USE_PER_USER_ESOUND_SOCKET=0
fi
+#### Cynara ####
+
+PKG_CHECK_MODULES(CYNARA, [cynara-client, cynara-creds-socket, cynara-session])
+AC_SUBST(CYNARA_CFLAGS)
+AC_SUBST(CYNARA_LIBS)
+
#### PulseAudio system runtime dir ####
PA_SYSTEM_RUNTIME_PATH="${localstatedir}/run/pulse"
BuildRequires: pkgconfig(vconf)
BuildRequires: systemd-devel
BuildRequires: libcap-devel
+BuildRequires: pkgconfig(cynara-client)
+BuildRequires: pkgconfig(cynara-creds-socket)
+BuildRequires: pkgconfig(cynara-session)
%if %{with pulseaudio_dlog}
BuildRequires: pkgconfig(dlog)
%endif
-DPA_ALSA_PROFILE_SETS_DIR=\"$(alsaprofilesetsdir)\"
AM_CFLAGS = \
$(PTHREAD_CFLAGS) \
+ $(CYNARA_CFLAGS) \
-DPA_SRCDIR=\"$(abs_srcdir)\" \
-DPA_BUILDDIR=\"$(abs_builddir)\"
AM_CXXFLAGS = $(AM_CFLAGS)
SERVER_CFLAGS = -D__INCLUDED_FROM_PULSE_AUDIO
AM_LIBADD = $(PTHREAD_LIBS) $(INTLLIBS)
-AM_LDADD = $(PTHREAD_LIBS) $(INTLLIBS)
+AM_LDADD = $(PTHREAD_LIBS) $(INTLLIBS) $(CYNARA_LIBS)
AM_LDFLAGS = $(NODELETE_LDFLAGS)
if HAVE_GCOV
libprotocol_http_la_LDFLAGS = $(AM_LDFLAGS) -avoid-version
libprotocol_http_la_LIBADD = $(AM_LIBADD) libpulsecore-@PA_MAJORMINOR@.la libpulsecommon-@PA_MAJORMINOR@.la libpulse.la
-libprotocol_native_la_SOURCES = pulsecore/protocol-native.c pulsecore/protocol-native.h pulsecore/native-common.h
+libprotocol_native_la_SOURCES = pulsecore/protocol-native.c pulsecore/protocol-native.h pulsecore/native-common.h \
+pulsecore/cynara.c pulsecore/cynara.h
libprotocol_native_la_CFLAGS = $(AM_CFLAGS) $(SERVER_CFLAGS)
libprotocol_native_la_LDFLAGS = $(AM_LDFLAGS) -avoid-version
libprotocol_native_la_LIBADD = $(AM_LIBADD) libpulsecore-@PA_MAJORMINOR@.la libpulsecommon-@PA_MAJORMINOR@.la libpulse.la
--- /dev/null
+#include <pulsecore/cynara.h>
+
+#include <config.h>
+#include <pulsecore/log.h>
+
+#include <cynara-creds-socket.h>
+#include <cynara-client.h>
+#include <cynara-session.h>
+
+void cynara_log(const char *string, int cynara_status) {
+ const int buflen = 255;
+ char buf[buflen];
+
+ int ret = cynara_strerror(cynara_status, buf, buflen);
+ if (ret != CYNARA_API_SUCCESS) {
+ strncpy(buf, "cynara_strerror failed", buflen);
+ buf[buflen - 1] = '\0';
+ }
+ if (cynara_status < 0)
+ pa_log_error("%s: %s", string, buf);
+ else
+ pa_log_debug("%s: %s", string, buf);
+}
+
+bool cynara_check_privilege(int fd, const char *privilege) {
+ cynara *p_cynara = NULL;
+ cynara_configuration *p_conf = NULL;
+
+ int ret = 0;
+ int result = false;
+
+ char *user = NULL;
+ char *client = NULL;
+ char *session = NULL;
+ int pid = 0;
+
+ ret = cynara_configuration_create(&p_conf);
+ cynara_log("cynara_configuration_create()", ret);
+ if (ret != CYNARA_API_SUCCESS) {
+ goto CLEANUP;
+ }
+
+ ret = cynara_configuration_set_cache_size(p_conf, 0);
+ cynara_log("cynara_configuration_set_cache_size()", ret);
+ if (ret != CYNARA_API_SUCCESS) {
+ goto CLEANUP;
+ }
+
+ ret = cynara_initialize(&p_cynara, p_conf);
+ cynara_log("cynara_initialize()", ret);
+ if (ret != CYNARA_API_SUCCESS) {
+ goto CLEANUP;
+ }
+
+ ret = cynara_creds_socket_get_user(fd, USER_METHOD_DEFAULT, &user);
+ cynara_log("cynara_creds_socket_get_user()", ret);
+ if (ret != CYNARA_API_SUCCESS) {
+ goto CLEANUP;
+ }
+
+ ret = cynara_creds_socket_get_pid(fd, &pid);
+ cynara_log("cynara_creds_socket_get_pid()", ret);
+ if (ret != CYNARA_API_SUCCESS) {
+ goto CLEANUP;
+ }
+
+ ret = cynara_creds_socket_get_client(fd, CLIENT_METHOD_DEFAULT, &client);
+ cynara_log("cynara_creds_socket_get_client()", ret);
+ if (ret != CYNARA_API_SUCCESS) {
+ goto CLEANUP;
+ }
+
+ session = cynara_session_from_pid(pid);
+ if (session == NULL) {
+ pa_log_error("cynara_session_from_pid(): failed");
+ goto CLEANUP;
+ }
+
+
+ pa_log_debug("cynara credentials - client: %s, session: %s, user: %s, privilege: %s", client, session, user, privilege);
+
+ ret = cynara_check(p_cynara, client, session, user, privilege);
+ cynara_log("cynara_check()", ret);
+ if (ret == CYNARA_API_ACCESS_ALLOWED) {
+ result = true;
+ }
+
+CLEANUP:
+ cynara_configuration_destroy(p_conf);
+ cynara_finish(p_cynara);
+ free(user);
+ free(session);
+ free(client);
+ return result;
+}
--- /dev/null
+#include <stdbool.h>
+
+#define VOLUME_SET_PRIVILEGE "http://tizen.org/privilege/volume.set"
+#define RECORDER_PRIVILEGE "http://tizen.org/privilege/recorder"
+
+void cynara_log(const char *string, int cynara_status);
+bool cynara_check_privilege(int fd, const char *privilege);
#include "protocol-native.h"
+#ifdef __TIZEN__
+#include <pulsecore/cynara.h>
+#include <pulsecore/iochannel.h>
+#endif
+
/* #define PROTOCOL_NATIVE_DEBUG */
/* Kick a client if it doesn't authenticate within this time */
pa_idxset *formats = NULL;
uint32_t i;
+ #ifdef __TIZEN__
+ int fd = pa_iochannel_get_send_fd(pa_pstream_get_iochannel(pa_native_connection_get_pstream(c)));
+ if (!cynara_check_privilege(fd, RECORDER_PRIVILEGE)) {
+ pa_pstream_send_simple_ack(c->pstream, tag);
+ return;
+ }
+ #endif
+
pa_native_connection_assert_ref(c);
pa_assert(t);
struct timeval tv, now;
uint32_t idx;
+ #ifdef __TIZEN__
+ int fd = pa_iochannel_get_send_fd(pa_pstream_get_iochannel(pa_native_connection_get_pstream(c)));
+ if (!cynara_check_privilege(fd, RECORDER_PRIVILEGE)) {
+ pa_pstream_send_simple_ack(c->pstream, tag);
+ return;
+ }
+ #endif
+
pa_native_connection_assert_ref(c);
pa_assert(t);
const char *name = NULL;
const char *client_name;
+ #ifdef __TIZEN__
+ int fd = pa_iochannel_get_send_fd(pa_pstream_get_iochannel(pa_native_connection_get_pstream(c)));
+ if (!cynara_check_privilege(fd, VOLUME_SET_PRIVILEGE)) {
+ pa_pstream_send_simple_ack(c->pstream, tag);
+ return;
+ }
+ #endif
+
pa_native_connection_assert_ref(c);
pa_assert(t);
const char *name = NULL;
const char *client_name;
+ #ifdef __TIZEN__
+ int fd = pa_iochannel_get_send_fd(pa_pstream_get_iochannel(pa_native_connection_get_pstream(c)));
+ if (!cynara_check_privilege(fd, VOLUME_SET_PRIVILEGE)) {
+ pa_pstream_send_simple_ack(c->pstream, tag);
+ return;
+ }
+ #endif
+
pa_native_connection_assert_ref(c);
pa_assert(t);
pa_source_output *so = NULL;
const char *name = NULL, *client_name;
+ #ifdef __TIZEN__
+ int fd = pa_iochannel_get_send_fd(pa_pstream_get_iochannel(pa_native_connection_get_pstream(c)));
+ if (!cynara_check_privilege(fd, VOLUME_SET_PRIVILEGE)) {
+ pa_pstream_send_simple_ack(c->pstream, tag);
+ return;
+ }
+ #endif
+
pa_native_connection_assert_ref(c);
pa_assert(t);
return p->use_shm;
}
+
+#ifdef __TIZEN__
+pa_iochannel *pa_pstream_get_iochannel(pa_pstream *p) {
+ return p->io;
+}
+#endif
void pa_pstream_enable_shm(pa_pstream *p, bool enable);
bool pa_pstream_get_shm(pa_pstream *p);
+#ifdef __TIZEN__
+pa_iochannel *pa_pstream_get_iochannel(pa_pstream *p);
+#endif
+
#endif