From: sungwook79.park Date: Mon, 14 Mar 2016 06:26:13 +0000 (+0900) Subject: Check privilege by cynara X-Git-Tag: submit/tizen/20160314.115222~1 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=refs%2Fchanges%2F62%2F62062%2F10;p=platform%2Fcore%2Fapi%2Finputmethod-manager.git Check privilege by cynara Change-Id: Ie8f046aad66853f46da5b967a97fdee1d90b02e9 Signed-off-by: sungwook79.park --- diff --git a/CMakeLists.txt b/CMakeLists.txt index ffd2ab7..e9d9893 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -7,7 +7,7 @@ SET(maintainer "Sungmin Kwak ") SET(description "Input Method Manager APIs") SET(service "ui") SET(submodule "inputmethod-manager") -SET(dependents "capi-base-common dlog isf") +SET(dependents "capi-base-common dlog isf cynara-client cynara-session") SET(LIBDIR ${LIB_INSTALL_DIR}) SET(Services diff --git a/include/privilege_checker_private.h b/include/privilege_checker_private.h new file mode 100644 index 0000000..9edaaf5 --- /dev/null +++ b/include/privilege_checker_private.h @@ -0,0 +1,10 @@ +#ifndef __PRIVILEGE_CHECKER_H +#define __PRIVILEGE_CHECKER_H + +#define IME_MANAGER_PRIVILEGE "http://tizen.org/privilege/imemanager" + +bool inputmethod_cynara_initialize(); +void inputmethod_cynara_finish(); +bool check_privilege(const char *uid, const char *privilege); + +#endif //__PRIVILEGE_CHECKER_H diff --git a/packaging/capi-ui-inputmethod-manager.spec b/packaging/capi-ui-inputmethod-manager.spec index d055728..c7825ad 100644 --- a/packaging/capi-ui-inputmethod-manager.spec +++ b/packaging/capi-ui-inputmethod-manager.spec @@ -9,6 +9,8 @@ BuildRequires: cmake BuildRequires: pkgconfig(capi-base-common) BuildRequires: pkgconfig(dlog) BuildRequires: pkgconfig(isf) +BuildRequires: pkgconfig(cynara-client) +BuildRequires: pkgconfig(cynara-session) Requires(post): /sbin/ldconfig Requires(postun): /sbin/ldconfig diff --git a/src/inputmethod_manager.cpp b/src/inputmethod_manager.cpp index 4e4e801..12945ad 100644 --- a/src/inputmethod_manager.cpp +++ b/src/inputmethod_manager.cpp @@ -14,10 +14,13 @@ * limitations under the License. */ +#include #include #include #include "isf_control.h" #include +#include +#include #include #ifdef LOG_TAG @@ -25,8 +28,38 @@ #endif #define LOG_TAG "INPUTMETHOD_MANAGER" +ime_manager_error_e _check_privilege() +{ + char uid[16]; + ime_manager_error_e ret = IME_MANAGER_ERROR_NONE; + + if (inputmethod_cynara_initialize() == false) { + LOGE("inputmethod_cynara_initialize () == false"); + return IME_MANAGER_ERROR_PERMISSION_DENIED; + } + + snprintf(uid, 16, "%d", getuid()); + if (check_privilege(uid, IME_MANAGER_PRIVILEGE) == false) { + LOGE("check_privilege(uid, IME_MANAGER_PRIVILEGE) == false"); + LOGE("uid : %s.", uid); + ret = IME_MANAGER_ERROR_PERMISSION_DENIED; + } + + inputmethod_cynara_finish (); + + return ret; +} + int ime_manager_show_ime_list(void) { + ime_manager_error_e retVal = IME_MANAGER_ERROR_NONE; + + retVal = _check_privilege(); + if (retVal != IME_MANAGER_ERROR_NONE) { + LOGE("_check_privilege returned %d.", retVal); + return retVal; + } + int ret = isf_control_show_ime_list(); if (ret == 0) return IME_MANAGER_ERROR_NONE; @@ -38,6 +71,14 @@ int ime_manager_show_ime_list(void) int ime_manager_show_ime_selector(void) { + ime_manager_error_e retVal = IME_MANAGER_ERROR_NONE; + + retVal = _check_privilege(); + if (retVal != IME_MANAGER_ERROR_NONE) { + LOGE("_check_privilege returned %d.", retVal); + return retVal; + } + int ret = isf_control_show_ime_selector(); if (ret == 0) return IME_MANAGER_ERROR_NONE; @@ -49,6 +90,14 @@ int ime_manager_show_ime_selector(void) int ime_manager_is_ime_enabled(const char *app_id, bool *enabled) { + ime_manager_error_e retVal = IME_MANAGER_ERROR_NONE; + + retVal = _check_privilege(); + if (retVal != IME_MANAGER_ERROR_NONE) { + LOGE("_check_privilege returned %d.", retVal); + return retVal; + } + if (!app_id || !enabled) { LOGW("IME_MANAGER_ERROR_INVALID_PARAMETER"); return IME_MANAGER_ERROR_INVALID_PARAMETER; @@ -65,6 +114,14 @@ int ime_manager_is_ime_enabled(const char *app_id, bool *enabled) int ime_manager_get_active_ime(char **app_id) { + ime_manager_error_e retVal = IME_MANAGER_ERROR_NONE; + + retVal = _check_privilege(); + if (retVal != IME_MANAGER_ERROR_NONE) { + LOGE("_check_privilege returned %d.", retVal); + return retVal; + } + if (!app_id) { LOGW("IME_MANAGER_ERROR_INVALID_PARAMETER"); return IME_MANAGER_ERROR_INVALID_PARAMETER; diff --git a/src/privilege_checker.cpp b/src/privilege_checker.cpp new file mode 100644 index 0000000..b002fad --- /dev/null +++ b/src/privilege_checker.cpp @@ -0,0 +1,71 @@ +#include "privilege_checker_private.h" + +#include +#include +#include +#include +#include + +#include +#include +#include +#include + +#ifdef LOG_TAG +#undef LOG_TAG +#endif +#define LOG_TAG "INPUTMETHOD_MANAGER" + +namespace +{ + +cynara *p_cynara = NULL; + +} + +bool +inputmethod_cynara_initialize() +{ + int ret = cynara_initialize(&p_cynara, NULL); + LOGD("[inputmethod_cynara_initialize]_check_privilege returned %d.", ret); + return ret == CYNARA_API_SUCCESS; +} + +void +inputmethod_cynara_finish() +{ + if (p_cynara) + cynara_finish(p_cynara); + + p_cynara = NULL; +} + +bool +check_privilege(const char *uid, const char *privilege) +{ + FILE *fp = NULL; + char smack_label[1024] = "/proc/self/attr/current"; + + if (!p_cynara) { + return false; + } + + fp = fopen("/proc/self/attr/current", "r"); + if (fp != NULL) { + if (fread(smack_label, 1, sizeof(smack_label), fp) <= 0) + LOGW("Error : fread"); + + fclose(fp); + } + + pid_t pid = getpid(); + char *session = cynara_session_from_pid(pid); + int ret = cynara_check(p_cynara, smack_label, session, uid, privilege); + LOGD("[check_privilege]_check_privilege returned %d.", ret); + if (session) + free(session); + + if (ret != CYNARA_API_ACCESS_ALLOWED) + return false; + return true; +}