if (result == MatchResult::MRTrue) {
LogDebug("Returning TRUE");
+#ifdef ALL_LOGS
} else if (result == MatchResult::MRFalse) {
LogDebug("Returning FALSE");
} else if (result == MatchResult::MRUndetermined) {
LogDebug("Returning UNDETERMINED");
+#endif
}
+
return result;
}
myVal = this->value.front();
}
+#ifdef ALL_LOGS
LogDebug("Comparing attribute: " << this->m_name << "(" <<
myVal << ") with: " << tempNam <<
"(" << tempVal << ")");
-
+#endif
Assert(
(this->m_name == *(attribute->getName())) &&
"Two completely different attributes are being compared!");
Policy::CombineAlgorithm algorithm,
ExtendedEffectList &effects)
{
+#ifdef ALL_LOGS
LogDebug("Effects to be combined with algorithm: " << ::toString(algorithm));
showEffectList(effects);
-
+#endif
switch (algorithm) {
case Policy::DenyOverride:
return denyOverrides(effects);
bool undeterminedMatchFound = false;
bool isFinalMatch = false;
+#ifdef ALL_LOGS
LogDebug("Attributes to be matched");
printAttributes(*attrSet);
LogDebug("Condition attributes values");
printAttributes(attributes);
+#endif
if (this->isEmpty()) {
LogDebug("Condition is empty, returning true");
};
bool checkFunctionCall(const AceRequest& ace_request) const;
+ bool checkPrivacy(const AceRequest& ace_request) const;
AcePreference getWidgetResourcePreference(
const AceResource& resource,
const AceWidgetHandle& handle) const;
*/
ace_return_t ace_check_access(const ace_request_t* request, ace_bool_t* access);
+ace_return_t ace_check_access_ex(const ace_request_t* request, ace_check_result_t* result);
+
#ifdef __cplusplus
}
#endif
ace_return_t ace_check_access(const ace_request_t* request, ace_bool_t* access)
{
- if (NULL == request || NULL == access) {
+ ace_check_result_t result = ACE_ACCESS_GRANTED;
+ ace_return_t ret = ace_check_access_ex(request, &result);
+ *access = (result == ACE_ACCESS_GRANTED) ? ACE_TRUE : ACE_FALSE;
+ return ret;
+}
+
+ace_return_t ace_check_access_ex(const ace_request_t* request, ace_check_result_t* result)
+{
+ if (NULL == request || NULL == result) {
LogError("NULL argument(s) passed");
return ACE_INVALID_ARGUMENTS;
}
Try {
ret = AceClient::AceThinClientSingleton::
Instance().checkFunctionCall(aceRequest);
- *access = ret ? ACE_TRUE : ACE_FALSE;
+ *result = ret ? ACE_ACCESS_GRANTED : ACE_PRIVILEGE_DENIED;
+
+ if (*result == ACE_ACCESS_GRANTED) {
+ ret = AceClient::AceThinClientSingleton::
+ Instance().checkPrivacy(aceRequest);
+ *result = ret ? ACE_ACCESS_GRANTED : ACE_PRIVACY_DENIED;
+ }
} Catch (AceClient::AceThinClient::Exception::AceThinClientException) {
LogError("Ace client exception");
delete [] devCapNames;
AcePreference getWidgetResourcePreference(
const AceResource& resource,
const AceWidgetHandle& handle) const;
+ bool checkPrivacy(const AceRequest& ace_request);
AceResourcesPreferences* getGlobalResourcesPreferences() const;
bool isInitialized() const;
protected:
bool containsNetworkDevCap(const AceRequest &ace_request);
bool checkFeatureList(const AceRequest& ace_request);
- bool checkPrivacy(const AceRequest& ace_request);
+
private:
WebRuntimeImpl* m_wrt;
ResourceInformationImpl* m_res;
};
AceThinClientImpl::AceThinClientImpl()
- : m_communicationClient(NULL),
- m_popupValidationClient(NULL),
- m_wrt(new WebRuntimeImpl()),
+ : m_wrt(new WebRuntimeImpl()),
m_res(new ResourceInformationImpl()),
m_sys(new OperationSystemImpl()),
+ m_communicationClient(NULL),
+ m_popupValidationClient(NULL),
m_pip(m_wrt, m_res, m_sys)
{
AceDB::AceDAOReadOnly::attachToThreadRO();
bool AceThinClientImpl::checkPrivacy(const AceRequest& ace_request)
{
- pid_t pid;
int res;
- char* app_id;
-
- pid = getpid();
-
- LogInfo("pid : " << pid);
- res = app_manager_get_app_id(pid, &app_id);
- if (res == APP_MANAGER_ERROR_NONE) {
- LogInfo("Calling app_id : " << app_id);
- }
-
WrtDB::WidgetDAOReadOnly dao(ace_request.widgetHandle);
std::string tzPkgId = DPL::ToUTF8String(dao.getTzPkgId());
for (size_t i = 0; i < ace_request.apiFeatures.count; ++i) {
res = privacy_checker_check_package_by_privilege(tzPkgId.c_str(), ace_request.apiFeatures.apiFeature[i]);
- LogInfo(" privilege : " << ace_request.apiFeatures.apiFeature[i] << " : " << (res == PRIV_MGR_ERROR_SUCCESS) ? "true" : "false");
+ LogInfo(" privilege : " << ace_request.apiFeatures.apiFeature[i] << " : " << ((res == PRIV_MGR_ERROR_SUCCESS) ? "true" : "false"));
if (res != PRIV_MGR_ERROR_SUCCESS)
return false;
}
return true;
}
+
bool AceThinClientImpl::checkFunctionCall(const AceRequest& ace_request)
{
LogInfo("Enter");
result = askUser(popupType, ace_request, request);
}
}
- if (result)
- result = checkPrivacy(ace_request);
LogInfo("Result: " << (result ? "GRANTED" : "DENIED"));
return result;
return m_impl->checkFunctionCall(ace_request);
}
+bool AceThinClient::checkPrivacy(
+ const AceRequest& ace_request) const
+{
+ return m_impl->checkPrivacy(ace_request);
+}
+
AcePreference AceThinClient::getWidgetResourcePreference(
const AceResource& resource,
const AceWidgetHandle& handle) const
typedef enum
{
+ ACE_ACCESS_GRANTED,
+ ACE_PRIVILEGE_DENIED,
+ ACE_PRIVACY_DENIED
+} ace_check_result_t;
+
+typedef enum
+{
ACE_OK, // Operation succeeded
ACE_INVALID_ARGUMENTS, // Invalid input parameters
ACE_INTERNAL_ERROR, // ACE internal error
--- /dev/null
+* Mon Aug 5 2013 Hyunwoo Kim <hwlove.kim@samsung.com>
+- Add ace checking API that can return reason of access denial(Privilge or Privacy)
+* Thu Jul 25 2013 Hyunwoo Kim <hwlove.kim@samsung.com>
+- Remove unused logs
#sbs-git:slp/pkgs/s/security-server security-server 0.0.37
Name: wrt-security
Summary: Wrt security daemon.
-Version: 0.0.62
-Release: 4
+Version: 0.0.65
+Release: 0
Group: TO_BE/FILLED_IN
License: Apache License, Version 2.0
URL: N/A
SecuritySocketClient::SecuritySocketClient(const std::string& interfaceName) {
m_interfaceName = interfaceName;
m_serverAddress = WrtSecurity::SecurityDaemonSocketConfig::SERVER_ADDRESS();
+#ifdef ALL_LOGS
LogInfo("Client created");
+#endif
}
void SecuritySocketClient::connect(){
PKG_CHECK_MODULES(DAEMON_DEP
${DAEMON_BASIC_DEP}
- REQUIRED
+ REQUIRED
libsystemd-daemon)
SET(DAEMON_SOURCES_PATH ${PROJECT_SOURCE_DIR}/src)
${PROJECT_SOURCE_DIR}/src/services/popup/popup_ace_data_types.h
${PROJECT_SOURCE_DIR}/src/daemon/dbus/security_daemon_dbus_config.h
DESTINATION /usr/include/wrt-security
- )
\ No newline at end of file
+ )
ThrowMsg(DPL::Exception, "couldn't read whole siginfo");
}
if((int)siginfo.ssi_signo == m_signalToClose){
- LogInfo("Server thread got signal to close");
+ //LogInfo("Server thread got signal to close");
closeConnections();
return;
} else {
closeConnections();
throwWithErrnoMessage("accept()");
}
- LogInfo("Got incoming connection");
+ //LogInfo("Got incoming connection");
Connection_Info * connection = new Connection_Info(client_fd, (void *)this);
int res;
pthread_t client_thread;
pthread_detach(pthread_self());
std::auto_ptr<Connection_Info> c (static_cast<Connection_Info *>(data));
SecuritySocketService &t = *static_cast<SecuritySocketService *>(c->data);
- LogInfo("Starting connection thread");
+ //LogInfo("Starting connection thread");
Try {
t.connectionService(c->connfd);
} Catch (DPL::Exception){
close(c->connfd);
return (void*)1;
}
- LogInfo("Client serviced");
+ //LogInfo("Client serviced");
return (void*)0;
}
ReThrowMsg(DPL::Exception, "Socket Connection read error");
}
- LogDebug("Got interface : " << interfaceName);
- LogDebug("Got method : " << methodName);
+ //LogDebug("Got interface : " << interfaceName);
+ //LogDebug("Got method : " << methodName);
if( m_callbackMap.find(interfaceName) == m_callbackMap.end()){
LogError("Unknown interface : " << interfaceName);
}
}
- LogInfo("Calling service");
+ //LogInfo("Calling service");
Try{
m_callbackMap[interfaceName][methodName]->serviceCallback(&connector);
} Catch (ServiceCallbackApi::Exception::ServiceCallbackException){
ReThrowMsg(DPL::Exception, "Service callback error");
}
- LogInfo("Removing client");
+ //LogInfo("Removing client");
removeClientSocket(fd);
close(fd);
- LogInfo("Call served");
+ //LogInfo("Call served");
}
Type=notify
ExecStart=/usr/bin/wrt-security-daemon
Restart=always
+RestartSec=0
[Install]
WantedBy=multi-user.target
SocketMode=0777
PassCredentials=yes
Accept=false
+SmackLabelIPIn=wrt-security-daemon
+SmackLabelIPOut=wrt-security-daemon