This patch adds privilege checkers using the newly added DBus methods in context-service.
Change-Id: Ib6fccfb0ea7077f9be12f05b0716ea419e8f45bd
Signed-off-by: Mu-Woong Lee <muwoong.lee@samsung.com>
return error;
}
+
+int DBusClient::call(const char *method)
+{
+ int ret = ERR_NONE;
+ GError *err = NULL;
+
+ GVariant *response = g_dbus_connection_call_sync(__connection, DBUS_DEST, DBUS_PATH, DBUS_IFACE,
+ method, NULL, NULL, G_DBUS_CALL_FLAGS_NONE, DBUS_TIMEOUT, NULL, &err);
+
+ if (response) {
+ g_variant_unref(response);
+ return ERR_NONE;
+ }
+
+ ret = ERR_OPERATION_FAILED;
+ if (err->code == G_DBUS_ERROR_ACCESS_DENIED)
+ ret = ERR_PERMISSION_DENIED;
+
+ HANDLE_GERROR(err);
+ return ret;
+}
int write(std::string subject, Json inputData);
int write(std::string subject, Json inputData, Json *result);
+ int call(const char *method);
+
private:
static void __onMethodCalled(GDBusConnection *conn, const gchar *sender,
const gchar *path, const gchar *iface, const gchar *name,
//#include <sstream>
//#include <iomanip>
#include <Types.h>
+#include <DBusTypes.h>
#include <Json.h>
#include <app_control_internal.h>
#include <bundle.h>
#include <pkgmgr-info.h>
#include "request_handler.h"
#include "rule_validator.h"
-#include "priv_util.h"
#define INITIAL_RULE "{ \"ID\" : -1, \"DESCRIPTION\" : \"\", \"DETAILS\" : { } }"
#define INITIAL_ENTRY "{ \"DATA_ARR\" : [ ] }"
int error;
// Privilege check
- error = ctx::privilege_util::is_allowed("appmanager.launch");
+ error = ctx::request_handler::call(METHOD_CHK_PRIV_APPLAUNCH);
IF_FAIL_RETURN_TAG(error == ERR_NONE, error, _E, "Privilege checking failed (%#x)", error);
if (is_call_operation(app_control)) {
- error = ctx::privilege_util::is_allowed("call");
+ error = ctx::request_handler::call(METHOD_CHK_PRIV_CALL);
IF_FAIL_RETURN_TAG(error == ERR_NONE, error, _E, "Privilege checking failed (%#x)", error);
}
ASSERT_NOT_NULL(rule && title && content);
// Privilege check
- int error = ctx::privilege_util::is_allowed("notification");
+ int error = ctx::request_handler::call(METHOD_CHK_PRIV_NOTIFICATION);
IF_FAIL_RETURN_TAG(error == ERR_NONE, error, _E, "Privilege checking failed (%#x)", error);
// if action arleady exists
+++ /dev/null
-/*
- * Copyright (c) 2015 Samsung Electronics Co., Ltd.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#include <glib.h>
-#include <string>
-#include <Types.h>
-#include "priv_util.h"
-
-int ctx::privilege_util::is_allowed(const char* priv)
-{
- /* TODO: Re-implement using Cynara */
-#if 0
- IF_FAIL_RETURN_TAG(priv, ERR_OPERATION_FAILED, _E, "Invalid parameter");
-
- char *subject = NULL;
- int ret = smack_new_label_from_self(&subject);
- IF_FAIL_RETURN_TAG(ret == 0 && subject != NULL, ERR_OPERATION_FAILED, _E, "Getting smack label failed");
-
- std::string priv_name = "privilege::tizen::";
- priv_name += priv;
- ret = smack_have_access(subject, priv_name.c_str(), "rw");
- g_free(subject);
-
- if (ret == 1)
- return ERR_NONE;
-
- if (ret == 0)
- return ERR_PERMISSION_DENIED;
-
- return ERR_OPERATION_FAILED;
-#endif
- return ERR_NONE;
-}
+++ /dev/null
-/*
- * Copyright (c) 2015 Samsung Electronics Co., Ltd.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#ifndef __CONTEXT_PRIVILEGE_UTIL_H__
-#define __CONTEXT_PRIVILEGE_UTIL_H__
-
-#include <string>
-
-namespace ctx {
- namespace privilege_util {
-
- int is_allowed(const char* priv);
-
- }
-} /* namespace ctx */
-
-#endif /* __CONTEXT_PRIVILEGE_UTIL_H__ */
return __dbusClient.isSupported(subject);
}
+SO_EXPORT int ctx::request_handler::call(const char* method)
+{
+ return __dbusClient.call(method);
+}
+
SO_EXPORT bool ctx::request_handler::register_callback(const char* subject, subject_response_cb callback)
{
__dbusListener.setCb(subject, callback);
*/
int is_supported(const char* subject);
+ int call(const char* method);
+
} } /* namespace ctx::request_handler */
#endif // __CONTEXT_LIB_REQUEST_HANDLER_H__