From: Mu-Woong Lee Date: Tue, 24 May 2016 04:36:50 +0000 (+0900) Subject: Add LEGACY_SECURITY build feature for supporting security-server based privilege... X-Git-Tag: submit/tizen/20160622.045445~1^2~4 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=2cf7718ddff5bc856f4d539ab0bce577ad94a24f;p=platform%2Fcore%2Fapi%2Fcontext.git Add LEGACY_SECURITY build feature for supporting security-server based privilege control If LEGACY_SECURITY is set to 1, the security cookie of the app is bundled in all dbus calls. Change-Id: I18d794e20ff337944dbeb10a5c917664b00e3b00 Signed-off-by: Mu-Woong Lee --- diff --git a/CMakeLists.txt b/CMakeLists.txt index dfdcf02..ef82e59 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -12,6 +12,11 @@ MESSAGE("Sources: ${SRCS}") # Dependencies SET(DEPS "gio-2.0 libcontext-shared aul bundle capi-appfw-app-control pkgmgr-info") +IF(${LEGACY_SECURITY}) + SET(DEPS "${DEPS} security-server") + ADD_DEFINITIONS(-DLEGACY_SECURITY) +ENDIF(${LEGACY_SECURITY}) + # Common Options INCLUDE(FindPkgConfig) INCLUDE_DIRECTORIES( diff --git a/packaging/context.spec b/packaging/context.spec index 9a84f71..dddc1bc 100644 --- a/packaging/context.spec +++ b/packaging/context.spec @@ -8,6 +8,7 @@ Source0: %{name}-%{version}.tar.gz %define BUILD_PROFILE %{?profile}%{!?profile:%{?tizen_profile_name}} +%define LEGACY_SECURITY 0 %define LEGACY_APPFW 0 %if "%{?BUILD_PROFILE}" == "tv" @@ -22,6 +23,10 @@ BuildRequires: pkgconfig(bundle) BuildRequires: pkgconfig(capi-appfw-app-control) BuildRequires: pkgconfig(pkgmgr-info) +%if %{LEGACY_SECURITY} +BuildRequires: pkgconfig(security-server) +%endif + %description Tizen Context Framework Native API @@ -58,6 +63,7 @@ export CXXFLAGS+=" -D_ALLOW_SERVICE_APP_TRIGGER_" cmake . -DCMAKE_INSTALL_PREFIX=%{_prefix} -DMAJORVER=${MAJORVER} -DFULLVER=%{version} \ -DPROFILE=%{?BUILD_PROFILE} \ + -DLEGACY_SECURITY=%{LEGACY_SECURITY} \ -DLEGACY_APPFW=%{LEGACY_APPFW} make %{?jobs:-j%jobs} diff --git a/src/DBusClient.cpp b/src/DBusClient.cpp index 918a9b9..d8a6d24 100644 --- a/src/DBusClient.cpp +++ b/src/DBusClient.cpp @@ -19,6 +19,32 @@ #include #include "DBusClient.h" +#ifdef LEGACY_SECURITY +#include + +static const char* __getCookie() +{ + static char *cookie = NULL; + static GMutex cookieMutex; + + ctx::ScopeMutex sm(&cookieMutex); + + if (cookie == NULL) { + int rawSize = security_server_get_cookie_size(); + IF_FAIL_RETURN_TAG(rawSize > 0, NULL, _E, "Invalid cookie size"); + + char rawCookie[rawSize]; + int ret = security_server_request_cookie(rawCookie, rawSize); + IF_FAIL_RETURN_TAG(ret >= 0, NULL, _E, "Failed to get the security cookie"); + + cookie = g_base64_encode(reinterpret_cast(rawCookie), rawSize); + IF_FAIL_RETURN_TAG(cookie, NULL, _E, "Failed to encode the cookie"); + } + + return cookie; +} +#endif + using namespace ctx; static const gchar __introspection[] = @@ -176,9 +202,13 @@ int DBusClient::__request(int type, int reqId, const char* subject, const char* if (input == NULL) input = EMPTY_JSON_OBJECT; - /* FIXME: the second param is the security cookie, which is deprected in 3.0. - * We need to completely REMOVE this parameter from the dbus protocol. */ +#ifdef LEGACY_SECURITY + const char *cookie = __getCookie(); + IF_FAIL_RETURN_TAG(cookie, ERR_OPERATION_FAILED, _E, "Cookie generation failed"); + GVariant *param = g_variant_new("(isiss)", type, cookie, reqId, subject, input); +#else GVariant *param = g_variant_new("(isiss)", type, "", reqId, subject, input); +#endif IF_FAIL_RETURN_TAG(param, ERR_OUT_OF_MEMORY, _E, "Memory allocation failed"); GError *err = NULL;