From: Mu-Woong <muwoong.lee@samsung.com>
Date: Thu, 15 Oct 2015 05:38:12 +0000 (+0900)
Subject: Replace Security-server with Cynara
X-Git-Tag: submit/tizen/20151218.070016~30
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=refs%2Fchanges%2F60%2F49560%2F4;p=platform%2Fcore%2Fsystem%2Fsensord.git

Replace Security-server with Cynara

Change-Id: If00a9d7d3d87a2f7b01c33e8d2b0986a69a19e82
Signed-off-by: Mu-Woong <muwoong.lee@samsung.com>
---

diff --git a/packaging/sensord.spec b/packaging/sensord.spec
index 1287566..d1a34e3 100755
--- a/packaging/sensord.spec
+++ b/packaging/sensord.spec
@@ -16,6 +16,9 @@ BuildRequires:  pkgconfig(glib-2.0)
 BuildRequires:  pkgconfig(vconf)
 BuildRequires:  pkgconfig(libsystemd-daemon)
 BuildRequires:  pkgconfig(capi-system-info)
+BuildRequires:  pkgconfig(cynara-creds-socket)
+BuildRequires:  pkgconfig(cynara-client)
+BuildRequires:  pkgconfig(cynara-session)
 
 %define accel_state ON
 %define auto_rotation_state ON
diff --git a/src/server/CMakeLists.txt b/src/server/CMakeLists.txt
index 10f737d..bb7a221 100755
--- a/src/server/CMakeLists.txt
+++ b/src/server/CMakeLists.txt
@@ -2,7 +2,7 @@ cmake_minimum_required(VERSION 2.6)
 project(sensord CXX)
 
 INCLUDE(FindPkgConfig)
-PKG_CHECK_MODULES(server_pkgs REQUIRED glib-2.0 gio-2.0 dlog libsystemd-daemon)
+PKG_CHECK_MODULES(server_pkgs REQUIRED glib-2.0 gio-2.0 dlog libsystemd-daemon cynara-client cynara-creds-socket cynara-session)
 
 FOREACH(flag ${server_pkgs_LDFLAGS})
 	SET(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} ${flag}")
diff --git a/src/server/permission_checker.cpp b/src/server/permission_checker.cpp
index ad05b02..f4fff18 100755
--- a/src/server/permission_checker.cpp
+++ b/src/server/permission_checker.cpp
@@ -17,27 +17,57 @@
  *
  */
 
+#include <cynara-client.h>
+#include <cynara-creds-socket.h>
+#include <cynara-session.h>
 #include <permission_checker.h>
 #include <sf_common.h>
 #include <common.h>
 #include <sensor_plugin_loader.h>
 #include <sensor_base.h>
-#include <dlfcn.h>
 
-#define SECURITY_LIB "/usr/lib/libsecurity-server-client.so.1"
+static cynara *cynara_env = NULL;
+
+static bool check_privilege_by_sockfd(int sock_fd, const char *priv)
+{
+	retvm_if(cynara_env == NULL, false, "Cynara not initialized");
+
+	int ret;
+	int pid = -1;
+	char *client = NULL;
+	char *session = NULL;
+	char *user = NULL;
+
+	retvm_if(cynara_creds_socket_get_pid(sock_fd, &pid) != CYNARA_API_SUCCESS, false, "Getting PID failed");
+
+	if (cynara_creds_socket_get_client(sock_fd, CLIENT_METHOD_DEFAULT, &client) != CYNARA_API_SUCCESS ||
+			cynara_creds_socket_get_user(sock_fd, USER_METHOD_DEFAULT, &user) != CYNARA_API_SUCCESS ||
+			(session = cynara_session_from_pid(pid)) == NULL) {
+		ERR("Getting client info failed");
+		free(client);
+		free(user);
+		free(session);
+		return false;
+	}
+
+	ret = cynara_check(cynara_env, client, session, user, priv);
+
+	free(client);
+	free(session);
+	free(user);
+
+	return (ret == CYNARA_API_ACCESS_ALLOWED);
+}
 
 permission_checker::permission_checker()
-: m_security_server_check_privilege_by_sockfd(NULL)
-, m_security_handle(NULL)
-, m_permission_set(0)
+: m_permission_set(0)
 {
 	init();
 }
 
 permission_checker::~permission_checker()
 {
-	if (m_security_handle)
-		dlclose(m_security_handle);
+	deinit();
 }
 
 permission_checker& permission_checker::get_instance()
@@ -46,33 +76,10 @@ permission_checker& permission_checker::get_instance()
 	return inst;
 }
 
-bool permission_checker::init_security_lib(void)
-{
-	m_security_handle = dlopen(SECURITY_LIB, RTLD_LAZY);
-
-	if (!m_security_handle) {
-		ERR("dlopen(%s) error, cause: %s", SECURITY_LIB, dlerror());
-		return false;
-	}
-
-	m_security_server_check_privilege_by_sockfd =
-		(security_server_check_privilege_by_sockfd_t) dlsym(m_security_handle, "security_server_check_privilege_by_sockfd");
-
-	if (!m_security_server_check_privilege_by_sockfd) {
-		ERR("Failed to load symbol");
-		dlclose(m_security_handle);
-		m_security_handle = NULL;
-		return false;
-	}
-
-	return true;
-
-}
-
 void permission_checker::init()
 {
-	m_permission_infos.push_back(std::make_shared<permission_info> (SENSOR_PERMISSION_STANDARD, false, "", ""));
-	m_permission_infos.push_back(std::make_shared<permission_info> (SENSOR_PERMISSION_BIO, true, "sensord::bio", "rw"));
+	m_permission_infos.push_back(std::make_shared<permission_info> (SENSOR_PERMISSION_STANDARD, false, ""));
+	m_permission_infos.push_back(std::make_shared<permission_info> (SENSOR_PERMISSION_BIO, true, "http://tizen.org/privilege/healthinfo"));
 
 	vector<sensor_base *> sensors;
 	sensors = sensor_plugin_loader::get_instance().get_sensors(ALL_SENSOR);
@@ -82,8 +89,18 @@ void permission_checker::init()
 
 	INFO("Permission Set = %d", m_permission_set);
 
-	if (!init_security_lib())
-		ERR("Failed to init security lib: %s", SECURITY_LIB);
+	if (cynara_initialize(&cynara_env, NULL) != CYNARA_API_SUCCESS) {
+		cynara_env = NULL;
+		ERR("Cynara initialization failed");
+	}
+}
+
+void permission_checker::deinit()
+{
+	if (cynara_env)
+		cynara_finish(cynara_env);
+
+	cynara_env = NULL;
 }
 
 int permission_checker::get_permission(int sock_fd)
@@ -93,8 +110,8 @@ int permission_checker::get_permission(int sock_fd)
 	for (unsigned int i = 0; i < m_permission_infos.size(); ++i) {
 		if (!m_permission_infos[i]->need_to_check) {
 			permission |= m_permission_infos[i]->permission;
-		} else if ((m_permission_set & m_permission_infos[i]->permission) && m_security_server_check_privilege_by_sockfd) {
-			if (m_security_server_check_privilege_by_sockfd(sock_fd, m_permission_infos[i]->name.c_str(), m_permission_infos[i]->access_right.c_str()) == 1) {
+		} else if (m_permission_set & m_permission_infos[i]->permission) {
+			if (check_privilege_by_sockfd(sock_fd, m_permission_infos[i]->privilege.c_str())) {
 				permission |= m_permission_infos[i]->permission;
 			}
 		}
diff --git a/src/server/permission_checker.h b/src/server/permission_checker.h
index ad94708..8acc6ac 100755
--- a/src/server/permission_checker.h
+++ b/src/server/permission_checker.h
@@ -28,38 +28,30 @@ class permission_checker {
 private:
 	class permission_info {
 		public:
-		permission_info(int _permission, bool _need_to_check, std::string _name, std::string _access_right)
+		permission_info(int _permission, bool _need_to_check, std::string _priv)
 		: permission(_permission)
 		, need_to_check(_need_to_check)
-		, name(_name)
-		, access_right(_access_right)
+		, privilege(_priv)
 		{
 		}
 		int permission;
 		bool need_to_check;
-		std::string name;
-		std::string access_right;
+		std::string privilege;
 	};
 
 	typedef std::vector<std::shared_ptr<permission_info>> permission_info_vector;
 
-	typedef int (*security_server_check_privilege_by_sockfd_t)(int sockfd,
-			  const char *object,
-			  const char *access_rights);
-
 	permission_checker();
 	~permission_checker();
 	permission_checker(permission_checker const&) {};
 	permission_checker& operator=(permission_checker const&);
 
-	bool init_security_lib(void);
 	void init();
-
-	security_server_check_privilege_by_sockfd_t m_security_server_check_privilege_by_sockfd;
-	void *m_security_handle;
+	void deinit();
 
 	permission_info_vector m_permission_infos;
 	int m_permission_set;
+
 public:
 	static permission_checker& get_instance();