From: Marcel Holtmann <marcel@holtmann.org>
Date: Thu, 9 Sep 2010 16:44:06 +0000 (+0200)
Subject: Update support for PolicyKit with GDBus security integration
X-Git-Tag: 2.0_alpha~2441
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=3681fe237d4c9ed4b5a6f432c1002e25964207d8;p=framework%2Fconnectivity%2Fconnman.git

Update support for PolicyKit with GDBus security integration
---

diff --git a/Makefile.plugins b/Makefile.plugins
index 4ca78d3..5ce6c52 100644
--- a/Makefile.plugins
+++ b/Makefile.plugins
@@ -163,13 +163,10 @@ if POLKIT
 if POLKIT_BUILTIN
 builtin_modules += polkit
 builtin_sources += plugins/polkit.c
-builtin_libadd += @POLKIT_LIBS@
-builtin_cflags += @POLKIT_CFLAGS@
 else
 plugin_LTLIBRARIES += plugins/polkit.la
 plugin_objects += $(plugins_polkit_la_OBJECTS)
-plugins_polkit_la_CFLAGS = $(plugin_cflags) @POLKIT_CFLAGS@
-plugins_polkit_la_LIBADD = @POLKIT_LIBS@ @GLIB_LIBS@
+plugins_polkit_la_CFLAGS = $(plugin_cflags)
 plugins_polkit_la_LDFLAGS = $(plugin_ldflags)
 endif
 
diff --git a/configure.ac b/configure.ac
index 75abaf5..a02d6de 100644
--- a/configure.ac
+++ b/configure.ac
@@ -293,13 +293,10 @@ AC_ARG_ENABLE(polkit,
 	AC_HELP_STRING([--enable-polkit], [enable PolicyKit support]),
 			[enable_polkit=${enableval}], [enable_polkit="no"])
 if (test "${enable_polkit}" != "no"); then
-	PKG_CHECK_MODULES(POLKIT, polkit-dbus >= 0.7, dummy=yes,
-				AC_MSG_ERROR(PolicyKit >= 0.7 is required))
-	AC_SUBST(POLKIT_CFLAGS)
-	AC_SUBST(POLKIT_LIBS)
-	POLKIT_DATADIR="`$PKG_CONFIG --variable=policydir polkit`"
+	POLKIT_DATADIR="`$PKG_CONFIG --variable=actiondir polkit`"
+	POLKIT_DATADIR=""
 	if (test -z "${POLKIT_DATADIR}"); then
-		POLKIT_DATADIR="${datadir}/PolicyKit/policy"
+		POLKIT_DATADIR="${datadir}/polkit-1/actions"
 	fi
 	AC_SUBST(POLKIT_DATADIR)
 fi
diff --git a/plugins/polkit.c b/plugins/polkit.c
index 8590dde..be72eb0 100644
--- a/plugins/polkit.c
+++ b/plugins/polkit.c
@@ -23,156 +23,32 @@
 #include <config.h>
 #endif
 
-#include <errno.h>
-
-#include <glib.h>
-#include <polkit-dbus/polkit-dbus.h>
+#include <gdbus.h>
 
 #define CONNMAN_API_SUBJECT_TO_CHANGE
 #include <connman/plugin.h>
 #include <connman/security.h>
-#include <connman/dbus.h>
-#include <connman/log.h>
-
-#define ACTION_MODIFY "org.moblin.connman.modify"
-#define ACTION_SECRET "org.moblin.connman.secret"
-
-static DBusConnection *connection;
-static PolKitContext *polkit_context;
-
-static int polkit_authorize(const char *sender,
-				enum connman_security_privilege privilege)
-{
-	DBusError error;
-	PolKitCaller *caller;
-	PolKitAction *action;
-	PolKitResult result;
-	const char *id = NULL;
-
-	DBG("sender %s", sender);
-
-	switch (privilege) {
-	case CONNMAN_SECURITY_PRIVILEGE_PUBLIC:
-		return 0;
-	case CONNMAN_SECURITY_PRIVILEGE_MODIFY:
-		id = ACTION_MODIFY;
-		break;
-	case CONNMAN_SECURITY_PRIVILEGE_SECRET:
-		id = ACTION_SECRET;
-		break;
-	}
-
-	dbus_error_init(&error);
-
-	caller = polkit_caller_new_from_dbus_name(connection, sender, &error);
-	if (caller == NULL) {
-		if (dbus_error_is_set(&error) == TRUE) {
-			connman_error("%s", error.message);
-			dbus_error_free(&error);
-		} else
-			connman_error("Failed to get caller information");
-		return -EIO;
-	}
-
-	action = polkit_action_new();
-	polkit_action_set_action_id(action, id);
-
-	result = polkit_context_is_caller_authorized(polkit_context,
-						action, caller, TRUE, NULL);
 
-	polkit_action_unref(action);
-	polkit_caller_unref(caller);
-
-	DBG("result %s", polkit_result_to_string_representation(result));
-
-	if (result == POLKIT_RESULT_NO)
-		return -EPERM;
-
-	return 0;
-}
-
-static struct connman_security polkit_security = {
-	.name			= "polkit",
-	.authorize_sender	= polkit_authorize,
+static const GDBusSecurityTable polkit_security[] = {
+	{ CONNMAN_SECURITY_PRIVILEGE_MODIFY, "org.moblin.connman.modify",
+				G_DBUS_SECURITY_FLAG_BUILTIN |
+				G_DBUS_SECURITY_FLAG_ALLOW_INTERACTION },
+	{ CONNMAN_SECURITY_PRIVILEGE_SECRET, "org.moblin.connman.secret",
+				G_DBUS_SECURITY_FLAG_BUILTIN |
+				G_DBUS_SECURITY_FLAG_ALLOW_INTERACTION },
+	{ }
 };
 
-static gboolean watch_event(GIOChannel *channel, GIOCondition condition,
-							gpointer user_data)
-{
-	PolKitContext *context = user_data;
-	int fd;
-
-	DBG("context %p", context);
-
-	fd = g_io_channel_unix_get_fd(channel);
-
-	polkit_context_io_func(context, fd);
-
-	return TRUE;
-}
-
-static int add_watch(PolKitContext *context, int fd)
-{
-	GIOChannel *channel;
-	guint id = 0;
-
-	DBG("context %p", context);
-
-	channel = g_io_channel_unix_new(fd);
-	if (channel == NULL)
-		return 0;
-
-	id = g_io_add_watch(channel, G_IO_IN, watch_event, context);
-
-	g_io_channel_unref(channel);
-
-	return id;
-}
-
-static void remove_watch(PolKitContext *context, int id)
-{
-	DBG("context %p", context);
-
-	g_source_remove(id);
-}
-
 static int polkit_init(void)
 {
-	int err;
-
-	connection = connman_dbus_get_connection();
-	if (connection == NULL)
-		return -EIO;
-
-	polkit_context = polkit_context_new();
-
-	polkit_context_set_io_watch_functions(polkit_context,
-						add_watch, remove_watch);
-
-	if (polkit_context_init(polkit_context, NULL) == FALSE) {
-		connman_error("Can't initialize PolicyKit");
-		polkit_context_unref(polkit_context);
-		dbus_connection_unref(connection);
-		return -EIO;
-	}
-
-	err = connman_security_register(&polkit_security);
-	if (err < 0) {
-		polkit_context_unref(polkit_context);
-		dbus_connection_unref(connection);
-		return err;
-	}
+	g_dbus_register_security(polkit_security);
 
 	return 0;
 }
 
 static void polkit_exit(void)
 {
-	connman_security_unregister(&polkit_security);
-
-	polkit_context_unref(polkit_context);
-
-	dbus_connection_unref(connection);
+	g_dbus_unregister_security(polkit_security);
 }
 
 CONNMAN_PLUGIN_DEFINE(polkit, "PolicyKit authorization plugin", VERSION,