From: gloryj.kim Date: Wed, 9 Sep 2015 12:57:07 +0000 (+0900) Subject: Implement cynara check for CTC X-Git-Tag: accepted/tizen/mobile/20150909.140916^0 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=632fb821535425a5277f3eebd0da29627c2df887;p=platform%2Fframework%2Fweb%2Fdownload-provider.git Implement cynara check for CTC Change-Id: I5688a220d9cd0f0b4f76b2fad3cdbb4aa3d6e6a8 --- diff --git a/packaging/download-provider.spec b/packaging/download-provider.spec index 017a564..7e8bb7e 100644 --- a/packaging/download-provider.spec +++ b/packaging/download-provider.spec @@ -37,6 +37,11 @@ BuildRequires: pkgconfig(security-server) BuildRequires: pkgconfig(notification) %endif +BuildRequires: pkgconfig(cynara-client) +BuildRequires: pkgconfig(cynara-client-async) +BuildRequires: pkgconfig(cynara-creds-socket) +BuildRequires: pkgconfig(cynara-creds-dbus) + %description Description: Download the contents in background diff --git a/provider/CMakeLists.txt b/provider/CMakeLists.txt index 43862ef..ab93960 100755 --- a/provider/CMakeLists.txt +++ b/provider/CMakeLists.txt @@ -20,7 +20,12 @@ pkg_check_modules(dp2_pkgs REQUIRED glib-2.0 libsmack dlog libsystemd-daemon - vconf) + vconf + cynara-client + cynara-client-async + cynara-creds-socket + cynara-creds-dbus + ) FOREACH(flag ${dp2_pkgs_CFLAGS}) SET(EXTRA_CFLAGS "${EXTRA_CFLAGS} ${flag}") diff --git a/provider/download-provider-client-manager.c b/provider/download-provider-client-manager.c index 5eba123..13be555 100644 --- a/provider/download-provider-client-manager.c +++ b/provider/download-provider-client-manager.c @@ -30,6 +30,11 @@ #include #include +#include +#include +#include +#include + #include #include #include @@ -406,7 +411,8 @@ static int __dp_client_new(int clientfd, dp_client_slots_fmt *clients, return DP_ERROR_INVALID_PARAMETER; } -#ifdef SUPPORT_SECURITY_PRIVILEGE +#ifdef SUPPORT_SECURITY_PRIVILEGE_OLD + TRACE_DEBUG("SUPPORT_SECURITY_PRIVILEGE_OLD"); int result = security_server_check_privilege_by_sockfd(clientfd, SECURITY_PRIVILEGE_INTERNET, "w"); if (result != SECURITY_SERVER_API_SUCCESS) { TRACE_ERROR("check privilege permission:%d", result); @@ -414,6 +420,61 @@ static int __dp_client_new(int clientfd, dp_client_slots_fmt *clients, } #endif +#if 1 + TRACE_DEBUG("SUPPORT_SECURITY_PRIVILEGE"); + // Cynara structure init + int ret; + cynara *p_cynara; + //cynara_configuration conf; + ret = cynara_initialize(&p_cynara, NULL); + if(ret != CYNARA_API_SUCCESS) { /* error */ } + + // Get client peer credential + char *clientSmack; + ret = cynara_creds_socket_get_client(clientfd, CLIENT_METHOD_SMACK, &clientSmack); + // In case of D-bus peer credential?? + // ret = cynara_creds_dbus_get_client(DBusConnection *connection, const char *uniqueName,CLIENT_METHOD_SMACK, &clientSmack); + if(ret != CYNARA_API_SUCCESS) { /* error */ } + + char *uid; + ret = cynara_creds_socket_get_user(clientfd, USER_METHOD_UID, &uid); + // In case of D-bus peer credential?? + // ret = cynara_creds_dbus_get_client(DBusConnection *connection, const char *uniqueName,CLIENT_METHOD_SMACK, &clientSmack); + if (ret != CYNARA_API_SUCCESS) { /* error */ } + + /* Concept of session is service-specific. + * Might be empty string if service does not have such concept + */ + char *client_session=""; + + // Cynara check + + ret = cynara_check(p_cynara, clientSmack, client_session, uid, "http://tizen.org/privilege/download"); + + if(ret == CYNARA_API_ACCESS_ALLOWED) { + TRACE_DEBUG("CYNARA_API_ACCESS_ALLOWED"); + } else { + TRACE_DEBUG("DP_ERROR_PERMISSION_DENIED"); + return DP_ERROR_PERMISSION_DENIED; + } + + // Cleanup of cynara structure + if(clientSmack) { + //free(clientSmack); + } + + if(client_session) { + //free(client_session); + } + + if(uid) { + //free(uid); + } + + cynara_finish(p_cynara); + +#endif + // EINVAL: empty slot // EBUSY : occupied slot // locked & thread == 0 : downloading without client <= check target @@ -594,7 +655,7 @@ void *dp_client_manager(void *arg) } // blocking & timeout to prevent the lockup by client. - struct timeval tv_timeo = {5, 500000}; // 5.5 sec + struct timeval tv_timeo = {1, 500000}; // 1.5 sec if (setsockopt(clientfd, SOL_SOCKET, SO_RCVTIMEO, &tv_timeo, sizeof(tv_timeo)) < 0) { TRACE_ERROR("failed to set timeout in blocking socket");