Zofia Abramowska (z.abramowska@samsung.com)
- * @version 1.0
- * @brief
- */
-
-#ifndef SECURITY_DAEMON_SOCKET_CONFIG_H_
-#define SECURITY_DAEMON_SOCKET_CONFIG_H_
-
-#include <string>
-#include <signal.h>
-
-namespace WrtSecurity {
-
-struct SecurityDaemonSocketConfig {
- static const std::string SERVER_ADDRESS()
- {
- return "/tmp/server";
- }
-};
-
-} // namespace WrtSecurity
-#endif /* SECURITY_DAEMON_SOCKET_CONFIG_H_ */
+++ /dev/null
-/*
- * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/**
- * @file security_socket_service.cpp
- * @author Zofia Abramowska (z.abramowska@samsung.com)
- * @version 1.0
- * @brief Implementation of socket server
- */
-#include <errno.h>
-#include <sys/types.h>
-#include <sys/socket.h>
-#include <sys/un.h>
-#include <sys/signalfd.h>
-#include <sys/select.h>
-#include <sys/stat.h>
-#include <signal.h>
-#include <fcntl.h>
-#include <cstring>
-#include <dpl/log/log.h>
-#include "ace_service_callbacks_api.h"
-#include "ocsp_service_callbacks_api.h"
-#include "popup_service_callbacks_api.h"
-#include "security_daemon_socket_config.h"
-#include "security_socket_service.h"
-
-#define TIMEOUT_SEC 0
-#define TIMEOUT_NSEC 100000000
-#define MAX_LISTEN 5
-#define SIGNAL_TO_CLOSE SIGUSR1
-
-void SecuritySocketService::throwWithErrnoMessage(const std::string& specificInfo){
- LogError(specificInfo << " : " << strerror(errno));
- ThrowMsg(DPL::Exception, specificInfo << " : " << strerror(errno));
-}
-
-void SecuritySocketService::registerServiceCallback(const std::string &interfaceName,
- const std::string &methodName,
- socketServerCallback callbackMethod,
- securityCheck securityMethod){
- if(NULL == callbackMethod){
- LogError("Null callback");
- ThrowMsg(DPL::Exception, "Null callback");
- }
- if(interfaceName.empty() || methodName.empty()){
- LogError("Interface and method name cannot be empty");
- ThrowMsg(DPL::Exception, "Empty interface or method name");
- }
-
- auto serviceCallbackPtr = std::make_shared<ServiceCallback>(ServiceCallback(callbackMethod, securityMethod));
- m_callbackMap[interfaceName][methodName] = serviceCallbackPtr;
-}
-
-void SecuritySocketService::addClientSocket(int clientSocket){
- std::lock_guard<std::mutex> guard(m_clientSocketListMutex);
- m_clientSocketList.push_back(clientSocket);
-}
-
-void SecuritySocketService::removeClientSocket(int clientSocket){
- std::lock_guard<std::mutex> guard(m_clientSocketListMutex);
- m_clientSocketList.remove(clientSocket);
-}
-
-bool SecuritySocketService::popClientSocket(int * clientSocket){
- std::lock_guard<std::mutex> guard(m_clientSocketListMutex);
- if(m_clientSocketList.empty())
- return false;
- *clientSocket = m_clientSocketList.front();
- m_clientSocketList.pop_front();
- return true;
-}
-
-void SecuritySocketService::initialize(){
-
- LogInfo("Initializing...");
- m_serverAddress = WrtSecurity::SecurityDaemonSocketConfig::SERVER_ADDRESS();
- m_signalToClose = SIGNAL_TO_CLOSE;
-
- //registering Ace callbacks
- registerServiceCallback(WrtSecurity::AceServerApi::INTERFACE_NAME(),
- WrtSecurity::AceServiceCallbacksApi::CHECK_ACCESS_METHOD_CALLBACK().first,
- WrtSecurity::AceServiceCallbacksApi::CHECK_ACCESS_METHOD_CALLBACK().second);
-
- registerServiceCallback(WrtSecurity::AceServerApi::INTERFACE_NAME(),
- WrtSecurity::AceServiceCallbacksApi::CHECK_ACCESS_INSTALL_METHOD_CALLBACK().first,
- WrtSecurity::AceServiceCallbacksApi::CHECK_ACCESS_INSTALL_METHOD_CALLBACK().second);
-
- registerServiceCallback(WrtSecurity::AceServerApi::INTERFACE_NAME(),
- WrtSecurity::AceServiceCallbacksApi::UPDATE_POLICY_METHOD_CALLBACK().first,
- WrtSecurity::AceServiceCallbacksApi::UPDATE_POLICY_METHOD_CALLBACK().second);
- LogInfo("Registered Ace callbacks");
-
- //registering Ocsp callbacks
- registerServiceCallback(WrtSecurity::OcspServerApi::INTERFACE_NAME(),
- WrtSecurity::OcspServiceCallbacksApi::CHECK_ACCESS_METHOD_CALLBACK().first,
- WrtSecurity::OcspServiceCallbacksApi::CHECK_ACCESS_METHOD_CALLBACK().second);
- LogInfo("Registered Ocsp callbacks");
-
- //registering Popup callbacks
- registerServiceCallback(WrtSecurity::PopupServerApi::INTERFACE_NAME(),
- WrtSecurity::PopupServiceCallbacksApi::VALIDATION_METHOD_CALLBACK().first,
- WrtSecurity::PopupServiceCallbacksApi::VALIDATION_METHOD_CALLBACK().second);
- LogInfo("Registered Popup callbacks");
-
- if(-1 == (m_listenFd = socket(AF_UNIX, SOCK_STREAM, 0))){
- throwWithErrnoMessage("socket()");
- }
- LogInfo("Server socket created");
-
- //socket needs to be nonblocking, because read can block after select
- int flags;
- if (-1 == (flags = fcntl(m_listenFd, F_GETFL, 0)))
- flags = 0;
- if(-1 == (fcntl(m_listenFd, F_SETFL, flags | O_NONBLOCK))){
- throwWithErrnoMessage("fcntl");
- }
-
- sockaddr_un server_address;
- bzero(&server_address, sizeof(server_address));
- server_address.sun_family = AF_UNIX;
- strcpy(server_address.sun_path, m_serverAddress.c_str());
- unlink(server_address.sun_path);
-
- mode_t socket_umask, original_umask;
- socket_umask = 0;
- original_umask = umask(socket_umask);
-
- if(-1 == bind(m_listenFd, (struct sockaddr *)&server_address, SUN_LEN(&server_address))){
- throwWithErrnoMessage("bind()");
- }
-
- umask(original_umask);
-
- LogInfo("Initialized");
-}
-
-void SecuritySocketService::start(){
-
- LogInfo("Starting...");
- if(m_serverAddress.empty()){
- LogError("Server not initialized");
- ThrowMsg(DPL::Exception, "Server not initialized");
- }
-
- sigset_t sigset;
- sigemptyset(&sigset);
- if(-1 == sigaddset(&sigset, m_signalToClose)){
- throwWithErrnoMessage("sigaddset()");
- }
- int returned_value;
- if ((returned_value = pthread_sigmask(SIG_BLOCK, &sigset, NULL)) < 0) {
- errno = returned_value;
- throwWithErrnoMessage("pthread_sigmask()");
- }
-
- pthread_t mainThread;
-
- if((returned_value = pthread_create(&mainThread, NULL, &serverThread, this)) < 0){
- errno = returned_value;
- throwWithErrnoMessage("pthread_create()");
- }
- m_mainThread = mainThread;
-
- LogInfo("Started");
-}
-
-void * SecuritySocketService::serverThread(void * data){
- pthread_detach(pthread_self());
- SecuritySocketService &t = *static_cast<SecuritySocketService *>(data);
- LogInfo("Running server main thread");
- Try {
- t.mainLoop();
- } Catch (DPL::Exception) {
- LogError("Socket server error. Exiting...");
- return (void *)1;
- }
-
- return (void *)0;
-}
-
-
-void SecuritySocketService::mainLoop(){
-
- if(listen(m_listenFd, MAX_LISTEN) == -1){
- throwWithErrnoMessage("listen()");
- }
-
- //Settings to catch closing signal in select
- int signal_fd;
- sigset_t sigset;
- if(-1 == (sigemptyset(&sigset))){
- throwWithErrnoMessage("sigemptyset()");
- }
- if(-1 == (sigaddset(&sigset, m_signalToClose))) {
- throwWithErrnoMessage("sigaddset()");
- }
- if((signal_fd = signalfd(-1, &sigset, 0)) < 0){
- throwWithErrnoMessage("signalfd()");
- }
-
- //Setting descriptors for pselect
- fd_set allset, rset;
- int maxfd;
- FD_ZERO(&allset);
- FD_SET(m_listenFd, &allset);
- FD_SET(signal_fd, &allset);
- timespec timeout;
- maxfd = (m_listenFd > signal_fd) ? (m_listenFd) : (signal_fd);
- ++maxfd;
- //this will block SIGPIPE for this thread and every thread created in it
- //reason : from here on we don't won't to receive SIGPIPE on writing to closed socket
- //instead of signal we want to receive error from write - hence blocking SIGPIPE
- sigset_t set;
- sigemptyset(&set);
- sigaddset(&set, SIGPIPE);
- pthread_sigmask(SIG_BLOCK, &set, NULL);
-
- while(1){
- timeout.tv_sec = TIMEOUT_SEC;
- timeout.tv_nsec = TIMEOUT_NSEC;
- rset = allset;
- if(-1 == pselect(maxfd, &rset, NULL, NULL, &timeout, NULL)){
- closeConnections();
- throwWithErrnoMessage("pselect()");
- }
-
- if(FD_ISSET(signal_fd, &rset)){
- LogInfo("Got signal to close");
- signalfd_siginfo siginfo;
- ssize_t res;
- res = read(signal_fd, &siginfo, sizeof(siginfo));
- if(res <= 0){
- closeConnections();
- throwWithErrnoMessage("read()");
- }
- if((size_t)res != sizeof(siginfo)){
- closeConnections();
- LogError("couldn't read whole siginfo");
- ThrowMsg(DPL::Exception, "couldn't read whole siginfo");
- }
- if((int)siginfo.ssi_signo == m_signalToClose){
- LogInfo("Server thread got signal to close");
- closeConnections();
- return;
- } else {
- LogInfo("Got not handled signal");
- }
- }
- if(FD_ISSET(m_listenFd, &rset)){
- int client_fd;
- if(-1 == (client_fd = accept(m_listenFd, NULL, NULL))){
- closeConnections();
- throwWithErrnoMessage("accept()");
- }
- LogInfo("Got incoming connection");
- Connection_Info * connection = new Connection_Info(client_fd, (void *)this);
- int res;
- pthread_t client_thread;
- if((res = pthread_create(&client_thread, NULL, &connectionThread, connection)) < 0){
- delete connection;
- errno = res;
- closeConnections();
- throwWithErrnoMessage("pthread_create()");
- }
- addClientSocket(client_fd);
- }
- }
-}
-
-void * SecuritySocketService::connectionThread(void * data){
- pthread_detach(pthread_self());
- std::auto_ptr<Connection_Info> c (static_cast<Connection_Info *>(data));
- SecuritySocketService &t = *static_cast<SecuritySocketService *>(c->data);
- LogInfo("Starting connection thread");
- Try {
- t.connectionService(c->connfd);
- } Catch (DPL::Exception){
- LogError("Connection thread error : " << _rethrown_exception.DumpToString());
- t.removeClientSocket(c->connfd);
- close(c->connfd);
- return (void*)1;
- }
- LogInfo("Client serviced");
- return (void*)0;
-}
-
-void SecuritySocketService::connectionService(int fd){
-
- SocketConnection connector = SocketConnection(fd);
- std::string interfaceName, methodName;
-
- Try {
- connector.read(&interfaceName, &methodName);
- } Catch (SocketConnection::Exception::SocketConnectionException){
- LogError("Socket Connection read error");
- ReThrowMsg(DPL::Exception, "Socket Connection read error");
- }
-
- LogDebug("Got interface : " << interfaceName);
- LogDebug("Got method : " << methodName);
-
- if( m_callbackMap.find(interfaceName) == m_callbackMap.end()){
- LogError("Unknown interface : " << interfaceName);
- ThrowMsg(DPL::Exception, "Unknown interface : " << interfaceName);
- }
-
- if(m_callbackMap[interfaceName].find(methodName) == m_callbackMap[interfaceName].end()){
- LogError("Unknown method : " << methodName);
- ThrowMsg(DPL::Exception, "Unknown method");
- }
-
- if(m_callbackMap[interfaceName][methodName]->securityCallback != NULL){
- if(!m_callbackMap[interfaceName][methodName]->securityCallback(fd)){
- LogError("Security check returned false");
- ThrowMsg(DPL::Exception, "Security check returned false");
- }
- }
-
- LogInfo("Calling service");
- Try{
- m_callbackMap[interfaceName][methodName]->serviceCallback(&connector);
- } Catch (ServiceCallbackApi::Exception::ServiceCallbackException){
- LogError("Service callback error");
- ReThrowMsg(DPL::Exception, "Service callback error");
- }
-
- LogInfo("Removing client");
- removeClientSocket(fd);
- close(fd);
-
- LogInfo("Call served");
-
-}
-
-void SecuritySocketService::stop(){
- LogInfo("Stopping");
- if(-1 == close(m_listenFd))
- if(errno != ENOTCONN)
- throwWithErrnoMessage("close()");
- int returned_value;
- if((returned_value = pthread_kill(m_mainThread, m_signalToClose)) < 0){
- errno = returned_value;
- throwWithErrnoMessage("pthread_kill()");
- }
- pthread_join(m_mainThread, NULL);
-
- LogInfo("Stopped");
-}
-
-void SecuritySocketService::closeConnections(){
-
- int clientSocket;
- LogInfo("Closing client sockets");
- while(popClientSocket(&clientSocket)){
- if(-1 == close(clientSocket)){
- LogError("close() : " << strerror(errno));
- }
- }
-
- LogInfo("Connections closed");
-}
-
-void SecuritySocketService::deinitialize(){
- m_serverAddress.clear();
-
- LogInfo("Deinitialized");
-
-}
-
-#ifdef SOCKET_CONNECTION
-DAEMON_REGISTER_SERVICE_MODULE(SecuritySocketService)
-#endif
+++ /dev/null
-/*
- * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/**
- * @file security_socket_service.h
- * @author Zofia Abramowska (z.abramowska@samsung.com)
- * @version 1.0
- * @brief Header of socket server class
- */
-
-#ifndef SECURITY_SOCKET_SERVICE_H_
-#define SECURITY_SOCKET_SERVICE_H_
-
-#include <map>
-#include <list>
-#include <memory>
-#include <mutex>
-#include <pthread.h>
-#include <security_daemon.h>
-#include <SocketConnection.h>
-#include <callback_api.h>
-
-class SecuritySocketService : public SecurityDaemon::DaemonService {
-
-private:
-
- virtual void initialize();
- virtual void start();
- virtual void stop();
- virtual void deinitialize();
-
-
-private:
-
- //Function for registering callback with given interface and method name and possibly security check callback
- void registerServiceCallback(const std::string& interfaceName,
- const std::string& methodName,
- socketServerCallback serviceCallback,
- securityCheck securityCallback = NULL);
- //Thread function for server
- static void * serverThread(void *);
- //Main function for server
- void mainLoop();
- //Thread function for connection serving
- static void * connectionThread(void *);
- //Main function for connection serving
- void connectionService(int fd);
- //closing all connections
- void closeConnections();
- //logs an error and throws an exception with message containing errno message
- void throwWithErrnoMessage(const std::string &specificInfo);
-
- //concurrency safe methods for client socket list - add, remove and pop (with returned value)
- void addClientSocket(int clientThread);
- void removeClientSocket(int clientThread);
- bool popClientSocket(int* clientThread);
-
- //Address of socket server
- std::string m_serverAddress;
- //Signal used for informing threads to stop
- int m_signalToClose;
- //Socket for listening
- int m_listenFd;
- //Number of main thread
- pthread_t m_mainThread;
- //Numbers of all created threads for connections
- std::list<int> m_clientSocketList;
-
- //Thread list mutex
- std::mutex m_clientSocketListMutex;
-
- //Structure for callback maps
- class ServiceCallback
- {
- public:
- ServiceCallback(socketServerCallback ser, securityCheck sec) : serviceCallback(ser), securityCallback(sec){}
- socketServerCallback serviceCallback;
- securityCheck securityCallback;
- };
-
- typedef std::shared_ptr<ServiceCallback> ServiceCallbackPtr;
- //Map for callback methods, key is a method name and value is a callback to method
- typedef std::map<std::string, ServiceCallbackPtr> ServiceMethodCallbackMap;
- //Map for interface methods, key is an interface name and value is a map of available methods with callbacks
- std::map<std::string, ServiceMethodCallbackMap> m_callbackMap;
-
- //Structure passed to connection thread
- struct Connection_Info{
- Connection_Info(int fd, void * data) : connfd(fd), data(data)
- {}
- int connfd;
- void * data;
- };
-
-};
-
-#endif /* SECURITY_SOCKET_SERVICE_H_ */
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file main.cpp
- * @author Lukasz Wrzosek (l.wrzosek@samsung.com)
- * @version 1.0
- * @brief This is main routing for Security Daemon
- */
-
-#include <dpl/log/log.h>
-#include <dpl/single_instance.h>
-
-#include "security_daemon.h"
-
-#include <pthread.h>
-
-static const std::string DAEMON_INSTANCE_UUID =
- "5ebf3f24-dad6-4a27-88b4-df7970efe7a9";
-
-int main(int argc, char* argv[])
-{
- DPL::SingleInstance instance;
- try {
- if (!instance.TryLock(DAEMON_INSTANCE_UUID)) {
- LogError("Security Daemon is already running");
- return -1;
- }
- } catch (const DPL::SingleInstance::Exception::LockError &e) {
- LogError(e.DumpToString());
- return -1;
- }
-
- auto& daemon = SecurityDaemonSingleton::Instance();
-
- daemon.initialize(argc, argv);
-
- //Run daemon
- auto retVal = daemon.execute();
-
- daemon.shutdown();
- try {
- instance.Release();
- } catch (const DPL::SingleInstance::Exception::LockError &e) {
- LogError(e.DumpToString());
- }
-
- return retVal;
-}
+++ /dev/null
-PKG_CHECK_MODULES(SECURITY_SERVER_DEP
- dlog
- openssl
- libsmack
- REQUIRED
- )
-
-SET(SECURITY_SERVER_PATH ${PROJECT_SOURCE_DIR}/src/security-srv)
-
-SET(SECURITY_SERVER_SOURCES
- ${SECURITY_SERVER_PATH}/communication/security-server-comm.c
- ${SECURITY_SERVER_PATH}/server/security-server-cookie.c
- ${SECURITY_SERVER_PATH}/server/security-server-main.c
- ${SECURITY_SERVER_PATH}/server/security-server-password.c
- ${SECURITY_SERVER_PATH}/util/security-server-util-common.c
- )
-
-SET_SOURCE_FILES_PROPERTIES(
- ${SECURITY_SERVER_SOURCES}
- PROPERTIES
- COMPILE_FLAGS "-D_GNU_SOURCE -DSECURITY_SERVER_DEBUG_DLOG")
-
-INCLUDE_DIRECTORIES(
- ${SECURITY_SERVER_PATH}/include
- ${SECURITY_SERVER_DEP_INCLUDE_DIRS}
- )
-
-ADD_EXECUTABLE(${TARGET_SECURITY_SERVER} ${SECURITY_SERVER_SOURCES})
-
-TARGET_LINK_LIBRARIES(${TARGET_SECURITY_SERVER}
- ${SECURITY_SERVER_DEP_LIBRARIES}
- )
-
-################################################################################
-
-SET(SECURITY_CLIENT_VERSION_MAJOR 1)
-SET(SECURITY_CLIENT_VERSION ${SECURITY_CLIENT_VERSION_MAJOR}.0.1)
-
-SET(SECURITY_CLIENT_SOURCES
- ${SECURITY_SERVER_PATH}/client/security-server-client.c
- ${SECURITY_SERVER_PATH}/communication/security-server-comm.c
- )
-
-ADD_LIBRARY(${TARGET_SECURITY_CLIENT} SHARED ${SECURITY_CLIENT_SOURCES})
-
-SET_TARGET_PROPERTIES(
- ${TARGET_SECURITY_CLIENT}
- PROPERTIES
- LINK_FLAGS "-module -avoid-version"
- COMPILE_FLAGS "-D_GNU_SOURCE -DSECURITY_SERVER_DEBUG_DLOG -fPIC"
- SOVERSION ${SECURITY_CLIENT_VERSION_MAJOR}
- VERSION ${SECURITY_CLIENT_VERSION}
- )
-
-TARGET_LINK_LIBRARIES(${TARGET_SECURITY_CLIENT}
- ${SECURITY_SERVER_DEP_LIBRARIES}
- )
-
-################################################################################
-
-INSTALL(TARGETS ${TARGET_SECURITY_CLIENT} DESTINATION lib)
-
-INSTALL(TARGETS ${TARGET_SECURITY_SERVER} DESTINATION bin)
-
-INSTALL(FILES
- ${SECURITY_SERVER_PATH}/include/security-server.h
- DESTINATION /usr/include/security-server
- )
-
-INSTALL(FILES
- ${SECURITY_SERVER_PATH}/mw-list
- DESTINATION /usr/share/security-server
- )
-
-INSTALL(FILES
- ${SECURITY_SERVER_PATH}/security-serverd
- DESTINATION /etc/rc.d/init.d
- )
-
-################################################################################
-
-#CONFIGURE_FILE(security-server.pc.in security-server.pc @ONLY)
-#INSTALL
-
-################################################################################
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file ace_server_api.h
- * @author Zofia Abramowska (z.abramowska@samsung.com)
- * @version 1.0
- * @brief This file contains definitions of ACE server interface name & methods.
- */
-
-#ifndef WRT_SRC_RPC_SECURITY_DAEMON_ACE_SERVER_API_H_
-#define WRT_SRC_RPC_SECURITY_DAEMON_ACE_SERVER_API_H_
-
-#include<string>
-
-
-namespace WrtSecurity{
-namespace AceServerApi{
-
- // DBus interface names
- inline const std::string INTERFACE_NAME()
- {
- return "org.tizen.AceCheckAccessInterface";
- }
-
- // IN string subject
- // IN string resource
- // IN vector<string> function param names
- // IN vector<string> function param values
- // OUT int allow, deny, popup type
- inline const std::string CHECK_ACCESS_METHOD()
- {
- return "check_access";
- }
-
- // IN string subject
- // IN string resource
- // OUT int allow, deny, popup type
- inline const std::string CHECK_ACCESS_INSTALL_METHOD()
- {
- return "check_access_install";
- }
-
- // Policy update trigger
- inline const std::string UPDATE_POLICY_METHOD()
- {
- return "update_policy";
- }
-};
-};
-
-
-#endif // WRT_SRC_RPC_SECURITY_DAEMON_ACE_SERVER_API_H_
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file ace_service.cpp
- * @author Lukasz Wrzosek (l.wrzosek@samsung.com)
- * @version 1.0
- * @brief This is implementation file of AceService service
- */
-
-#include <dpl/log/log.h>
-#include <security_controller.h>
-
-#include "security_daemon.h"
-
-namespace AceService
-{
-
-class AceService : public SecurityDaemon::DaemonService
-{
- private:
- virtual void initialize()
- {
- LogDebug("AceService initializing");
-
- SecurityControllerSingleton::Instance().Touch();
- SecurityControllerSingleton::Instance().SwitchToThread(NULL);
-
- CONTROLLER_POST_SYNC_EVENT(
- SecurityController,
- SecurityControllerEvents::InitializeSyncEvent());
- }
-
- virtual void start()
- {
- LogDebug("Starting AceService");
- }
-
- virtual void stop()
- {
- LogDebug("Stopping AceService");
- }
-
- virtual void deinitialize()
- {
- LogDebug("AceService deinitializing");
- SecurityControllerSingleton::Instance().SwitchToThread(NULL);
- //this is direct call inside
- CONTROLLER_POST_SYNC_EVENT(
- SecurityController,
- SecurityControllerEvents::TerminateSyncEvent());
- }
-
-};
-
-DAEMON_REGISTER_SERVICE_MODULE(AceService)
-
-}//namespace AceService
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file ace_service_dbus_interface.cpp
- * @author Tomasz Swierczek (t.swierczek@samsung.com)
- * @version 1.0
- * @brief Implementation of ACE server API.
- */
-#include <dpl/foreach.h>
-#include <vector>
-#include <string>
-#include "ace_server_dbus_interface.h"
-#include <dpl/dbus/dbus_server_deserialization.h>
-#include <dpl/dbus/dbus_server_serialization.h>
-
-#include <ace/Request.h>
-#include <ace/PolicyResult.h>
-#include <security_controller.h>
-#include <attribute_facade.h>
-
-
-namespace RPC {
-
-void AceServerDBusInterface::onMethodCall(const gchar* methodName,
- GVariant* parameters,
- GDBusMethodInvocation* invocation)
-{
- using namespace WrtSecurity;
-
- if (0 == g_strcmp0(methodName, AceServerApi::ECHO_METHOD().c_str()))
- {
- std::string str;
- DPL::DBus::ServerDeserialization::deserialize(parameters, &str);
- g_dbus_method_invocation_return_value(invocation,
- DPL::DBus::ServerSerialization::serialize(str));
- } else if (0 == g_strcmp0(methodName,
- AceServerApi::CHECK_ACCESS_METHOD().c_str()))
- {
- int widgetHandle;
- std::string subject, resource, sessionId;
- std::vector<std::string> paramNames, paramValues;
- if (!DPL::DBus::ServerDeserialization::deserialize(parameters,
- &widgetHandle,
- &subject,
- &resource,
- ¶mNames,
- ¶mValues,
- &sessionId)) {
- g_dbus_method_invocation_return_dbus_error(
- invocation,
- "org.tizen.AceCheckAccessInterface.UnknownError",
- "Error in deserializing input parameters");
- return;
- }
- if (paramNames.size() != paramValues.size()) {
- g_dbus_method_invocation_return_dbus_error(
- invocation,
- "org.tizen.AceCheckAccessInterface.UnknownError",
- "Varying sizes of parameter names and parameter values");
- return;
- }
- LogDebug("We got subject: " << subject);
- LogDebug("We got resource: " << resource);
-
- FunctionParamImpl params;
- for (size_t i = 0; i < paramNames.size(); ++i) {
- params.addAttribute(paramNames[i], paramValues[i]);
- }
-
- Request request(widgetHandle,
- WidgetExecutionPhase_Invoke,
- ¶ms);
- request.addDeviceCapability(resource);
-
- PolicyResult result(PolicyEffect::DENY);
- CONTROLLER_POST_SYNC_EVENT(
- SecurityController,
- SecurityControllerEvents::CheckRuntimeCallSyncEvent(
- &result,
- &request,
- sessionId));
-
- int response = PolicyResult::serialize(result);
- g_dbus_method_invocation_return_value(invocation,
- DPL::DBus::ServerSerialization::serialize(response));
- } else if (0 == g_strcmp0(methodName,
- AceServerApi::CHECK_ACCESS_INSTALL_METHOD().c_str()))
- {
- int widgetHandle;
- std::string resource;
- if (!DPL::DBus::ServerDeserialization::deserialize(parameters,
- &widgetHandle,
- &resource)) {
- g_dbus_method_invocation_return_dbus_error(
- invocation,
- "org.tizen.AceCheckAccessInterface.UnknownError",
- "Error in deserializing input parameters");
- return;
- }
- LogDebug("We got handle: " << widgetHandle);
- LogDebug("We got resource: " << resource);
-
- Request request(widgetHandle,
- WidgetExecutionPhase_WidgetInstall);
- request.addDeviceCapability(resource);
-
- PolicyResult result(PolicyEffect::DENY);
- CONTROLLER_POST_SYNC_EVENT(
- SecurityController,
- SecurityControllerEvents::CheckFunctionCallSyncEvent(
- &result,
- &request));
-
- int response = PolicyResult::serialize(result);
- g_dbus_method_invocation_return_value(invocation,
- DPL::DBus::ServerSerialization::serialize(response));
- } else if (0 == g_strcmp0(methodName,
- AceServerApi::UPDATE_POLICY_METHOD().c_str()))
- {
- LogDebug("Policy update DBus message received");
- CONTROLLER_POST_SYNC_EVENT(
- SecurityController,
- SecurityControllerEvents::UpdatePolicySyncEvent());
- g_dbus_method_invocation_return_value(invocation, NULL);
- } else {
- // invalid method name
- g_dbus_method_invocation_return_value(invocation, NULL);
- }
-}
-
-} // namespace RPC
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file ace_service_dbus_interface.h
- * @author Tomasz Swierczek (t.swierczek@samsung.com)
- * @version 1.0
- * @brief Class that handles ACE server API.
- */
-#ifndef WRT_SRC_RPC_SECURITY_DAEMON_ACE_SERVER_DBUS_INTERFACE_H_
-#define WRT_SRC_RPC_SECURITY_DAEMON_ACE_SERVER_DBUS_INTERFACE_H_
-
-#include <dpl/dbus/dbus_interface_dispatcher.h>
-#include "api/ace_server_dbus_api.h"
-
-namespace RPC {
-
-class AceServerDBusInterface : public DPL::DBus::InterfaceDispatcher {
- public:
- AceServerDBusInterface():
- DPL::DBus::InterfaceDispatcher(WrtSecurity::AceServerApi::INTERFACE_NAME())
- {
- using namespace WrtSecurity;
-
- setXmlSignature("<node>"
- " <interface name='" + AceServerApi::INTERFACE_NAME() + "'>"
- " <method name='" + AceServerApi::ECHO_METHOD() + "'>"
- " <arg type='s' name='input' direction='in'/>"
- " <arg type='s' name='output' direction='out'/>"
- " </method>"
- " <method name='" + AceServerApi::CHECK_ACCESS_METHOD() + "'>"
- " <arg type='i' name='handle' direction='in'/>"
- " <arg type='s' name='subject' direction='in'/>"
- " <arg type='s' name='resource' direction='in'/>"
- " <arg type='as' name='parameter names' direction='in'/>"
- " <arg type='as' name='parameter values' direction='in'/>"
- " <arg type='s' name='session' direction='in'/>"
- " <arg type='i' name='output' direction='out'/>"
- " </method>"
- " <method name='" + AceServerApi::CHECK_ACCESS_INSTALL_METHOD() + "'>"
- " <arg type='i' name='handle' direction='in'/>"
- " <arg type='s' name='resource' direction='in'/>"
- " <arg type='i' name='output' direction='out'/>"
- " </method>"
- " <method name='" + AceServerApi::UPDATE_POLICY_METHOD() + "'>"
- " </method>"
- " </interface>"
- "</node>");
- }
-
- virtual ~AceServerDBusInterface()
- {}
-
- virtual void onMethodCall(const gchar* methodName,
- GVariant* parameters,
- GDBusMethodInvocation* invocation);
-};
-
-} // namespace RPC
-
-#endif // WRT_SRC_RPC_SECURITY_DAEMON_ACE_SERVER_DBUS_INTERFACE_H_
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file ace_server_api.h
- * @author Tomasz Swierczek (t.swierczek@samsung.com)
- * @version 1.0
- * @brief This file contains definitions ACE server interface & methods specifically needed by DBUS.
- */
-#ifndef WRT_SRC_RPC_SECURITY_DAEMON_ACE_SERVER_DBUS_API_H_
-#define WRT_SRC_RPC_SECURITY_DAEMON_ACE_SERVER_DBUS_API_H_
-
-#include "ace_server_api.h"
-#include<string>
-
-namespace WrtSecurity{
-namespace AceServerApi{
-
- // RPC test function
- // IN std::string
- // OUT std::string
- inline const std::string ECHO_METHOD()
- {
- return "echo";
- }
-};
-};
-
-
-#endif // WRT_SRC_RPC_SECURITY_DAEMON_ACE_SERVER_DBUS_API_H_
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * This file contain consts for Signing Template and Policy Manager
- * This values will be used to specified and identified algorithms in xml policy documents.
- * Its consistent with BONDI 1.0 released requirements
- *
- * NOTE: This values should be verified when ACF will be updated to the latest version of BONDI requirements
- * This values comes from widget digital signature 1.0 - required version of this doc is very important
- *
- **/
-
-#ifndef ACF_CONSTS_TYPES_H
-#define ACF_CONSTS_TYPES_H
-
-//Digest Algorithms
-extern const char* DIGEST_ALG_SHA256;
-
-//Canonicalization Algorithms
-extern const char* CANONICAL_ALG_C14N;
-
-//Signature Algorithms
-extern const char* SIGNATURE_ALG_RSA_with_SHA256;
-extern const char* SIGNATURE_ALG_DSA_with_SHA1;
-extern const char* SIGNATURE_ALG_ECDSA_with_SHA256;
-
-#endif
-
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/**
- *
- * This file contains classes that implement WRT_INTERFACE.h interfaces,
- * so that ACE could access WRT specific and other information during
- * the decision making.
- *
- * @file attribute_.cpp
- * @author Jaroslaw Osmanski (j.osmanski@samsung.com)
- * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com)
- * @author Ming Jin(ming79.jin@samsung.com)
- * @version 1.0
- * @brief Implementation file for attributes obtaining.
- */
-
-#include <dpl/exception.h>
-#include <sstream>
-#include <algorithm>
-#include <list>
-#include <string>
-#include <sstream>
-#include <stdexcept>
-#include <map>
-#include <cstdlib>
-#include <ace-dao-ro/AceDAOReadOnly.h>
-#include <ace/WRT_INTERFACE.h>
-#include <map>
-#include <dpl/log/log.h>
-#include <dpl/foreach.h>
-#include <attribute_facade.h>
-#include <ace/Request.h>
-#include <simple_roaming_agent.h>
-
-namespace // anonymous
-{
-typedef std::list<std::string> AttributeHandlerResponse;
-
-typedef AttributeHandlerResponse (*AttributeHandler)(
- const WidgetExecutionPhase &phase,
- const WidgetHandle &widgetHandle);
-typedef AttributeHandlerResponse (*ResourceAttributeHandler)(
- const WidgetExecutionPhase &phase,
- const WidgetHandle &widgetHandle,
- const Request &request);
-
-AttributeHandlerResponse AttributeClassHandler(const WidgetExecutionPhase & /*phase*/,
- const WidgetHandle & /*widgetHandle*/)
-{
- AttributeHandlerResponse response;
- response.push_back("widget");
- return response;
-}
-
-AttributeHandlerResponse AttributeInstallUriHandler(
- const WidgetExecutionPhase & /*phase*/,
- const WidgetHandle &widgetHandle)
-{
- AttributeHandlerResponse response;
- std::string value = AceDB::AceDAOReadOnly::getShareHref(widgetHandle);
- if(!value.empty())
- response.push_back(value);
- return response;
-}
-
-AttributeHandlerResponse AttributeVersionHandler(const WidgetExecutionPhase & /*phase*/,
- const WidgetHandle &widgetHandle)
-{
- AttributeHandlerResponse response;
-
- std::string value = AceDB::AceDAOReadOnly::getVersion(widgetHandle);
-
- if (!value.empty()) {
- response.push_back(value);
- }
-
- return response;
-}
-
-AttributeHandlerResponse AttributeDistributorKeyCnHandler(
- const WidgetExecutionPhase & /*phase*/,
- const WidgetHandle &widgetHandle)
-{
- AttributeHandlerResponse response;
- response = AceDB::AceDAOReadOnly::getKeyCommonNameList(widgetHandle,
- AceDB::WidgetCertificateData::DISTRIBUTOR, AceDB::WidgetCertificateData::ENDENTITY);
- return response;
-}
-
-AttributeHandlerResponse AttributeDistributorKeyFingerprintHandler(
- const WidgetExecutionPhase & /*phase*/,
- const WidgetHandle &widgetHandle)
-{
- AttributeHandlerResponse response;
- response = AceDB::AceDAOReadOnly::getKeyFingerprints(widgetHandle,
- AceDB::WidgetCertificateData::DISTRIBUTOR, AceDB::WidgetCertificateData::ENDENTITY);
- return response;
-}
-
-AttributeHandlerResponse AttributeDistributorKeyRootCnHandler(
- const WidgetExecutionPhase & /*phase*/,
- const WidgetHandle &widgetHandle)
-{
- AttributeHandlerResponse response;
- response = AceDB::AceDAOReadOnly::getKeyCommonNameList(widgetHandle,
- AceDB::WidgetCertificateData::DISTRIBUTOR, AceDB::WidgetCertificateData::ROOT);
- return response;
-}
-
-AttributeHandlerResponse AttributeDistributorKeyRootFingerprintHandler(
- const WidgetExecutionPhase & /*phase*/,
- const WidgetHandle &widgetHandle)
-{
- AttributeHandlerResponse response;
- response = AceDB::AceDAOReadOnly::getKeyFingerprints(widgetHandle,
- AceDB::WidgetCertificateData::DISTRIBUTOR, AceDB::WidgetCertificateData::ROOT);
- return response;
-}
-
-AttributeHandlerResponse AttributeAuthorKeyCnHandler(
- const WidgetExecutionPhase & /*phase*/,
- const WidgetHandle &widgetHandle)
-{
- AttributeHandlerResponse response;
- response = AceDB::AceDAOReadOnly::getKeyCommonNameList(widgetHandle,
- AceDB::WidgetCertificateData::AUTHOR, AceDB::WidgetCertificateData::ENDENTITY);
- return response;
-}
-
-AttributeHandlerResponse AttributeAuthorKeyFingerprintHandler(
- const WidgetExecutionPhase & /*phase*/,
- const WidgetHandle &widgetHandle)
-{
- AttributeHandlerResponse response;
- response = AceDB::AceDAOReadOnly::getKeyFingerprints(widgetHandle,
- AceDB::WidgetCertificateData::AUTHOR, AceDB::WidgetCertificateData::ENDENTITY);
- return response;
-}
-
-AttributeHandlerResponse AttributeAuthorKeyRootCnHandler(
- const WidgetExecutionPhase & /*phase*/,
- const WidgetHandle &widgetHandle)
-{
- AttributeHandlerResponse response;
- response = AceDB::AceDAOReadOnly::getKeyCommonNameList(widgetHandle,
- AceDB::WidgetCertificateData::AUTHOR, AceDB::WidgetCertificateData::ROOT);
- return response;
-}
-
-AttributeHandlerResponse AttributeAuthorKeyRootFingerprintHandler(
- const WidgetExecutionPhase & /*phase*/,
- const WidgetHandle &widgetHandle)
-{
- AttributeHandlerResponse response;
- response = AceDB::AceDAOReadOnly::getKeyFingerprints(widgetHandle,
- AceDB::WidgetCertificateData::AUTHOR, AceDB::WidgetCertificateData::ROOT);
- return response;
-}
-
-AttributeHandlerResponse AttributeNetworkAccessUriHandler(
- const WidgetExecutionPhase & /*phase*/,
- const WidgetHandle & /*widgetHandle*/)
-{
- AttributeHandlerResponse response;
- return response;
-}
-
-AttributeHandlerResponse AttributeIdHandler(const WidgetExecutionPhase & /*phase*/,
- const WidgetHandle &widgetHandle)
-{
- AttributeHandlerResponse response;
-
- std::string wGUID = AceDB::AceDAOReadOnly::getGUID(widgetHandle);
-
- if (!wGUID.empty()) {
- response.push_back(wGUID);
- }
- return response;
-}
-
-AttributeHandlerResponse AttributeAuthorNameHandler(
- const WidgetExecutionPhase & /*phase*/,
- const WidgetHandle &widgetHandle)
-{
- AttributeHandlerResponse response;
-
- std::string value = AceDB::AceDAOReadOnly::getAuthorName(widgetHandle);
-
- if (!value.empty()) {
- response.push_back(value);
- }
-
- return response;
-}
-
-AttributeHandlerResponse AttributeRoamingHandler(
- const WidgetExecutionPhase &phase,
- const WidgetHandle & /*widgetHandle*/)
-{
- AttributeHandlerResponse response;
-
- if (WidgetExecutionPhase_WidgetInstall == phase) {
- // TODO undetermind value
- response.push_back(std::string(""));
- } else if (SimpleRoamingAgentSingleton::Instance().IsRoamingOn()) {
- response.push_back(std::string("true"));
- } else {
- response.push_back(std::string("false"));
- }
-
- return response;
-}
-
-AttributeHandlerResponse AttributeBearerTypeHandler(
- const WidgetExecutionPhase & /*phase*/,
- const WidgetHandle & /*widgetHandle*/)
-{
- AttributeHandlerResponse response;
-
- std::string bearerName = "undefined-bearer-name";
-
- if (bearerName.empty()) {
- LogWarning("Bearer-type is NOT SET or empty");
- } else {
- response.push_back(bearerName);
- }
-
- return response;
-}
-
-struct AttributeHandlerContext
-{
- std::string name;
- WidgetExecutionPhase allowedPhaseMask;
- AttributeHandler handler;
-};
-
-// Private masks
-const WidgetExecutionPhase WidgetExecutionPhase_All =
- static_cast<WidgetExecutionPhase>(
- WidgetExecutionPhase_WidgetInstall |
- WidgetExecutionPhase_WidgetInstantiate |
- WidgetExecutionPhase_WebkitBind |
- WidgetExecutionPhase_Invoke);
-const WidgetExecutionPhase WidgetExecutionPhase_NoWidgetInstall =
- static_cast<WidgetExecutionPhase>(
- WidgetExecutionPhase_WidgetInstantiate |
- WidgetExecutionPhase_WebkitBind |
- WidgetExecutionPhase_Invoke);
-
-#define ALL_PHASE(name, handler) \
- { # name, WidgetExecutionPhase_All, handler },
-
-#define NO_INSTALL(name, handler) \
- { # name, WidgetExecutionPhase_NoWidgetInstall, handler },
-
-AttributeHandlerContext HANDLED_ATTRIBUTES_LIST[] = {
- ALL_PHASE(Class, &AttributeClassHandler)
- ALL_PHASE(install-uri, &AttributeInstallUriHandler)
- ALL_PHASE(version, &AttributeVersionHandler)
- ALL_PHASE(distributor-key-cn, &AttributeDistributorKeyCnHandler)
- ALL_PHASE(distributor-key-fingerprint,
- &AttributeDistributorKeyFingerprintHandler)
- ALL_PHASE(distributor-key-root-cn,
- &AttributeDistributorKeyRootCnHandler)
- ALL_PHASE(distributor-key-root-fingerprint,
- &AttributeDistributorKeyRootFingerprintHandler)
- ALL_PHASE(author-key-cn, &AttributeAuthorKeyCnHandler)
- ALL_PHASE(author-key-fingerprint, &AttributeAuthorKeyFingerprintHandler)
- ALL_PHASE(author-key-root-cn, &AttributeAuthorKeyRootCnHandler)
- ALL_PHASE(author-key-root-fingerprint,
- &AttributeAuthorKeyRootFingerprintHandler)
- ALL_PHASE(network-access-uri, &AttributeNetworkAccessUriHandler)
- ALL_PHASE(id, &AttributeIdHandler)
-// ALL_PHASE(name, &AttributeNameHandler)
-// ALL_PHASE(widget-attr:name, &AttributeWidgetAttrNameHandler)
- ALL_PHASE(author-name, &AttributeAuthorNameHandler)
- /* Enviroment attributes*/
- NO_INSTALL(roaming, &AttributeRoamingHandler)
- NO_INSTALL(bearer-type, &AttributeBearerTypeHandler)
-};
-
-#undef ALL_PHASE
-#undef NO_INSTALL
-
-const size_t HANDLED_ATTRIBUTES_LIST_COUNT =
- sizeof(HANDLED_ATTRIBUTES_LIST) / sizeof(HANDLED_ATTRIBUTES_LIST[0]);
-
-template<class T>
-class lambdaCollectionPusher
-{
- public:
- std::list<T>& m_collection;
- lambdaCollectionPusher(std::list<T>& collection) : m_collection(collection)
- {
- }
- void operator()(const T& element) const
- {
- m_collection.push_back(element);
- }
-};
-
-AttributeHandlerResponse AttributeDeviceCapHandler(const WidgetExecutionPhase & /*phase*/,
- const WidgetHandle & /*widgetHandle*/,
- const Request &request)
-{
- AttributeHandlerResponse response;
-
- Request::DeviceCapabilitySet capSet = request.getDeviceCapabilitySet();
- LogDebug("device caps set contains");
- FOREACH(dc, capSet)
- {
- LogDebug("-> " << *dc);
- }
-
- std::for_each(
- capSet.begin(),
- capSet.end(),
- lambdaCollectionPusher<std::string>(response));
-
- return response;
-}
-
-//class lambdaFeatureEquality :
-// public std::binary_function<FeatureHandle, int, bool>
-//{
-// public:
-// bool operator()(const FeatureHandle& wFeature,
-// const int& resurceId) const
-// {
-// return wFeature == resurceId;
-// }
-//};
-//
-//class lambdaPushFeatureName :
-// public std::binary_function<WidgetFeature, AttributeHandlerResponse, void>
-//{
-// void operator()(const WidgetFeature& wFeature,
-// AttributeHandlerResponse& response) const
-// {
-// response.push_back(DPL::ToUTF8String(wFeature.name));
-// }
-//};
-
-AttributeHandlerResponse AttributeApiFeatureHandler(
- const WidgetExecutionPhase & /* phase */,
- const WidgetHandle & /* widgetHandle */,
- const Request & /* request */)
-{
- LogDebug("WAC 2.0 does not support api-feature and resource-id in policy.");
- AttributeHandlerResponse response;
- return response;
-}
-
-AttributeHandlerResponse AttributeFeatureInstallUriHandler(
- const WidgetExecutionPhase & /* phase */,
- const WidgetHandle & /* widgetHandle */,
- const Request & /* request */)
-{
- LogDebug("WAC 2.0 does not support feature-install-uri is policy!");
- AttributeHandlerResponse response;
- return response;
-}
-
-AttributeHandlerResponse AttributeFeatureFeatureKeyCnHandler(
- const WidgetExecutionPhase & /* phase */,
- const WidgetHandle & /* widgetHandle */,
- const Request & /* request */)
-{
- LogDebug("WAC 2.0 does not support feature-key-cn is policy!");
- AttributeHandlerResponse response;
- return response;
-}
-
-AttributeHandlerResponse AttributeFeatureKeyRootCnHandler(
- const WidgetExecutionPhase & /* phase */,
- const WidgetHandle & /* widgetHandle */,
- const Request & /* request */)
-{
- LogDebug("WAC 2.0 does not support feature-key-root-cn is policy!");
- AttributeHandlerResponse response;
- return response;
-}
-
-AttributeHandlerResponse AttributeFeatureKeyRootFingerprintHandler(
- const WidgetExecutionPhase & /* phase */,
- const WidgetHandle & /* widgetHandle */,
- const Request & /* request */)
-{
- LogDebug("WAC 2.0 does not support"
- " feature-key-root-fingerprint is policy!");
- AttributeHandlerResponse response;
- return response;
-}
-
-struct ResourceAttributeHandlerContext
-{
- std::string name;
- WidgetExecutionPhase allowedPhaseMask;
- ResourceAttributeHandler handler;
-};
-
-#define ALL_PHASE(name, handler) \
- { # name, WidgetExecutionPhase_All, handler },
-
-ResourceAttributeHandlerContext HANDLED_RESOURCE_ATTRIBUTES_LIST[] = {
- ALL_PHASE(device-cap, &AttributeDeviceCapHandler)
- ALL_PHASE(api-feature, &AttributeApiFeatureHandler)
- // For compatiblity with older policies we tread resource-id
- // identically as api-feature
- ALL_PHASE(resource-id, &AttributeApiFeatureHandler)
-
- ALL_PHASE(feature-install-uri, &AttributeFeatureInstallUriHandler)
- ALL_PHASE(feature-key-cn, &AttributeFeatureFeatureKeyCnHandler)
- ALL_PHASE(feature-key-root-cn, &AttributeFeatureKeyRootCnHandler)
- ALL_PHASE(feature-key-root-fingerprint,
- &AttributeFeatureKeyRootFingerprintHandler)
-};
-
-#undef ALL_PHASE
-
-const size_t HANDLED_RESOURCE_ATTRIBUTES_LIST_COUNT =
- sizeof(HANDLED_RESOURCE_ATTRIBUTES_LIST) /
- sizeof(HANDLED_RESOURCE_ATTRIBUTES_LIST[0]);
-} // namespace anonymous
-
-/*
- * class WebRuntimeImpl
- */
-int WebRuntimeImpl::getAttributesValuesLoop(const Request &request,
- std::list<ATTRIBUTE>* attributes,
- WidgetExecutionPhase executionPhase)
-{
- UNHANDLED_EXCEPTION_HANDLER_BEGIN
- {
- WidgetHandle widgetHandle = request.getWidgetHandle();
-
- FOREACH(itr, *attributes)
- {
- // Get attribute name
- std::string attribute = *itr->first;
-
- // Search for attribute handler
- bool attributeFound = false;
-
- for (size_t i = 0; i < HANDLED_ATTRIBUTES_LIST_COUNT; ++i) {
- if (HANDLED_ATTRIBUTES_LIST[i].name == attribute) {
- // Check if execution phase is valid
- if ((executionPhase &
- HANDLED_ATTRIBUTES_LIST[i].allowedPhaseMask) == 0) {
- // Attribute found, but execution state
- // forbids to execute handler
- LogWarning(
- "Request for attribute: '" <<
- attribute << "' which is supported " <<
- "but forbidden at widget execution phase: "
- <<
- executionPhase);
- } else {
- // Execution phase allows handler
- AttributeHandlerResponse attributeResponse =
- (*HANDLED_ATTRIBUTES_LIST[i].handler)(
- executionPhase,
- widgetHandle);
- std::copy(attributeResponse.begin(),
- attributeResponse.end(),
- std::back_inserter(*itr->second));
- }
-
- attributeFound = true;
- break;
- }
- }
-
- if (!attributeFound) {
- LogWarning("Request for attribute: '" <<
- attribute << "' which is not supported");
- }
- }
-
- return 0;
- }
- UNHANDLED_EXCEPTION_HANDLER_END
-}
-
-int WebRuntimeImpl::getAttributesValues(const Request &request,
- std::list<ATTRIBUTE>* attributes)
-{
- UNHANDLED_EXCEPTION_HANDLER_BEGIN
- {
- // Get current execution state
- WidgetExecutionPhase executionPhase =
- request.getExecutionPhase();
-
- return getAttributesValuesLoop(request, attributes, executionPhase);
- }
- UNHANDLED_EXCEPTION_HANDLER_END
-}
-
-std::string WebRuntimeImpl::getSessionId(const Request & /* request */)
-{
- std::string result;
- LogError("Not implemented!");
- return result;
-}
-
-WebRuntimeImpl::WebRuntimeImpl()
-{
-}
-
-/*
- * class ResourceInformationImpl
- */
-
-int ResourceInformationImpl::getAttributesValuesLoop(const Request &request,
- std::list<ATTRIBUTE>* attributes,
- WidgetExecutionPhase executionPhase)
-{
- // Currently, we assume widgets have internal representation of integer IDs
- WidgetHandle widgetHandle = request.getWidgetHandle();
- //TODO add resource id string analyzys
- FOREACH(itr, *attributes)
- {
- // Get attribute name
- std::string attribute = *itr->first;
- LogDebug("getting attribute value for: " << attribute);
- FOREACH(aaa, *itr->second)
- {
- LogDebug("its value is: " << *aaa);
- }
-
- // Search for attribute handler
- bool attributeFound = false;
-
- for (size_t i = 0; i < HANDLED_RESOURCE_ATTRIBUTES_LIST_COUNT; ++i) {
- if (HANDLED_RESOURCE_ATTRIBUTES_LIST[i].name == attribute) {
- // Check if execution phase is valid
- if ((executionPhase &
- HANDLED_RESOURCE_ATTRIBUTES_LIST[i].allowedPhaseMask) ==
- 0) {
- // Attribute found, but execution state
- // forbids to execute handler
- LogDebug(
- "Request for attribute: '" <<
- attribute <<
- "' which is supported but forbidden " <<
- "at widget execution phase: " << executionPhase);
- itr->second = NULL;
- } else {
- // Execution phase allows handler
- AttributeHandlerResponse attributeResponse =
- (*HANDLED_RESOURCE_ATTRIBUTES_LIST[i].handler)(
- executionPhase,
- widgetHandle,
- request);
- std::copy(attributeResponse.begin(),
- attributeResponse.end(),
- std::back_inserter(*itr->second));
-
- std::ostringstream attributeResponseFull;
-
- for (AttributeHandlerResponse::const_iterator
- it = attributeResponse.begin();
- it != attributeResponse.end(); ++it) {
- attributeResponseFull <<
- (it == attributeResponse.begin() ? "" : ", ") <<
- *it;
- }
-
- LogDebug("Attribute(" << attribute << ") = " <<
- attributeResponseFull.str());
- }
-
- attributeFound = true;
- break;
- }
- }
-
- if (!attributeFound) {
- LogWarning("Request for attribute: '" << attribute <<
- "' which is not supported");
- }
- }
- return 0;
-}
-
-int ResourceInformationImpl::getAttributesValues(const Request &request,
- std::list<ATTRIBUTE>* attributes)
-{
- UNHANDLED_EXCEPTION_HANDLER_BEGIN
- {
- // Get current execution state
- WidgetExecutionPhase executionPhase =
- request.getExecutionPhase();
- return getAttributesValuesLoop(request, attributes, executionPhase);
- }
- UNHANDLED_EXCEPTION_HANDLER_END
-}
-
-ResourceInformationImpl::ResourceInformationImpl()
-{
-}
-
-/*
- * class OperationSystemImpl
- */
-
-int OperationSystemImpl::getAttributesValues(const Request &request,
- std::list<ATTRIBUTE>* attributes)
-{
- UNHANDLED_EXCEPTION_HANDLER_BEGIN
- {
- //FIXME:
- //GetExecution name without widget name
- WidgetExecutionPhase executionPhase =
- request.getExecutionPhase();
-
- FOREACH(itr, *attributes)
- {
- // Get attribute name
- std::string attribute = *itr->first;
-
- // Search for attribute handler
- bool attributeFound = false;
-
- for (size_t i = 0; i < HANDLED_ATTRIBUTES_LIST_COUNT; ++i) {
- if (HANDLED_ATTRIBUTES_LIST[i].name == attribute) {
- // Check if execution phase is valid
- if ((executionPhase &
- HANDLED_ATTRIBUTES_LIST[i].allowedPhaseMask) == 0) {
- // Attribute found, but execution state forbids
- // to execute handler
- LogDebug("Request for attribute: '" << attribute <<
- "' which is supported but forbidden at " <<
- "widget execution phase: " << executionPhase);
- itr->second = NULL;
- } else {
- // Execution phase allows handler
- AttributeHandlerResponse attributeResponse =
- (*HANDLED_ATTRIBUTES_LIST[i].handler)(
- executionPhase,
- 0);
- std::copy(attributeResponse.begin(),
- attributeResponse.end(),
- std::back_inserter(*itr->second));
-
- std::ostringstream attributeResponseFull;
-
- typedef AttributeHandlerResponse::const_iterator Iter;
- FOREACH(it, attributeResponse)
- {
- attributeResponseFull <<
- (it == attributeResponse.begin()
- ? "" : ", ") << *it;
- }
-
- LogDebug("Attribute(" << attribute <<
- ") = " << attributeResponseFull.str());
- }
-
- attributeFound = true;
- break;
- }
- }
-
- if (!attributeFound) {
- LogWarning("Request for attribute: '" << attribute <<
- "' which is not supported");
- }
- }
-
- return 0;
- }
- UNHANDLED_EXCEPTION_HANDLER_END
-}
-
-OperationSystemImpl::OperationSystemImpl()
-{
-}
-
-/*
- * end of class OperationSystemImpl
- */
-
-int FunctionParamImpl::getAttributesValues(const Request & /*request*/,
- std::list<ATTRIBUTE> *attributes)
-{
- FOREACH(iter, *attributes)
- {
- std::string attributeName = *(iter->first);
-
- ParamMap::const_iterator i;
- std::pair<ParamMap::const_iterator, ParamMap::const_iterator> jj =
- paramMap.equal_range(attributeName);
-
- for (i = jj.first; i != jj.second; ++i) {
- iter->second->push_back(i->second);
- LogDebug("Attribute: " << attributeName << " Value: " <<
- i->second);
- }
- }
- return 0;
-}
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/**
- * @file attribute_facade.h
- * @author Jaroslaw Osmanski (j.osmanski@samsung.com)
- * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com)
- * @version 1.0
- * @brief This file contains the declaration of WebRuntimeImpl,
- * ResourceInformationImpl, OperationSystemImpl
- */
-
-#ifndef ATTRIBUTE_FACADE_H
-#define ATTRIBUTE_FACADE_H
-
-#include <string>
-#include <map>
-#include <vector>
-
-#include <ace/WRT_INTERFACE.h>
-
-class Request;
-
-class WebRuntimeImpl : public IWebRuntime
-{
- public:
- // Return current sessionId
- int getAttributesValuesLoop(const Request &request,
- std::list<ATTRIBUTE>* attributes,
- WidgetExecutionPhase executionPhase);
-
- int getAttributesValues(const Request &request,
- std::list<ATTRIBUTE>* attributes);
- virtual std::string getSessionId(const Request &request);
- WebRuntimeImpl();
-};
-
-class ResourceInformationImpl : public IResourceInformation
-{
- public:
- int getAttributesValuesLoop(const Request &request,
- std::list<ATTRIBUTE>* attributes,
- WidgetExecutionPhase executionPhase);
- int getAttributesValues(const Request &request,
- std::list<ATTRIBUTE>* attributes);
- ResourceInformationImpl();
-};
-
-class OperationSystemImpl : public IOperationSystem
-{
- public:
- /**
- * gather and set attributes values for specified attribute name
- * @param attributes is a list of pairs(
- * first: pointer to attribute name
- * second: list of values for attribute (std::string) -
- * its a list of string (BONDI requirement), but usually there
- * will be only one string
- */
- int getAttributesValues(const Request &request,
- std::list<ATTRIBUTE>* attributes);
- OperationSystemImpl();
-};
-
-class FunctionParamImpl : public IFunctionParam
-{
- public:
- virtual int getAttributesValues(const Request & /*request*/,
- std::list<ATTRIBUTE> *attributes);
- void addAttribute(const std::string &key,
- const std::string &value)
- {
- paramMap.insert(make_pair(key, value));
- }
- virtual ~FunctionParamImpl()
- {
- }
-
- private:
- typedef std::multimap<std::string, std::string> ParamMap;
- ParamMap paramMap;
-};
-
-typedef std::vector <FunctionParamImpl> FunctionParams;
-
-#endif //ATTRIBUTE_FACADE_H
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/**
- * This class simply redirects the access requests to access control engine.
- * The aim is to hide access control engine specific details from WRT modules.
- * It also implements WRT_INTERFACE.h interfaces, so that ACE could access
- * WRT specific and other information during the decision making.
- *
- * @file security_controller.cpp
- * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com)
- * @author Ming Jin(ming79.jin@samsung.com)
- * @version 1.0
- * @brief Implementation file for security controller
- */
-#include <security_controller.h>
-#include <ace/PolicyEnforcementPoint.h>
-#include <ace/WRT_INTERFACE.h>
-//#include <engine/PolicyEvaluatorFactory.h>
-//#include <logic/attribute_facade.h>
-#include <dpl/singleton_impl.h>
-#include <dpl/log/log.h>
-#include <security_logic.h>
-#include <security_caller.h>
-
-IMPLEMENT_SINGLETON(SecurityController)
-
-struct SecurityController::Impl
-{
- SecurityLogic logic;
-};
-
-SecurityController::SecurityController()
-{
- m_impl.Reset(new Impl);
-}
-
-SecurityController::~SecurityController()
-{
-}
-
-void SecurityController::OnEventReceived(
- const SecurityControllerEvents::InitializeSyncEvent & /* event */)
-{
- SecurityCallerSingleton::Instance().Run();
- m_impl->logic.initialize();
-}
-
-void SecurityController::OnEventReceived(
- const SecurityControllerEvents::UpdatePolicySyncEvent& /* event */)
-{
- m_impl->logic.updatePolicy();
-}
-
-void SecurityController::OnEventReceived(
- const SecurityControllerEvents::TerminateSyncEvent & /*event*/)
-{
- SecurityCallerSingleton::Instance().Quit();
- m_impl->logic.terminate();
-}
-
-void SecurityController::OnEventReceived(
- const SecurityControllerEvents::CheckFunctionCallSyncEvent &ev)
-{
- *ev.GetArg0() = m_impl->logic.checkFunctionCall(ev.GetArg1());
-}
-
-void SecurityController::OnEventReceived(
- const SecurityControllerEvents::CheckRuntimeCallSyncEvent &ev)
-{
- *ev.GetArg0() = m_impl->logic.checkFunctionCall(ev.GetArg1(), ev.GetArg2());
-}
-
-void SecurityController::OnEventReceived(
- const SecurityControllerEvents::ValidatePopupResponseEvent &ev)
-{
- m_impl->logic.validatePopupResponse(ev.GetArg0(),
- ev.GetArg1(),
- ev.GetArg2(),
- ev.GetArg3(),
- ev.GetArg4());
-}
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/**
- * This class simply redirects the access requests to access control engine.
- * The aim is to hide access control engine specific details from WRT modules.
- * It also implements WRT_INTERFACE.h interfaces, so that ACE could access
- * WRT specific and other information during the decision making.
- *
- * @file security_controller.h
- * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com)
- * @author Ming Jin(ming79.jin@samsung.com)
- * @version 1.0
- * @brief Header file for security controller
- */
-#ifndef SECURITY_CONTROLLER_H
-#define SECURITY_CONTROLLER_H
-
-#include <dpl/singleton.h>
-#include <dpl/event/controller.h>
-#include <dpl/generic_event.h>
-#include <dpl/scoped_ptr.h>
-#include <dpl/type_list.h>
-#include <string>
-#include <ace-dao-ro/PreferenceTypes.h>
-#include <ace/AbstractPolicyEnforcementPoint.h>
-#include <ace-dao-ro/PromptModel.h>
-#include <string>
-#include <dpl/event/inter_context_delegate.h>
-
-namespace Jobs {
-class Job;
-}
-
-namespace SecurityControllerEvents {
-DECLARE_GENERIC_EVENT_0(InitializeSyncEvent)
-DECLARE_GENERIC_EVENT_0(TerminateSyncEvent)
-DECLARE_GENERIC_EVENT_0(UpdatePolicySyncEvent)
-
-DECLARE_GENERIC_EVENT_2(CheckFunctionCallSyncEvent,
- PolicyResult *,
- Request *
- )
-
-DECLARE_GENERIC_EVENT_3(CheckRuntimeCallSyncEvent,
- PolicyResult *,
- Request *,
- std::string //sessionId
- )
-
-DECLARE_GENERIC_EVENT_5(ValidatePopupResponseEvent,
- Request *,
- bool, //is allowed
- Prompt::Validity,
- std::string, //sessionId
- bool* //check return value
- )
-
-} // namespace SecurityControllerEvents
-
-typedef DPL::TypeListDecl<
- SecurityControllerEvents::InitializeSyncEvent,
- SecurityControllerEvents::TerminateSyncEvent,
- SecurityControllerEvents::UpdatePolicySyncEvent,
- SecurityControllerEvents::ValidatePopupResponseEvent,
- SecurityControllerEvents::CheckRuntimeCallSyncEvent,
- SecurityControllerEvents::CheckFunctionCallSyncEvent>::Type
-SecurityControllerEventsTypeList;
-
-class SecurityController :
- public DPL::Event::Controller<SecurityControllerEventsTypeList>
-{
- protected:
- virtual void OnEventReceived(
- const SecurityControllerEvents::InitializeSyncEvent &event);
- virtual void OnEventReceived(
- const SecurityControllerEvents::UpdatePolicySyncEvent &event);
- virtual void OnEventReceived(
- const SecurityControllerEvents::ValidatePopupResponseEvent &e);
- virtual void OnEventReceived(
- const SecurityControllerEvents::TerminateSyncEvent &event);
- virtual void OnEventReceived(
- const SecurityControllerEvents::CheckFunctionCallSyncEvent &e);
- virtual void OnEventReceived(
- const SecurityControllerEvents::CheckRuntimeCallSyncEvent &e);
-
- private:
- class Impl;
- DPL::ScopedPtr<Impl> m_impl;
-
- SecurityController();
- //This desctructor must be in implementation file (cannot be autogenerated)
- ~SecurityController();
-
- friend class DPL::Singleton<SecurityController>;
-};
-
-typedef DPL::Singleton<SecurityController> SecurityControllerSingleton;
-
-#endif // SECURITY_CONTROLLER_H
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/**
- * This class simply redirects the access requests to access control engine.
- * The aim is to hide access control engine specific details from WRT modules.
- * It also implements WRT_INTERFACE.h interfaces, so that ACE could access
- * WRT specific and other information during the decision making.
- *
- * @file security_controller.h
- # @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com)
- * @author Ming Jin(ming79.jin@samsung.com)
- * @author Piotr Kozbial (p.kozbial@samsung.com)
- * @version 1.0
- * @brief Header file for security logic
- */
-
-#include <security_logic.h>
-#include <attribute_facade.h>
-#ifdef WRT_SMACK_ENABLED
-#include <privilege-control.h>
-#endif
-#include <ace-dao-rw/AceDAO.h>
-#include <ace-dao-ro/AceDAOConversions.h>
-#include <ace/PolicyInformationPoint.h>
-#include <ace/PromptDecision.h>
-#include <dpl/log/log.h>
-
-namespace {
-
-Request::ApplicationType getAppType(const Request *request) {
- AceDB::AppTypes appType =
- AceDB::AceDAOReadOnly::getWidgetType(request->getWidgetHandle());
- switch (appType) {
- case AceDB::AppTypes::Tizen:
- LogDebug("==== Found Tizen application. ====");
- return Request::APP_TYPE_TIZEN;
- case AceDB::AppTypes::WAC20:
- LogDebug("==== Found Wac20 application. ====");
- return Request::APP_TYPE_WAC20;
- default:
- LogDebug("==== Unknown application type. ====");
- }
- return Request::APP_TYPE_UNKNOWN;
-}
-
-} // anonymous namespace
-
-void SecurityLogic::initialize() {
- AceDB::AceDAO::attachToThreadRW();
- m_policyEnforcementPoint.initialize(new WebRuntimeImpl(),
- new ResourceInformationImpl(),
- new OperationSystemImpl());
-}
-
-void SecurityLogic::terminate() {
- m_policyEnforcementPoint.terminate();
- AceDB::AceDAO::detachFromThread();
-}
-
-
-void SecurityLogic::grantPlatformAccess(const Request& request)
-{
- (void)request;
-#ifdef WRT_SMACK_ENABLED
- try {
- unsigned long long id =
- static_cast<unsigned long long>(request.getWidgetHandle());
- Request::DeviceCapabilitySet dc = request.getDeviceCapabilitySet();
-
- size_t i,size = dc.size();
- std::unique_ptr<const char*[]> array(new const char*[size+1]);
-
- array[size] = NULL;
- auto it = dc.begin();
-
- for(i=0; (i<size) && (it!=dc.end()); ++i,++it) {
- array[i] = it->c_str();
- }
- int ret = wrt_permissions_add(id, array.get());
- if (PC_OPERATION_SUCCESS != ret) {
- LogError("smack rules couldn't be granted");
- }
- } catch (std::bad_alloc&) {
- LogError("smack rules couldn't be granted: memory allocation failed");
- }
-#endif
-}
-
-PolicyResult SecurityLogic::checkFunctionCall(Request* request)
-{
- Assert(NULL != request);
-
- LogDebug("=== Check widget existance ===");
- Try {
- request->setAppType(getAppType(request));
- } Catch (AceDB::AceDAOReadOnly::Exception::DatabaseError) {
- LogError("==== Couldn't find widget for handle: " <<
- request->getWidgetHandle() << ". Access denied. ====");
- return PolicyEffect::DENY;
- }
-
- PolicyResult aceResult = m_policyEnforcementPoint.check(*request).policyResult;
-
- if (aceResult == PolicyEffect::PERMIT) {
- grantPlatformAccess(*request);
- return PolicyEffect::PERMIT;
- } else if (aceResult == PolicyEffect::PROMPT_ONESHOT ||
- aceResult == PolicyEffect::PROMPT_SESSION ||
- aceResult == PolicyEffect::PROMPT_BLANKET ||
- aceResult == PolicyDecision::NOT_APPLICABLE ||
- aceResult == PolicyResult::UNDETERMINED)
- {
- // TODO: check stored user answers!!!
- // if necessary, grant SMACK rules
- // return appropriately - the following is a dummy:
- return aceResult;
- } else {
- return PolicyEffect::DENY;
- }
-}
-
-PolicyResult SecurityLogic::checkFunctionCall(Request* request, const std::string &sessionId)
-{
- Assert(NULL != request);
- LogDebug("=== Check existance of widget === ");
- Try {
- request->setAppType(getAppType(request));
- } Catch (AceDB::AceDAOReadOnly::Exception::DatabaseError) {
- LogError("==== Couldn't find widget for handle: " <<
- request->getWidgetHandle() << ". Access denied. ====");
- return PolicyEffect::DENY;
- }
-
- ExtendedPolicyResult exAceResult = m_policyEnforcementPoint.check(*request);
- PolicyResult aceResult = exAceResult.policyResult;
-
- LogDebug("Result returned by policy " << aceResult << ". RuleID: " << exAceResult.ruleId);
-
- if (aceResult == PolicyEffect::PERMIT) {
- LogDebug("Grant access.");
- grantPlatformAccess(*request);
- return PolicyEffect::PERMIT;
- }
-
- if (aceResult == PolicyEffect::PROMPT_ONESHOT ||
- aceResult == PolicyEffect::DENY)
- {
- return aceResult;
- }
-
- OptionalCachedPromptDecision decision = AceDB::AceDAOReadOnly::getPromptDecision(
- request->getWidgetHandle(),
- exAceResult.ruleId);
-
- if (decision.IsNull()) {
- LogDebug("No CachedPromptDecision found.");
- return aceResult;
- }
-
- if (aceResult == PolicyEffect::PROMPT_BLANKET) {
- if (decision->decision == PromptDecision::ALLOW_ALWAYS) {
- LogDebug("Found user decision. Result changed to PERMIT. Access granted");
- grantPlatformAccess(*request);
- return PolicyEffect::PERMIT;
- }
- if (decision->decision == PromptDecision::DENY_ALWAYS) {
- LogDebug("Found user decision. Result changed to DENY.");
- return PolicyEffect::DENY;
- }
- if (decision->decision == PromptDecision::ALLOW_FOR_SESSION
- && !(decision->session.IsNull())
- && sessionId == DPL::ToUTF8String(*(decision->session)))
- {
- LogDebug("Result changed to PERMIT. Access granted.");
- grantPlatformAccess(*request);
- return PolicyEffect::PERMIT;
- }
- if (decision->decision == PromptDecision::DENY_FOR_SESSION
- && !(decision->session.IsNull())
- && sessionId == DPL::ToUTF8String(*(decision->session)))
- {
- LogDebug("Found user decision. Result changed to DENY.");
- return PolicyEffect::DENY;
- }
- return aceResult;
- }
-
- if (aceResult == PolicyEffect::PROMPT_SESSION) {
- if (decision->decision == PromptDecision::ALLOW_FOR_SESSION
- && !(decision->session.IsNull())
- && sessionId == DPL::ToUTF8String(*(decision->session)))
- {
- LogDebug("Found user decision. Result changed to PERMIT. Access granted.");
- grantPlatformAccess(*request);
- return PolicyEffect::PERMIT;
- }
- if (decision->decision == PromptDecision::DENY_FOR_SESSION
- && !(decision->session.IsNull())
- && sessionId == DPL::ToUTF8String(*(decision->session)))
- {
- LogDebug("Found user decision. Result changed to DENY.");
- return PolicyEffect::DENY;
- }
- return aceResult;
- }
-
- // This should not happend - all PolicyEffect values were supported before.
- // This mean that someone has modyfied PolicyEffect enum. SPANK SPANK SPANK
- LogError("Unsupported PolicyEffect!");
- return PolicyEffect::DENY;
-}
-
-void SecurityLogic::validatePopupResponse(Request* request,
- bool allowed,
- Prompt::Validity validity,
- const std::string& sessionId,
- bool* retValue)
-{
- Assert(NULL != retValue);
- Assert(NULL != request);
-
- LogDebug("Start");
- LogDebug("User answered: " << allowed << " with validity: " << validity);
- LogDebug("Check widget existance");
- Try {
- request->setAppType(getAppType(request));
- } Catch (AceDB::AceDAOReadOnly::Exception::DatabaseError) {
- LogError("==== Couldn't find widget for handle: " <<
- request->getWidgetHandle() << ". Access denied. ====");
- retValue = false;
- return;
- }
-
- *retValue = false;
- OptionalExtendedPolicyResult extendedAceResult =
- m_policyEnforcementPoint.checkFromCache(*request);
- if (extendedAceResult.IsNull()) {
- LogDebug("No cached policy result - but it should be here");
- LogDebug("returning " << *retValue);
- return;
- }
-
- PolicyResult aceResult = extendedAceResult->policyResult;
- if (aceResult == PolicyEffect::DENY) {
- LogDebug("returning " << *retValue);
- return;
- }
- if (aceResult == PolicyEffect::PERMIT) {
- // TODO we were asked for prompt validation
- // but we got that no prompt should be opened - is this OK?
- // (this is on the diagram in wiki)
- *retValue = true;
- } else if (aceResult == PolicyEffect::PROMPT_ONESHOT ||
- aceResult == PolicyEffect::PROMPT_SESSION ||
- aceResult == PolicyEffect::PROMPT_BLANKET)
- {
- Request::DeviceCapabilitySet devCaps =
- request->getDeviceCapabilitySet();
-
- FOREACH (it, devCaps) {
- Request::DeviceCapability resourceId = *it;
- LogDebug("Recheck: " << *it);
- // 1) check if per-widget settings permit
- AceDB::PreferenceTypes wgtPref =
- AceDB::AceDAOReadOnly::getWidgetDevCapSetting(
- resourceId,
- request->getWidgetHandle());
- if (AceDB::PreferenceTypes::PREFERENCE_DENY == wgtPref) {
- LogDebug("returning " << *retValue);
- return;
- }
- // 2) check if per-dev-cap settings permit
- AceDB::PreferenceTypes resPerf =
- AceDB::AceDAOReadOnly::getDevCapSetting(resourceId);
- if (AceDB::PreferenceTypes::PREFERENCE_DENY == resPerf) {
- LogDebug("returning " << *retValue);
- return;
- }
-
- // 3) check for stored propmt answer - should not be there
- // TODO - is this check necessary?
- AceDB::BaseAttributeSet attributes;
- AceDB::AceDAOReadOnly::getAttributes(&attributes);
- Request req(request->getWidgetHandle(),
- request->getExecutionPhase());
- req.addDeviceCapability(resourceId);
- PolicyInformationPoint *pip =
- m_policyEnforcementPoint.getPip();
-
- Assert(NULL != pip);
-
- pip->getAttributesValues(&req, &attributes);
- auto attrHash = AceDB::AceDaoConversions::convertToHash(attributes);
-
- // 4) validate consistency of answer with policy result
- Prompt::Validity clampedValidity =
- clampPromptValidity(validity, *(aceResult.getEffect()));
-
- // 5) store answer in database if appropriate
- // TODO how about userParam? sessionId?
- DPL::String userParam = DPL::FromUTF8String(sessionId);
- DPL::OptionalString sessionOptional =
- DPL::FromUTF8String(sessionId);
-
- switch (clampedValidity) {
- case Prompt::Validity::ALWAYS: {
- AceDB::AceDAO::setPromptDecision(
- request->getWidgetHandle(),
- extendedAceResult->ruleId,
- sessionOptional,
- allowed ?
- PromptDecision::ALLOW_ALWAYS :
- PromptDecision::DENY_ALWAYS);
- break; }
- case Prompt::Validity::SESSION: {
- AceDB::AceDAO::setPromptDecision(
- request->getWidgetHandle(),
- extendedAceResult->ruleId,
- sessionOptional,
- allowed ?
- PromptDecision::ALLOW_FOR_SESSION :
- PromptDecision::DENY_FOR_SESSION);
- break; }
-
- case Prompt::Validity::ONCE: {
- LogInfo("Validity ONCE, not saving prompt decision to cache");
- break; }
- }
-
- }
- // access granted!
- *retValue = allowed;
- }
- if (*retValue) {
- // 6) grant smack label if not granted yet
- grantPlatformAccess(*request);
- }
- LogDebug("Finish");
- LogDebug("returning " << *retValue);
-}
-
-void SecurityLogic::updatePolicy()
-{
- LogDebug("SecurityLogic::updatePolicy");
- m_policyEnforcementPoint.updatePolicy();
-}
-
-Prompt::Validity SecurityLogic::clampPromptValidity(
- Prompt::Validity validity,
- PolicyEffect effect)
-{
- switch (effect) {
- case PolicyEffect::PROMPT_BLANKET: {
- return validity; }
- case PolicyEffect::PROMPT_SESSION: {
- if (Prompt::Validity::ALWAYS == validity) {
- LogInfo("ALWAYS returned from prompt in PROMPT_SESSION");
- return Prompt::Validity::SESSION;
- }
- return validity; }
- case PolicyEffect::PROMPT_ONESHOT: {
- if (Prompt::Validity::ONCE != validity) {
- LogInfo("Not ONCE returned from prompt in PROMPT_ONESHOT");
- }
- return Prompt::Validity::ONCE; }
- case PolicyEffect::DENY:
- case PolicyEffect::PERMIT:
- default: {// other options - should not happen
- LogError("This kind of policy effect does not deal with prompts");
- return Prompt::Validity::ONCE; }
- }
-}
-
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/**
- * This class simply redirects the access requests to access control engine.
- * The aim is to hide access control engine specific details from WRT modules.
- * It also implements WRT_INTERFACE.h interfaces, so that ACE could access
- * WRT specific and other information during the decision making.
- *
- * @file security_controller.h
- * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com)
- * @author Ming Jin(ming79.jin@samsung.com)
- * @author Piotr Kozbial (p.kozbial@samsung.com)
- * @version 1.0
- * @brief Header file for security logic
- */
-#ifndef SECURITY_LOGIC_H
-#define SECURITY_LOGIC_H
-
-#include <ace/Request.h>
-#include <ace/PolicyResult.h>
-#include <ace/AbstractPolicyEnforcementPoint.h>
-#include <ace/Preference.h>
-#include <ace/PolicyEnforcementPoint.h>
-#include <ace-dao-ro/PromptModel.h>
-
-/* SecurityLogic
- * May only be created and used by SecurityController.
- * There may be only one instance.
- */
-class SecurityLogic {
- public:
- SecurityLogic() {}
- ~SecurityLogic() {}
- // initialize/terminate
- /** */
- void initialize();
- /** */
- void terminate();
-
- /** */
- PolicyResult checkFunctionCall(Request*);
- PolicyResult checkFunctionCall(Request*, const std::string &session);
-
- void validatePopupResponse(Request* request,
- bool allowed,
- Prompt::Validity validity,
- const std::string& sessionId,
- bool* retValue);
-
- /**
- * Updates policy and clears policy cache
- */
- void updatePolicy();
-
- private:
- PolicyEnforcementPoint m_policyEnforcementPoint;
-
- Prompt::Validity clampPromptValidity(Prompt::Validity validity,
- PolicyEffect effect);
- void grantPlatformAccess(const Request& request);
-};
-
-#endif // SECURITY_CONTROLLER_H
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file simple_roaming_agent.cpp
- * @author Pawel Sikorski (p.sikorski@samsung.com)
- * @author Lukasz Marek (l.marek@samsung.com)
- * @author Lukasz Wrzosek (l.wrzosek@samsung.com)
- * @version 1.0
- * @brief roaming agent
- */
-
-#include "simple_roaming_agent.h"
-#include <vconf.h>
-#include <dpl/fast_delegate.h>
-#include <dpl/log/log.h>
-#include <dpl/singleton_impl.h>
-IMPLEMENT_SINGLETON(SimpleRoamingAgent)
-
-SimpleRoamingAgent::SimpleRoamingAgent()
-{
- if (vconf_notify_key_changed(
- VCONFKEY_TELEPHONY_SVC_ROAM,
- vConfChagedCallback, this) < 0)
- {
- LogError("Cannot add vconf callback [" <<
- VCONFKEY_TELEPHONY_SVC_ROAM << "]");
- Assert(false && "Cannot add vconf callback");
- }
-
- int result = 0;
- if (vconf_get_int(VCONFKEY_TELEPHONY_SVC_ROAM, &result) != 0) {
- LogError("Cannot get current roaming status");
- Assert(false && "Cannot get current roaming status");
- } else {
- bool type = (result == VCONFKEY_TELEPHONY_SVC_ROAM_ON);
- m_networkType = type ? ROAMING : HOME;
- LogInfo("Network type is " << (type ? "ROAMING" : "HOME"));
- }
-
-}
-
-SimpleRoamingAgent::~SimpleRoamingAgent()
-{
- if (vconf_ignore_key_changed(
- VCONFKEY_TELEPHONY_SVC_ROAM,
- vConfChagedCallback) < 0)
- {
- LogError("Cannot rm vconf callback [" <<
- VCONFKEY_TELEPHONY_SVC_ROAM << "]");
- Assert(false && "Cannot remove vconf callback");
- }
-
-}
-
-void SimpleRoamingAgent::vConfChagedCallback(keynode_t *keyNode, void *data)
-{
- LogInfo("SimpleRoamingAgent::vConfChagedCallback ");
- char *key = vconf_keynode_get_name(keyNode);
-
- if (NULL == key) {
- LogWarning("vconf key is null.");
- return;
- }
- std::string keyString = key;
- if (VCONFKEY_TELEPHONY_SVC_ROAM != keyString) {
- LogError("Wrong key found");
- Assert(false && "Wrong key found in vconf callback");
- return;
- }
- SimpleRoamingAgent *agent = static_cast<SimpleRoamingAgent *>(data);
- if (NULL == agent) {
- LogError("Bad user arg from vconf lib");
- Assert(false && "Bad user arg from vconf lib");
- return;
- }
- int result = 0;
- if (vconf_get_int(VCONFKEY_TELEPHONY_SVC_ROAM, &result) != 0) {
- LogError("Cannot get current roaming status");
- Assert(false && "Cannot get current roaming status");
- } else {
- bool type = (result == VCONFKEY_TELEPHONY_SVC_ROAM_ON);
- agent->m_networkType = type ? ROAMING : HOME;
- LogInfo("Network type is " << (type ? "ROAMING" : "HOME"));
- }
-}
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/**
- * @file simple_roaming_agent.h
- * @author Pawel Sikorski (p.sikorski@samsung.com)
- * @author Lukasz Wrzosek (l.wrzosek@samsung.com)
- * @version 1.0
- * @brief simple roaming agent
- */
-
-#ifndef WRT_SRC_ACCESS_CONTROL_COMMON_SIMPLE_ROAMING_AGENT_H_
-#define WRT_SRC_ACCESS_CONTROL_COMMON_SIMPLE_ROAMING_AGENT_H_
-
-#include <string>
-#include <dpl/singleton.h>
-#include <dpl/noncopyable.h>
-#include <vconf.h>
-
-class SimpleRoamingAgent : DPL::Noncopyable
-{
- public:
- bool IsRoamingOn() const
- {
- return ROAMING == m_networkType;
- }
-
- private:
- enum NetworkType {ROAMING, HOME};
-
- NetworkType m_networkType;
-
- SimpleRoamingAgent();
- virtual ~SimpleRoamingAgent();
-
- static void vConfChagedCallback(keynode_t *keyNode, void *userParam);
-
- friend class DPL::Singleton<SimpleRoamingAgent>;
-};
-
-typedef DPL::Singleton<SimpleRoamingAgent> SimpleRoamingAgentSingleton;
-
-#endif//WRT_SRC_ACCESS_CONTROL_COMMON_SIMPLE_ROAMING_AGENT_H_
+++ /dev/null
-/*
- * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file ace_service_callbacks.cpp
- * @author Zofia Abramowska (z.abramowska@samsung.com)
- * @version 1.0
- * @brief Implementation of Ace Service callbacks
- */
-#include <string>
-#include <vector>
-#include <dpl/log/log.h>
-#include "ace_service_callbacks.h"
-#include <callback_api.h>
-#include <ace/Request.h>
-#include <ace/PolicyResult.h>
-#include <security_controller.h>
-#include <security_caller.h>
-#include <attribute_facade.h>
-
-namespace RPC {
-
-void AceServiceCallbacks::checkAccess(SocketConnection * connector){
-
- int widgetHandle = 0;
- std::string subject, resource, sessionId;
- std::vector<std::string> paramNames, paramValues;
- Try {
- connector->read(&widgetHandle,
- &subject,
- &resource,
- ¶mNames,
- ¶mValues,
- &sessionId);
- } Catch (SocketConnection::Exception::SocketConnectionException){
- LogError("Socket Connection read error");
- ReThrowMsg(ServiceCallbackApi::Exception::ServiceCallbackException,
- "Socket Connection read error");
- }
-
- if (paramNames.size() != paramValues.size()) {
- ThrowMsg(ServiceCallbackApi::Exception::ServiceCallbackException, "Varying sizes of parameter names and parameter values");
- }
- LogDebug("We got subject: " << subject);
- LogDebug("We got resource: " << resource);
-
- FunctionParamImpl params;
- for (size_t i = 0; i < paramNames.size(); ++i) {
- params.addAttribute(paramNames[i], paramValues[i]);
- }
-
- Request request(widgetHandle,
- WidgetExecutionPhase_Invoke,
- ¶ms);
- request.addDeviceCapability(resource);
-
- PolicyResult result(PolicyEffect::DENY);
- SecurityCallerSingleton::Instance().SendSyncEvent(
- SecurityControllerEvents::CheckRuntimeCallSyncEvent(
- &result,
- &request,
- sessionId));
-
- int response = PolicyResult::serialize(result);
-
- Try{
- connector->write(response);
- } Catch (SocketConnection::Exception::SocketConnectionException){
- LogError("Socket Connection write error");
- ReThrowMsg(ServiceCallbackApi::Exception::ServiceCallbackException,
- "Socket Connection write error");
- }
-}
-
-void AceServiceCallbacks::checkAccessInstall(SocketConnection * connector){
-
- int widgetHandle;
- std::string resource;
-
- Try {
- connector->read(&widgetHandle,
- &resource);
- } Catch (SocketConnection::Exception::SocketConnectionException){
- LogError("Socket Connection read error");
- ReThrowMsg(ServiceCallbackApi::Exception::ServiceCallbackException,
- "Socket Connection read error");
- }
-
- LogDebug("We got handle: " << widgetHandle);
- LogDebug("We got resource: " << resource);
-
- Request request(widgetHandle,
- WidgetExecutionPhase_WidgetInstall);
- request.addDeviceCapability(resource);
-
- PolicyResult result(PolicyEffect::DENY);
- SecurityCallerSingleton::Instance().SendSyncEvent(
- SecurityControllerEvents::CheckFunctionCallSyncEvent(
- &result,
- &request));
-
- int response = PolicyResult::serialize(result);
-
- Try{
- connector->write(response);
- } Catch (SocketConnection::Exception::SocketConnectionException){
- LogError("Socket Connection write error");
- ReThrowMsg(ServiceCallbackApi::Exception::ServiceCallbackException,
- "Socket Connection write error");
- }
-}
-
-void AceServiceCallbacks::updatePolicy(SocketConnection * /*connector*/){
-
-
- LogDebug("Policy update socket message received");
- SecurityCallerSingleton::Instance().SendSyncEvent(
- SecurityControllerEvents::UpdatePolicySyncEvent());
-}
-
-} //namespace RPC
+++ /dev/null
-/*
- * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file ace_service_callbacks.h
- * @author Zofia Abramowska (z.abramowska@samsung.com)
- * @version 1.0
- * @brief Header of Ace Service callbacks
- */
-
-#ifndef ACE_SERVICE_CALLBACKS_H_
-#define ACE_SERVICE_CALLBACKS_H_
-
-#include <memory>
-#include <SocketConnection.h>
-#include <dpl/log/log.h>
-
-namespace RPC {
-
-namespace AceServiceCallbacks {
-
- // IN string subject
- // IN string resource
- // IN vector<string> function param names
- // IN vector<string> function param values
- // OUT int allow, deny, popup type
- void checkAccess(SocketConnection * connector);
-
- // IN string subject
- // IN string resource
- // OUT int allow, deny, popup type
- void checkAccessInstall(SocketConnection * connector);
-
- // Policy update trigger
- void updatePolicy(SocketConnection * connector);
-
-};
-
-} //namespace RPC
-
-#endif /* ACE_SERVICE_CALLBACKS_H_ */
+++ /dev/null
-/*
- * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file ace_service_callbacks_api.h
- * @author Zofia Abramowska (z.abramowska@samsung.com)
- * @version 1.0
- * @brief Header with api of implemented Ace Service callbacks
- */
-#ifndef ACE_SERVICE_CALLBACKS_API_H_
-#define ACE_SERVICE_CALLBACKS_API_H_
-
-#include <string>
-#include <utility>
-#include "ace_server_api.h"
-#include "ace_service_callbacks.h"
-#include "callback_api.h"
-
-namespace WrtSecurity{
-namespace AceServiceCallbacksApi{
-
-inline const std::pair<std::string, socketServerCallback> CHECK_ACCESS_METHOD_CALLBACK() {
- return std::make_pair(WrtSecurity::AceServerApi::CHECK_ACCESS_METHOD(),
- RPC::AceServiceCallbacks::checkAccess);
-}
-
-inline const std::pair<std::string, socketServerCallback> CHECK_ACCESS_INSTALL_METHOD_CALLBACK() {
- return std::make_pair(WrtSecurity::AceServerApi::CHECK_ACCESS_INSTALL_METHOD(),
- RPC::AceServiceCallbacks::checkAccessInstall);
-}
-
-inline const std::pair<std::string, socketServerCallback> UPDATE_POLICY_METHOD_CALLBACK() {
- return std::make_pair(WrtSecurity::AceServerApi::UPDATE_POLICY_METHOD(),
- RPC::AceServiceCallbacks::updatePolicy);
-}
-
-} // namespace AceServiceCallbacksApi
-} // namespace WrtSecurity
-
-
-#endif // ACE_SERVICE_CALLBACKS_API_H_
+++ /dev/null
-/*
- * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file popup_service_callbacks.cpp
- * @author Lukasz Wrzosek (l.wrzosek@samsung.com)
- * @version 1.0
- * @brief Implementation of Security Caller Thread singleton
- */
-
-#include <security_caller.h>
-#include <dpl/singleton_impl.h>
-
-IMPLEMENT_SINGLETON(SecurityCallerThread)
+++ /dev/null
-/*
- * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file popup_service_callbacks.cpp
- * @author Lukasz Wrzosek (l.wrzosek@samsung.com)
- * @version 1.0
- * @brief Header of Security Caller class used by services socket callbacks
- */
-
-#ifndef SECURITY_CALLER_H__
-#define SECURITY_CALLER_H__
-
-#include <dpl/thread.h>
-#include <dpl/assert.h>
-#include <dpl/singleton.h>
-
-#include <security_controller.h>
-
-#include <pthread.h>
-
-class IEventHolder
-{
- public:
- virtual void FinalizeSending() = 0;
- virtual ~IEventHolder() {};
-};
-
-template<class EventType>
-class EventHolderImpl : public IEventHolder
-{
- EventType event;
-
- public:
- EventHolderImpl(const EventType& e) : event(e) {}
- virtual void FinalizeSending()
- {
- LogDebug("sending real sync event");
- CONTROLLER_POST_SYNC_EVENT(SecurityController, event);
- }
-};
-
-/*
- * Because Security Controller is a DPL::Controler class, its events
- * can be send only from a DPL managed thread. SecurityCallerTread class
- * has been implemented as a workaround of that constraint.
- * This class is a DPL managed thread that waits for requests
- * from non DPL managed threads and when receives one it posts event
- * to the Security Controler in charge of the calling thread.
- */
-
-
-class SecurityCallerThread : public DPL::Thread
-{
- private:
- pthread_mutex_t m_mutex2;
- pthread_mutex_t m_mutex;
- pthread_cond_t m_cond;
- pthread_cond_t m_cond2;
- bool m_continue;
- bool m_finished;
- IEventHolder* m_eventHolder;
- pthread_mutex_t m_syncMutex;
-
-
- SecurityCallerThread() :
- Thread(),
- m_mutex2(PTHREAD_MUTEX_INITIALIZER),
- m_mutex(PTHREAD_MUTEX_INITIALIZER),
- m_cond(PTHREAD_COND_INITIALIZER),
- m_cond2(PTHREAD_COND_INITIALIZER),
- m_continue(true),
- m_finished(false),
- m_eventHolder(NULL),
- m_syncMutex(PTHREAD_MUTEX_INITIALIZER)
- {
- LogDebug("constructor");
- }
-
- virtual ~SecurityCallerThread()
- {
- pthread_mutex_unlock(&m_syncMutex);
- pthread_cond_destroy(&m_cond);
- pthread_cond_destroy(&m_cond2);
- pthread_mutex_destroy(&m_mutex2);
- pthread_mutex_destroy(&m_mutex);
- pthread_mutex_destroy(&m_syncMutex);
- }
-
- protected:
- /* main routine of the SecurityCallerThread */
- virtual int ThreadEntry()
- {
- LogDebug("SecurityCallerThread start");
- pthread_mutex_lock(&m_mutex); // lock shared data
-
- while (m_continue) // main loop
- {
- if (m_eventHolder) // if m_eventHolder is set, the request has been received
- {
- m_eventHolder->FinalizeSending(); // send actual event in charge of calling thread
- delete m_eventHolder;
- m_eventHolder = NULL;
- LogDebug("setting finished state");
- pthread_mutex_lock(&m_syncMutex); // lock m_finished
- m_finished = true;
- pthread_mutex_unlock(&m_syncMutex); // unlock m_finished
- LogDebug("finished");
- pthread_cond_signal(&m_cond2); // signal a calling thread that event has been posted.
- }
- LogDebug("waiting for event");
- // atomically:
- // unlock m_mutex, wait on m_cond until signal received, lock m_mutex
- pthread_cond_wait(&m_cond, &m_mutex);
- LogDebug("found an event");
- }
-
- pthread_mutex_unlock(&m_mutex);
-
- return 0;
- }
-
- public:
- void Quit()
- {
- LogDebug("Quit called");
- pthread_mutex_lock(&m_mutex); // lock shared data
- m_continue = false; // main loop condition set to false
- pthread_mutex_unlock(&m_mutex); // unlock shard data
- pthread_cond_signal(&m_cond);
- }
-
- template <class EventType>
- void SendSyncEvent(const EventType& event)
- {
- // prevent SendSyncEvent being called by multiple threads at the same time.
- pthread_mutex_lock(&m_mutex2);
- LogDebug("sending sync event");
- bool correct_thread = false;
- Try {
- LogDebug("Checking if this is unmanaged thread");
- DPL::Thread::GetCurrentThread();
- } Catch (DPL::Thread::Exception::UnmanagedThread) {
- correct_thread = true;
- }
- Assert(correct_thread &&
- "This method may not be called from DPL managed thread or main thread");
- LogDebug("putting an event to be posted");
- pthread_mutex_lock(&m_mutex); // lock shared data
- Assert(m_eventHolder == NULL && "Whooops");
- m_eventHolder = new EventHolderImpl<EventType>(event); // put an event to be posted
- pthread_mutex_unlock(&m_mutex); // unlock shared data
- LogDebug("Signal caller thread that new event has been created");
- pthread_cond_signal(&m_cond); // signal SecurityCallerThread to wake up because new
- // event is waiting to be posted
-
- LogDebug("waiting untill send completes");
- pthread_mutex_lock(&m_syncMutex); /* wait until send completes */
- while (!m_finished)
- {
- pthread_cond_wait(&m_cond2, &m_syncMutex); // wait until event is posted
- }
- LogDebug("done");
- m_finished = false;
- pthread_mutex_unlock(&m_syncMutex);
- pthread_mutex_unlock(&m_mutex2);
- }
-
- private:
- friend class DPL::Singleton<SecurityCallerThread>;
-};
-
-typedef DPL::Singleton<SecurityCallerThread> SecurityCallerSingleton;
-
-
-
-#endif //SECURITY_CALLER_H__
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file ocsp_server_api.h
- * @author
- * @version 1.0
- * @brief This file contains definitions OCSP server interface & methods specifically needed by DBus.
- */
-#ifndef WRT_SRC_RPC_SECURITY_DAEMON_OCSP_SERVER_DBUS_API_H_
-#define WRT_SRC_RPC_SECURITY_DAEMON_OCSP_SERVER_DBUS_API_H_
-
-#include "ocsp_server_api.h"
-#include<string>
-
-namespace WrtSecurity{
-namespace OcspServerApi{
-
-
-// RPC test function
-// IN std::string
-// OUT std::string
-inline const std::string ECHO_METHOD()
-{
- return "echo";
-}
-
-
-
-}
-};
-
-#endif // WRT_SRC_RPC_SECURITY_DAEMON_OCSP_SERVER_DBUS_API_H_
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file ocsp_service_dbus_interface.cpp
- * @author Piotr Marcinkiewicz (p.marcinkiew@samsung.com)
- * @version 1.0
- * @brief Implementation of OCSP server API.
- */
-#include "ocsp_server_dbus_interface.h"
-
-namespace RPC {
-
-using namespace WrtSecurity;
-
-OcspServerDBusInterface::OcspServerDBusInterface():
- DPL::DBus::InterfaceDispatcher(OcspServerApi::INTERFACE_NAME())
-{
- setXmlSignature("<node>"
- " <interface name='" + OcspServerApi::INTERFACE_NAME() + "'>"
- " <method name='" + OcspServerApi::ECHO_METHOD() + "'>"
- " <arg type='s' name='input' direction='in'/>"
- " <arg type='s' name='output' direction='out'/>"
- " </method>"
- " <method name='" + OcspServerApi::CHECK_ACCESS_METHOD() + "'>"
- " <arg type='i' name='input' direction='in'/>"
- " <arg type='i' name='output' direction='out'/>"
- " </method>"
- " </interface>"
- "</node>");
-}
-
-
-void OcspServerDBusInterface::onMethodCall(
- const gchar* argMethodName,
- GVariant* argParameters,
- GDBusMethodInvocation* argInvocation)
-{
- if (OcspServerApi::ECHO_METHOD() == argMethodName){
- // TODO: Deserialization should use
- // DBus::SErverDeserialization::deserialize()
- const gchar* arg = NULL;
- g_variant_get(argParameters, "(&s)", &arg);
- // TODO: Serialization should use
- // DBus::SErverDeserialization::serialize()
- gchar* response = g_strdup_printf(arg);
- g_dbus_method_invocation_return_value(argInvocation,
- g_variant_new ("(s)", response));
- g_free (response);
- } else if (OcspServerApi::CHECK_ACCESS_METHOD() == argMethodName) {
- gint32 value;
- g_variant_get(argParameters, "(i)", &value);
-
- // TODO: this is making OCSP service a stub! this HAS to be moved
- // with proper implementation to cert-svc daemon
- gint32 response = 0; // Certificates are valid for now
-
- GVariant* varResponse = g_variant_new ("(i)", response);
- //This function will unref invocation and it will be freed
- LogDebug("OCSP dbus interface tries to send result");
- g_dbus_method_invocation_return_value(argInvocation, varResponse);
- }
-}
-
-} // namespace RPC
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file ocsp_service_dbus_interface.h
- * @author Piotr Marcinkiewicz (p.marcinkiew@samsung.com)
- * @version 1.0
- * @brief Class that handles OCSP server API.
- */
-#ifndef WRT_SRC_RPC_SECURITY_DAEMON_OCSP_SERVER_DBUS_INTERFACE_H_
-#define WRT_SRC_RPC_SECURITY_DAEMON_OCSP_SERVER_DBUS_INTERFACE_H_
-
-#include <list>
-#include <dpl/dbus/dbus_interface_dispatcher.h>
-#include "api/ocsp_server_dbus_api.h"
-
-namespace RPC {
-
-class OcspServerDBusInterface :
- public DPL::DBus::InterfaceDispatcher
-{
- public:
- OcspServerDBusInterface();
-
- virtual ~OcspServerDBusInterface()
- {}
-
- virtual void onMethodCall(const gchar* method_name,
- GVariant* parameters,
- GDBusMethodInvocation* invocation);
-};
-
-} // namespace RPC
-
-#endif // WRT_SRC_RPC_SECURITY_DAEMON_OCSP_SERVER_DBUS_INTERFACE_H_
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file ocsp_server_api.h
- * @author
- * @version 1.0
- * @brief This file contains definitions OCSP server interface & methods.
- */
-#ifndef WRT_SRC_RPC_SECURITY_DAEMON_OCSP_SERVER_API_H_
-#define WRT_SRC_RPC_SECURITY_DAEMON_OCSP_SERVER_API_H_
-
-#include "ocsp_server_api.h"
-#include<string>
-
-namespace WrtSecurity{
-namespace OcspServerApi{
-
-// DBus interface name
-inline const std::string INTERFACE_NAME()
-{
- return "org.tizen.OcspCheck";
-}
-
-// Function checks WidgetStatus for installed widget.
-// https://106.116.37.24/wiki/WebRuntime/Security/Widget_Signatures
-// IN WidgetHandle Widget ID in Database
-// OUT WidgetStatus GOOD/REVOKED
-inline const std::string CHECK_ACCESS_METHOD()
-{
- return "OcspCheck";
-}
-
-}
-};
-
-#endif // WRT_SRC_RPC_SECURITY_DAEMON_OCSP_SERVER_API_H_
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/**
- * @file ocsp_service.cpp
- * @author Piotr Marcinkiewicz (p.marcinkiew@samsung.com)
- * @version 1.0
- * @brief This is implementation file of Ocsp service
- */
-
-#include "security_daemon.h"
-
-namespace OcspService {
-
-class OcspService : public SecurityDaemon::DaemonService
-{
- private:
- virtual void initialize()
- {
- }
-
- virtual void start()
- {
- }
-
- virtual void stop()
- {
- }
-
- virtual void deinitialize()
- {
- }
-
-};
-
-DAEMON_REGISTER_SERVICE_MODULE(OcspService)
-
-}//namespace OcspService
-
+++ /dev/null
-/*
- * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file ocsp_service_callbacks_api.h
- * @author Zofia Abramowska (z.abramowska@samsung.com)
- * @version 1.0
- * @brief Header with api of implemented Ocsp Service callbacks
- */
-
-#ifndef OCSP_SERVICE_CALLBACKS_API_H_
-#define OCSP_SERVICE_CALLBACKS_API_H_
-
-#include <string>
-#include <utility>
-#include "SocketConnection.h"
-#include "ocsp_server_api.h"
-#include "ocsp_service_callbacks.h"
-#include "callback_api.h"
-
-namespace WrtSecurity{
-namespace OcspServiceCallbacksApi{
-
-inline const std::pair<std::string, socketServerCallback> CHECK_ACCESS_METHOD_CALLBACK(){
- return std::make_pair(WrtSecurity::OcspServerApi::CHECK_ACCESS_METHOD(),
- RPC::OcspServiceCallbacks::checkAccess);
-}
-
-} // namespace OcspServiceCallbacksApi
-} // namespace WrtSecurity
-
-#endif // OCSP_SERVICE_CALLBACKS_API_H_
+++ /dev/null
-/*
- * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file ocsp_service_callbacks.cpp
- * @author Zofia Abramowska (z.abramowska@samsung.com)
- * @version 1.0
- * @brief Implementation of Ocsp Service callbacks
- */
-
-#include "ocsp_service_callbacks.h"
-#include <callback_api.h>
-
-namespace RPC {
-
-void OcspServiceCallbacks::checkAccess(SocketConnection * connector){
- int response = 0;
- Try {
- connector->write(response);
- } Catch (SocketConnection::Exception::SocketConnectionException){
- LogError("Socket Connection write error");
- ReThrowMsg(ServiceCallbackApi::Exception::ServiceCallbackException,
- "Socket Connection write error");
- }
-}
-
-} // namespace RPC
+++ /dev/null
-/*
- * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file ocsp_service_callbacks.h
- * @author Zofia Abramowska (z.abramowska@samsung.com)
- * @version 1.0
- * @brief Header of Ocsp Service callbacks class
- */
-
-#ifndef OCSP_SERVICE_CALLBACKS_H_
-#define OCSP_SERVICE_CALLBACKS_H_
-
-#include <SocketConnection.h>
-
-namespace RPC {
-
-namespace OcspServiceCallbacks {
- void checkAccess(SocketConnection * connector);
-};
-
-} // namespace RPC
-#endif /* OCSP_SERVICE_CALLBACKS_H_ */
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/**
- * @file popup_response_dispatcher.cpp
- * @author Zbigniew Kostrzewa (z.kostrzewa@samsung.com)
- * @version 1.0
- * @brief
- */
-
-#include "popup_response_dbus_interface.h"
-#include <vector>
-#include <string>
-#include <dpl/dbus/dbus_server_deserialization.h>
-#include <dpl/dbus/dbus_server_serialization.h>
-#include <ace/Request.h>
-#include <ace-dao-ro/PromptModel.h>
-#include "popup_ace_data_types.h"
-//#include "access-control/engine/PromptModel.h"
-#include "attribute_facade.h"
-//#include "Request.h"
-#include "security_controller.h"
-
-namespace RPC
-{
-
-void PopupResponseDBusInterface::onMethodCall(const gchar* methodName,
- GVariant* parameters,
- GDBusMethodInvocation* invocation)
-{
- using namespace WrtSecurity;
-#if 1
- if (0 == g_strcmp0(methodName,
- PopupServerApi::VALIDATION_METHOD().c_str()))
- {
- // popup answer data
- bool allowed = false;
- int serializedValidity = 0;
-
- // ACE data
- AceUserdata acedata;
-
- if (!DPL::DBus::ServerDeserialization::deserialize(
- parameters,
- &allowed,
- &serializedValidity,
- &(acedata.handle),
- &(acedata.subject),
- &(acedata.resource),
- &(acedata.paramKeys),
- &(acedata.paramValues),
- &(acedata.sessionId)))
- {
- g_dbus_method_invocation_return_dbus_error(
- invocation,
- "org.tizen.PopupResponse.UnknownError",
- "Error in deserializing input parameters");
- return;
- }
-
- if (acedata.paramKeys.size() != acedata.paramValues.size()) {
- g_dbus_method_invocation_return_dbus_error(
- invocation,
- "org.tizen.PopupResponse.UnknownError",
- "Varying sizes of parameter names and parameter values");
- return;
- }
-
- FunctionParamImpl params;
- for (size_t i = 0; i < acedata.paramKeys.size(); ++i) {
- params.addAttribute(acedata.paramKeys[i], acedata.paramValues[i]);
- }
- Request request(acedata.handle,
- WidgetExecutionPhase_Invoke,
- ¶ms);
- request.addDeviceCapability(acedata.resource);
-
- Prompt::Validity validity = static_cast<Prompt::Validity>(serializedValidity);
-
- bool response = false;
- SecurityControllerEvents::ValidatePopupResponseEvent ev(
- &request,
- allowed,
- validity,
- acedata.sessionId,
- &response);
- CONTROLLER_POST_SYNC_EVENT(SecurityController, ev);
-
- g_dbus_method_invocation_return_value(
- invocation,
- DPL::DBus::ServerSerialization::serialize(response));
- }
-#endif
-}
-
-}
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/**
- * @file popup_response_dbus_interface.h
- * @author Zbigniew Kostrzewa (z.kostrzewa@samsung.com)
- * @author Tomasz Swierczek (t.swierczek@samsung.com)
- * @version 1.0
- * @brief
- */
-
-#ifndef WRT_SRC_RPC_DAEMON_POPUP_RESPONSE_DBUS_INTERFACE_H
-#define WRT_SRC_RPC_DAEMON_POPUP_RESPONSE_DBUS_INTERFACE_H
-
-#include <dpl/dbus/dbus_interface_dispatcher.h>
-#include "popup_response_server_api.h"
-
-namespace RPC {
-
-class PopupResponseDBusInterface : public DPL::DBus::InterfaceDispatcher
-{
-public:
- PopupResponseDBusInterface():
- DPL::DBus::InterfaceDispatcher(
- WrtSecurity::PopupServerApi::INTERFACE_NAME())
- {
- using namespace WrtSecurity;
-
- setXmlSignature("<node>"
- " <interface name='" +
- PopupServerApi::INTERFACE_NAME() + "'>"
- " <method name='" +
- PopupServerApi::VALIDATION_METHOD() + "'>"
- // popup answer data
- " <arg type='b' name='allowed' direction='in'/>"
- " <arg type='i' name='valid' direction='in'/>"
- // this is copied from ace_server_dbus_interface
- " <arg type='i' name='handle' direction='in'/>"
- " <arg type='s' name='subject' direction='in'/>"
- " <arg type='s' name='resource' direction='in'/>"
- " <arg type='as' name='parameter names' direction='in'/>"
- " <arg type='as' name='parameter values' direction='in'/>"
- " <arg type='s' name='sessionId' direction='in'/>"
- " <arg type='b' name='response' direction='out'/>"
- " </method>"
- " </interface>"
- "</node>");
-
- }
-
- virtual ~PopupResponseDBusInterface()
- {}
-
- virtual void onMethodCall(const gchar* methodName,
- GVariant* parameters,
- GDBusMethodInvocation* invocation);
-};
-
-}
-
-#endif // WRT_SRC_RPC_DAEMON_POPUP_RESPONSE_DBUS_INTERFACE_H
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file popup_ace_data_types.h
- * @author Pawel Sikorski (p.sikorski@samsung.com)
- * @version 1.0
- * @brief
- */
-
-#ifndef POPUP_ACE_DATA_TYPES_H_
-#define POPUP_ACE_DATA_TYPES_H_
-
-#include <vector>
-#include <string>
-
-// additional data needed by PolicyEvaluaor to recognize Popup Response
-struct AceUserdata
-{
- //TODO INVALID_WIDGET_HANDLE is defined in wrt_plugin_export.h.
- // I do not want to include that file here...
- AceUserdata(): handle(-1) {}
-
- int handle;
- std::string subject;
- std::string resource;
- std::vector<std::string> paramKeys;
- std::vector<std::string> paramValues;
- std::string sessionId;
-};
-
-typedef bool SecurityStatus;
-
-#endif /* POPUP_ACE_DATA_TYPES_H_ */
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/**
- * @file popup_response_server_api.h
- * @author Zbigniew Kostrzewa (z.kostrzewa@samsung.com)
- * @version 1.0
- * @brief
- */
-
-#ifndef WRT_SRC_RPC_SECURITY_DAEMON_API_POPUP_RESPONSE_SERVER_API_H
-#define WRT_SRC_RPC_SECURITY_DAEMON_API_POPUP_RESPONSE_SERVER_API_H
-
-#include <string>
-
-namespace WrtSecurity{
-namespace PopupServerApi{
-
-inline const std::string INTERFACE_NAME()
-{
- return "org.tizen.PopupResponse";
-}
-
-inline const std::string VALIDATION_METHOD()
-{
- return "validate";
-}
-
-}
-}
-
-#endif // WRT_SRC_RPC_SECURITY_DAEMON_API_POPUP_RESPONSE_SERVER_API_H
-
+++ /dev/null
-/*
- * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file popup_service_callbacks_api.h
- * @author Zofia Abramowska (z.abramowska@samsung.com)
- * @version 1.0
- * @brief Header with api of Popup Service callbacks
- */
-
-#ifndef POPUP_SERVICE_CALLBACKS_API_H_
-#define POPUP_SERVICE_CALLBACKS_API_H_
-
-#include <string>
-#include <utility>
-#include "SocketConnection.h"
-#include "popup_response_server_api.h"
-#include "popup_service_callbacks.h"
-#include <callback_api.h>
-
-namespace WrtSecurity{
-namespace PopupServiceCallbacksApi{
-
-inline std::pair<std::string, socketServerCallback> VALIDATION_METHOD_CALLBACK(){
- return std::make_pair(WrtSecurity::PopupServerApi::VALIDATION_METHOD(), RPC::PopupServiceCallbacks::validate);
-}
-
-} // namespace PopupServiceCallbacksApi
-} // namespace WrtSecurity
-
-#endif /* POPUP_SERVICE_CALLBACKS_API_H_ */
+++ /dev/null
-/*
- * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file popup_service_callbacks.cpp
- * @author Zofia Abramowska (z.abramowska@samsung.com)
- * @version 1.0
- * @brief Implementation of Popup Service callbacks
- */
-
-#include "popup_service_callbacks.h"
-#include <callback_api.h>
-#include <ace/Request.h>
-#include <ace-dao-ro/PromptModel.h>
-#include <dpl/log/log.h>
-#include "attribute_facade.h"
-#include "popup_ace_data_types.h"
-#include "security_controller.h"
-#include <security_caller.h>
-
-namespace RPC {
-
-void PopupServiceCallbacks::validate(SocketConnection * connector){
-
- bool allowed = false;
- int serializedValidity = 0;
-
- AceUserdata acedata;
-
- Try {
- connector->read(&allowed,
- &serializedValidity,
- &(acedata.handle),
- &(acedata.subject),
- &(acedata.resource),
- &(acedata.paramKeys),
- &(acedata.paramValues),
- &(acedata.sessionId));
- } Catch (SocketConnection::Exception::SocketConnectionException){
- LogError("Socket connection read error");
- ReThrowMsg(ServiceCallbackApi::Exception::ServiceCallbackException,
- "Socket connection read error");
- }
-
- if (acedata.paramKeys.size() != acedata.paramValues.size()) {
- ThrowMsg(ServiceCallbackApi::Exception::ServiceCallbackException,
- "Varying sizes of parameter names vector and parameter values vector");
- }
- FunctionParamImpl params;
- for (size_t i = 0; i < acedata.paramKeys.size(); ++i) {
- params.addAttribute(acedata.paramKeys[i], acedata.paramValues[i]);
- }
- Request request(acedata.handle,
- WidgetExecutionPhase_Invoke,
- ¶ms);
- request.addDeviceCapability(acedata.resource);
-
- Prompt::Validity validity = static_cast<Prompt::Validity>(serializedValidity);
-
- bool response = false;
- SecurityControllerEvents::ValidatePopupResponseEvent ev(
- &request,
- allowed,
- validity,
- acedata.sessionId,
- &response);
- SecurityCallerSingleton::Instance().SendSyncEvent(ev);
-
- Try {
- connector->write(response);
- } Catch (SocketConnection::Exception::SocketConnectionException){
- LogError("Socket connection write error");
- ReThrowMsg(ServiceCallbackApi::Exception::ServiceCallbackException,
- "Socket connection write error");
- }
-}
-
-} // namespace RPC
+++ /dev/null
-/*
- * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file popup_service_callbacks.h
- * @author Zofia Abramowska (z.abramowska@samsung.com)
- * @version 1.0
- * @brief Header of Popup Service callbacks
- */
-
-#ifndef POPUP_SERVICE_CALLBACKS_H_
-#define POPUP_SERVICE_CALLBACKS_H_
-
-#include <memory>
-#include <SocketConnection.h>
-
-namespace RPC {
-
-namespace PopupServiceCallbacks {
- void validate(SocketConnection * connector);
-};
-
-} // namespace RPC
-#endif /* POPUP_SERVICE_CALLBACKS_H_ */
projects / framework / security / security-server.git / commitdiff