From: Sangkoo Kim Date: Thu, 9 Apr 2015 01:32:42 +0000 (+0900) Subject: Apply Cynara API X-Git-Tag: submit/tizen_mobile/20150410.093956^0 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=35fa17a60144a19ccae2814480d0be40d77261c3;p=platform%2Fcore%2Fmessaging%2Fmsg-service.git Apply Cynara API Change-Id: I8bd020538e757b97e6ea5bbc84abd970a72e36ea Signed-off-by: Sangkoo Kim --- diff --git a/externals/CMakeLists.txt b/externals/CMakeLists.txt index 9f49019..d2773e7 100755 --- a/externals/CMakeLists.txt +++ b/externals/CMakeLists.txt @@ -32,7 +32,7 @@ INCLUDE_DIRECTORIES( ) INCLUDE(FindPkgConfig) -pkg_check_modules(externals_pkgs REQUIRED glib-2.0 deviced mm-session alarm-service notification secure-storage badge iniparser capi-appfw-application lbs-dbus mm-fileinfo mm-player mm-sound sensor feedback db-util) +pkg_check_modules(externals_pkgs REQUIRED glib-2.0 deviced mm-session alarm-service notification badge iniparser capi-appfw-application lbs-dbus mm-fileinfo mm-player mm-sound sensor feedback db-util) FOREACH(flag ${externals_pkgs_CFLAGS}) SET(EXTRA_CFLAGS "${EXTRA_CFLAGS} ${flag}") diff --git a/framework/CMakeLists.txt b/framework/CMakeLists.txt index bc39d74..2cf6d2a 100755 --- a/framework/CMakeLists.txt +++ b/framework/CMakeLists.txt @@ -108,7 +108,7 @@ INCLUDE_DIRECTORIES( ) INCLUDE(FindPkgConfig) -pkg_check_modules(trans_manager_pkgs REQUIRED glib-2.0 security-server dlog vconf) +pkg_check_modules(trans_manager_pkgs REQUIRED glib-2.0 dlog vconf cynara-client cynara-creds-socket cynara-session cynara-creds-commons) FOREACH(flag ${trans_manager_pkgs_CFLAGS}) SET(EXTRA_CFLAGS "${EXTRA_CFLAGS} ${flag}") diff --git a/framework/main.cpp b/framework/main.cpp index c8b413f..fdb17d5 100755 --- a/framework/main.cpp +++ b/framework/main.cpp @@ -180,6 +180,10 @@ void* StartMsgServer(void*) { try { + if (MsgTransactionManager::instance()->initCynara() == false) { + MSG_ERR("Cynara initialize failed. It will try again when API is called."); + } + MsgTransactionManager::instance()->run(); } catch (MsgException& e) @@ -250,6 +254,8 @@ int main(void) MSG_DEBUG("Fail to start Messaging Framework!!!"); } + MsgTransactionManager::instance()->finishCynara(); + // Remove vconf CB MsgSettingRemoveVconfCB(); //contacts-service is not used for gear diff --git a/framework/transaction-manager/MsgTransManager.cpp b/framework/transaction-manager/MsgTransManager.cpp index 3c80160..c1f0e91 100755 --- a/framework/transaction-manager/MsgTransManager.cpp +++ b/framework/transaction-manager/MsgTransManager.cpp @@ -20,8 +20,6 @@ #include #include -#include - #include "MsgDebug.h" #include "MsgMemory.h" #include "MsgException.h" @@ -613,10 +611,52 @@ void MsgTransactionManager::cleanup(int fd) } -#if 1 bool MsgTransactionManager::checkPrivilege(int fd, MSG_CMD_TYPE_T CmdType) { bool bAllowed = true; + + int ret; + char *peer_client = NULL; + char *peer_user = NULL; + char *peer_session = NULL; + pid_t peer_pid; + + if (p_cynara == NULL) { + if (this->initCynara() == false) { + MSG_ERR("Cynara initialize failed. It will try again when API is called."); + bAllowed = false; + goto _END_OF_FUNC; + } + } + + ret = cynara_creds_socket_get_client(fd, client_method, &peer_client); + if (ret != CYNARA_API_SUCCESS) { + MSG_ERR("cynara_creds_socket_get_client() is failed [%d]", ret); + bAllowed = false; + goto _END_OF_FUNC; + } + + ret = cynara_creds_socket_get_user(fd, user_method, &peer_user); + if (ret != CYNARA_API_SUCCESS) { + MSG_ERR("cynara_creds_socket_get_user() is failed [%d]", ret); + bAllowed = false; + goto _END_OF_FUNC; + } + + ret = cynara_creds_socket_get_pid(fd, &peer_pid); + if (ret != CYNARA_API_SUCCESS) { + MSG_ERR("cynara_creds_socket_get_pid() is failed [%d]", ret); + bAllowed = false; + goto _END_OF_FUNC; + } + + peer_session = cynara_session_from_pid(peer_pid); + if (peer_session == NULL) { + MSG_ERR("cynara_session_from_pid() is failed"); + bAllowed = false; + goto _END_OF_FUNC; + } + switch(CmdType) { case MSG_CMD_GET_MSG: @@ -653,9 +693,10 @@ bool MsgTransactionManager::checkPrivilege(int fd, MSG_CMD_TYPE_T CmdType) case MSG_CMD_GET_GENERAL_MSG_OPT: case MSG_CMD_GET_MSG_SIZE_OPT: { - int ret = security_server_check_privilege_by_sockfd(fd, "msg-service::read", "rw"); - if (ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED) { - MSG_DEBUG("No msg-service::read rw rule."); + ret = cynara_check(p_cynara, peer_client, peer_session, peer_user, + "http://tizen.org/privilege/message.read"); + if (ret != CYNARA_API_ACCESS_ALLOWED) { + MSG_INFO("privilege [read] not allowd : [%d]", ret); bAllowed = false; } } @@ -696,92 +737,24 @@ bool MsgTransactionManager::checkPrivilege(int fd, MSG_CMD_TYPE_T CmdType) case MSG_CMD_SET_GENERAL_MSG_OPT: case MSG_CMD_SET_MSG_SIZE_OPT: { - int ret = security_server_check_privilege_by_sockfd(fd, "msg-service::write", "rw"); - if (ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED) { - MSG_DEBUG("No msg-service::write rw rule."); + ret = cynara_check(p_cynara, peer_client, peer_session, peer_user, + "http://tizen.org/privilege/message.write"); + if (ret != CYNARA_API_ACCESS_ALLOWED) { + MSG_INFO("privilege [write] not allowd : [%d]", ret); bAllowed = false; } } break; } +_END_OF_FUNC: + MSG_FREE(peer_client); + MSG_FREE(peer_user); + MSG_FREE(peer_session); + return bAllowed; } -#else -bool MsgTransactionManager::checkPrivilege(MSG_CMD_TYPE_T CmdType, const char *pCookie) -{ - if (CmdType >= MSG_CMD_PLG_SENT_STATUS_CNF && CmdType <= MSG_CMD_PLG_INIT_SIM_BY_SAT) - { - MSG_DEBUG("Request from Plug-in"); - return true; - } - - // Get Cookie from APP - if (pCookie == NULL) - { - MSG_DEBUG("Cookie is NULL"); - return false; - } - -#ifdef MSG_FOR_DEBUG - for (int i = 0; i < MAX_COOKIE_LEN; i++) - { - MSG_DEBUG("cookie : [%02x]", pCookie[i]); - } -#endif - - // Check Cookie - size_t cookieSize; - gid_t gid; - - cookieSize = security_server_get_cookie_size(); - - MSG_DEBUG("cookie size : [%d]", cookieSize); - -// char cookie[MAX_COOKIE_LEN]; - - // Get GID - if (CmdType == MSG_CMD_REG_INCOMING_SYNCML_MSG_CB) - { - MSG_DEBUG("get GID for message_sync"); - gid = security_server_get_gid("message_sync"); - } - else if (CmdType == MSG_CMD_REG_INCOMING_LBS_MSG_CB) - { - MSG_DEBUG("get GID for message_lbs"); - gid = security_server_get_gid("message_lbs"); - } - else - { - MSG_DEBUG("get GID for message"); - gid = security_server_get_gid("message"); - } - - MSG_DEBUG("gid [%d]", gid); - - int retVal = 0; - retVal = security_server_check_privilege(pCookie, gid); - - if (retVal < 0) - { - if (retVal == SECURITY_SERVER_API_ERROR_ACCESS_DENIED) - { - MSG_DEBUG("access denied !! [%d]", retVal); - } - else - { - MSG_DEBUG("fail to check privilege [%d]", retVal); - } - - return false; - } - - MSG_DEBUG("privilege check success !!"); - - return true; -} -#endif void MsgTransactionManager::setSentStatusCB(int listenerFd) { @@ -1332,6 +1305,51 @@ void MsgTransactionManager::getTMStatus() MSG_END(); } +bool MsgTransactionManager::initCynara() +{ + int ret; + + ret = cynara_initialize(&p_cynara, NULL); + + if (ret == CYNARA_API_SUCCESS) { + MSG_INFO("cynara_initialize() is successful"); + } else { + MSG_INFO("cynara_initialize() is failed [%d]", ret); + return false; + } + + ret = cynara_creds_get_default_client_method(&client_method); + if (ret != CYNARA_API_SUCCESS) { + MSG_ERR("cynara_creds_get_default_client_method() is failed [%d]", ret); + return false; + } + + ret = cynara_creds_get_default_user_method(&user_method); + if (ret != CYNARA_API_SUCCESS) { + MSG_ERR("cynara_creds_get_default_user_method() is failed [%d]", ret); + return false; + } + + return true; +} + + +void MsgTransactionManager::finishCynara() +{ + int ret; + + ret = cynara_finish(p_cynara); + + if (ret == CYNARA_API_SUCCESS) { + MSG_INFO("cynara_finish() is successful"); + } else { + MSG_INFO("cynara_finish() is failed [%d]",ret); + } + + p_cynara = NULL; +} + + #ifdef MSG_PENDING_PUSH_MESSAGE void MsgTransactionManager::sendPendingPushMsg(void) { diff --git a/include/framework/MsgTransManager.h b/include/framework/MsgTransManager.h index f9eeb94..81a32af 100755 --- a/include/framework/MsgTransManager.h +++ b/include/framework/MsgTransManager.h @@ -31,7 +31,10 @@ #include "MsgInternalTypes.h" #include "MsgTransportTypes.h" - +#include +#include +#include +#include /*================================================================================================== @@ -99,6 +102,9 @@ public: void setTMStatus(); void getTMStatus(); + bool initCynara(); + void finishCynara(); + private: MsgTransactionManager(); ~MsgTransactionManager(); @@ -135,6 +141,10 @@ private: Mutex mx; CndVar cv; MsgSimpleQ eventQueue; + + cynara *p_cynara; + enum cynara_client_creds client_method; + enum cynara_user_creds user_method; }; #endif //MSG_TRANSACTION_MANAGER_H diff --git a/msg-service.rule b/msg-service.rule index 00626ca..69a6c9c 100755 --- a/msg-service.rule +++ b/msg-service.rule @@ -22,7 +22,6 @@ msg-service data-provider-master::notification.client -w---- ------ msg-service data-provider-master::badge rw---- ------ msg-service data-provider-master::badge.client -w---- ------ msg-service oma-dm-agent::vconf_external r----- ------ -msg-service secure-storage rw---- ------ msg-service deviced::display rw---- ------ msg-service net-config rw---- ------ msg-service connman rw---- ------ @@ -31,9 +30,6 @@ msg-service connman::set rw---- ------ msg-service connman::profile rw---- ------ msg-service aul::launch --x--- ------ msg-service alarm-server::alarm rw---- ------ -msg-service security-server::api-get-gid -w---- ------ -msg-service security-server::api-cookie-check -w---- ------ -msg-service security-server::api-privilege-by-pid -w---- ------ msg-service device::app_logging -w---- ------ msg-service device::sys_logging -w---- ------ msg-service system::share -wx--- ------ diff --git a/packaging/msg-service.spec b/packaging/msg-service.spec index a304d19..0eb2a36 100755 --- a/packaging/msg-service.spec +++ b/packaging/msg-service.spec @@ -27,6 +27,10 @@ BuildRequires: pkgconfig(capi-network-connection) BuildRequires: pkgconfig(capi-system-info) #BuildRequires: pkgconfig(capi-telephony) BuildRequires: pkgconfig(contacts-service2) +BuildRequires: pkgconfig(cynara-client) +BuildRequires: pkgconfig(cynara-creds-commons) +BuildRequires: pkgconfig(cynara-creds-socket) +BuildRequires: pkgconfig(cynara-session) BuildRequires: pkgconfig(db-util) BuildRequires: pkgconfig(dbus-glib-1) BuildRequires: pkgconfig(deviced) @@ -50,8 +54,6 @@ BuildRequires: pkgconfig(mmutil-imgp) BuildRequires: pkgconfig(mmutil-jpeg) BuildRequires: pkgconfig(notification) BuildRequires: pkgconfig(privacy-manager-client) -BuildRequires: pkgconfig(secure-storage) -BuildRequires: pkgconfig(security-server) BuildRequires: pkgconfig(sensor) BuildRequires: pkgconfig(storage) BuildRequires: pkgconfig(tapi) diff --git a/proxy/CMakeLists.txt b/proxy/CMakeLists.txt index f54e982..7fbd079 100755 --- a/proxy/CMakeLists.txt +++ b/proxy/CMakeLists.txt @@ -31,7 +31,7 @@ INCLUDE_DIRECTORIES( ) INCLUDE(FindPkgConfig) -pkg_check_modules(trans_proxy_pkgs REQUIRED glib-2.0 dlog vconf security-server db-util) +pkg_check_modules(trans_proxy_pkgs REQUIRED glib-2.0 dlog vconf db-util) FOREACH(flag ${trans_proxy_pkgs_CFLAGS}) SET(EXTRA_CFLAGS "${EXTRA_CFLAGS} ${flag}") diff --git a/proxy/MsgHandleControl.cpp b/proxy/MsgHandleControl.cpp index 7c8f5c3..423e017 100755 --- a/proxy/MsgHandleControl.cpp +++ b/proxy/MsgHandleControl.cpp @@ -17,8 +17,6 @@ #include #include -#include - #include "MsgDebug.h" #include "MsgCppTypes.h" #include "MsgException.h" @@ -47,9 +45,6 @@ MsgHandle::~MsgHandle() void MsgHandle::openHandle() { -// int ret = 0; -// size_t cookieSize; - bool bReady = false; // server is currently booting and service is not available until the end of booting @@ -61,22 +56,8 @@ void MsgHandle::openHandle() MSG_INFO("Msg Server is ready !!!!!"); } - // Get Cookie Size -// cookieSize = security_server_get_cookie_size(); - -// MSG_DEBUG("cookie size : [%d]", cookieSize); - - // Request Cookie -// ret = security_server_request_cookie(mCookie, cookieSize); - -// if (ret < 0) { -// MSG_DEBUG("security_server_request_cookie() error!! [%d]", ret); -// return; -// } - // Open Socket IPC connectSocket(); -// getDbHandle(); /* register db handler */ }