From: Seok Hong Date: Mon, 16 May 2016 06:09:17 +0000 (+0900) Subject: Add Bluetooth DesktopConnectivityState restriction API X-Git-Tag: accepted/tizen/common/20160524.150236~4 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=refs%2Fchanges%2F86%2F69586%2F9;p=platform%2Fcore%2Fsecurity%2Fdevice-policy-manager.git Add Bluetooth DesktopConnectivityState restriction API Change-Id: I44e22ffa57dc185d6eebb18b29af4a731160faf9 Signed-off-by: Seok Hong --- diff --git a/Policies b/Policies index ceeb4c8..a1b4cc7 100644 --- a/Policies +++ b/Policies @@ -4,27 +4,28 @@ The device policy manager provides named policies for enterprise application. The applications can subscribe the policy changed event listed below table if they want to restrict their operations in some circumstance. -+------------------------------+----------------------+-------------------------------------------------+ -| Policy Name | Policy state | Query API | -+------------------------------+----------------------+-------------------------------------------------+ -| wifi | allowed / disallowed | dpm_restriction_get_wifi_state | -| wifi-hotspot | allowed / disallowed | dpm_restriction_get_wifi_hotspot | -| wifi-profile-change | allowed / disallowed | dpm_wifi_is_profile_change_restricted | -| wifi-ssid-restriction | allowed / disallowed | dpm_wifi_is_network_access_restricted | -| bluetooth | allowed / disallowed | dpm_restriction_get_bluetooth_mode_change_state | -| bluetooth-tethering | allowed / disallowed | dpm_restriction_get_bluetooth_tethering_state | -| bluetooth-device-restriction | allowed / disallowed | dpm_bluetooth_is_device_restricted | -| bluetooth-uuid-restriction | allowed / disallowed | dpm_bluetooth_is_uuid_restricted | -| usb | allowed / disallowed | dpm_restriction_get_usb_state | -| usb-tethering | allowed / disallowed | dpm_restriction_get_usb_tethering_state | -| usb-debugging | allowed / disallowed | dpm_restriction_get_usb_debugging_state | -| settings-changes | allowed / disallowed | dpm_restriction_get_setting_changes_state | -| external-storage | allowed / disallowed | dpm_restriction_get_external_storage_state | -| camera | allowed / disallowed | dpm_restriction_get_camera_state | -| clipboard | allowed / disallowed | dpm_restriction_get_clipboard_state | -| location | allowed / disallowed | dpm_restriction_get_location_state | -| microphone | allowed / disallowed | dpm_restriction_get_microphone_state | -+------------------------------+----------------------+-------------------------------------------------+ ++--------------------------------+----------------------+----------------------------------------------------------+ +| Policy Name | Policy state | Query API | ++--------------------------------+----------------------+----------------------------------------------------------+ +| wifi | allowed / disallowed | dpm_restriction_get_wifi_state | +| wifi-hotspot | allowed / disallowed | dpm_restriction_get_wifi_hotspot | +| wifi-profile-change | allowed / disallowed | dpm_wifi_is_profile_change_restricted | +| wifi-ssid-restriction | allowed / disallowed | dpm_wifi_is_network_access_restricted | +| bluetooth | allowed / disallowed | dpm_restriction_get_bluetooth_mode_change_state | +| bluetooth-tethering | allowed / disallowed | dpm_restriction_get_bluetooth_tethering_state | +| bluetooth-desktop-connectivity | allowed / disallowed | dpm_restriction_get_bluetooth_desktop_connectivity_state | +| bluetooth-device-restriction | allowed / disallowed | dpm_bluetooth_is_device_restricted | +| bluetooth-uuid-restriction | allowed / disallowed | dpm_bluetooth_is_uuid_restricted | +| usb | allowed / disallowed | dpm_restriction_get_usb_state | +| usb-tethering | allowed / disallowed | dpm_restriction_get_usb_tethering_state | +| usb-debugging | allowed / disallowed | dpm_restriction_get_usb_debugging_state | +| settings-changes | allowed / disallowed | dpm_restriction_get_setting_changes_state | +| external-storage | allowed / disallowed | dpm_restriction_get_external_storage_state | +| camera | allowed / disallowed | dpm_restriction_get_camera_state | +| clipboard | allowed / disallowed | dpm_restriction_get_clipboard_state | +| location | allowed / disallowed | dpm_restriction_get_location_state | +| microphone | allowed / disallowed | dpm_restriction_get_microphone_state | ++--------------------------------+----------------------+----------------------------------------------------------+ To subscribe the policy changed event, application should create context and then register the policy changed callback like: diff --git a/libs/bluetooth.cpp b/libs/bluetooth.cpp index d1d5091..f000c41 100644 --- a/libs/bluetooth.cpp +++ b/libs/bluetooth.cpp @@ -47,6 +47,25 @@ bool BluetoothPolicy::getModeChangeState() } } +int BluetoothPolicy::setDesktopConnectivityState(const bool enable) +{ + try { + return context->methodCall("BluetoothPolicy::setDesktopConnectivityState"); + } catch (runtime::Exception& e) { + return -1; + } +} + +bool BluetoothPolicy::getDesktopConnectivityState() +{ + try { + return context->methodCall("BluetoothPolicy::getDesktopConnectivityState"); + } catch (runtime::Exception& e) { + return -1; + } +} + + // for bluetooth CAPIs int BluetoothPolicy::addDeviceToBlacklist(const std::string& mac) { diff --git a/libs/dpm/restriction.cpp b/libs/dpm/restriction.cpp index 1cb6320..b90d820 100644 --- a/libs/dpm/restriction.cpp +++ b/libs/dpm/restriction.cpp @@ -305,3 +305,26 @@ int dpm_restriction_get_bluetooth_mode_change_state(dpm_restriction_policy_h han return DPM_ERROR_NONE; } + +int dpm_restriction_set_bluetooth_desktop_connectivity_state(dpm_restriction_policy_h handle, const int enable) +{ + RET_ON_FAILURE(handle, DPM_ERROR_INVALID_PARAMETER); + + BluetoothPolicy& bluetooth = GetPolicyInterface(handle); + return bluetooth.setDesktopConnectivityState(enable); +} + +int dpm_restriction_get_bluetooth_desktop_connectivity_state(dpm_restriction_policy_h handle, int *enable) +{ + RET_ON_FAILURE(handle, DPM_ERROR_INVALID_PARAMETER); + RET_ON_FAILURE(enable, DPM_ERROR_INVALID_PARAMETER); + + BluetoothPolicy& bluetooth = GetPolicyInterface(handle); + int ret = bluetooth.getDesktopConnectivityState(); + if (ret < 0) { + return -1; + } + *enable = ret; + + return DPM_ERROR_NONE; +} diff --git a/libs/dpm/restriction.h b/libs/dpm/restriction.h index 19f90c7..a1045e8 100644 --- a/libs/dpm/restriction.h +++ b/libs/dpm/restriction.h @@ -535,6 +535,46 @@ DPM_API int dpm_restriction_set_bluetooth_mode_change_state(dpm_restriction_poli DPM_API int dpm_restriction_get_bluetooth_mode_change_state(dpm_restriction_policy_h handle, int *enable); /** + * @brief Checks whether the the Bluetooth desktop connectivity is restricted. + * @details An administrator can use this API to check whether the Bluetooth desktop connectivity + * is restricted. + * If the Bluetooth desktop connectivity is restricted, the UI is grayed out so user can not + * change its state. + * @since_tizen 3.0 + * @param[in] handle The restriction policy handle + * @param[out] enable TRUE if modification is allowed, + * FALSE if modification is denied + * @return #DPM_ERROR_NONE on success, otherwise a negative value + * @retval #DPM_ERROR_NONE Successful + * @retval #DPM_ERROR_TIMEOUT Time out + * @retval #DPM_ERROR_INVALID_PARAMETER Invalid parameter + * @pre handle must be created by dpm_context_acquire_restriction_policy() + * @see dpm_context_acquire_restriction_policy() + * @see dpm_context_release_restriction_policy() + * @see dpm_restriction_get_bluetooth_desktop_connectivity_state() + */ +DPM_API int dpm_restriction_set_bluetooth_desktop_connectivity_state(dpm_restriction_policy_h handle, const int enable); + +/** + * @brief Checks whether the the Bluetooth desktop connectivity is restricted. + * @details An administrator can use this API to check whether the Bluetooth desktop connectivity is restricted. + * If the Bluetooth desktop connectivity is restricted, the UI is grayed out so user can not change its state. + * @since_tizen 3.0 + * @param[in] handle The restriction policy handle + * @param[out] enable TRUE if modification is allowed, + * FALSE if modification is denied + * @return #DPM_ERROR_NONE on success, otherwise a negative value + * @retval #DPM_ERROR_NONE Successful + * @retval #DPM_ERROR_TIMEOUT Time out + * @retval #DPM_ERROR_INVALID_PARAMETER Invalid parameter + * @pre handle must be created by dpm_context_acquire_restriction_policy() + * @see dpm_context_acquire_restriction_policy() + * @see dpm_context_release_restriction_policy() + * @see dpm_restriction_set_bluetooth_desktop_connectivity_state() + */ +DPM_API int dpm_restriction_get_bluetooth_desktop_connectivity_state(dpm_restriction_policy_h handle, int *enable); + +/** * @} // end of DPM_RESTRICTION_POLICY */ diff --git a/policy/bluetooth.hxx b/policy/bluetooth.hxx index 02d738c..814b99d 100644 --- a/policy/bluetooth.hxx +++ b/policy/bluetooth.hxx @@ -35,6 +35,8 @@ public: // for restriction CPIs int setModeChangeState(const bool enable); bool getModeChangeState(); + int setDesktopConnectivityState(const bool enable); + bool getDesktopConnectivityState(); // for bluetooth CAPIs int addDeviceToBlacklist(const std::string& mac); diff --git a/server/bluetooth.cpp b/server/bluetooth.cpp index 47dbcfd..750aa6b 100644 --- a/server/bluetooth.cpp +++ b/server/bluetooth.cpp @@ -58,6 +58,10 @@ void bluetoothAdapterStateChangedCb(int result, bt_adapter_state_e state, void * if (ret != BLUETOOTH_DPM_RESULT_SUCCESS) { // TODO(seok85.hong): we can notify to admin client with this notification. } + ret = policy.setDesktopConnectivityState(IsPolicyEnabled(context, "bluetooth-desktop-connectivity")); + if (ret != BLUETOOTH_DPM_RESULT_SUCCESS) { + // TODO(seok85.hong): we can notify to admin client with this notification. + } ret = policy.setDeviceRestriction(IsPolicyEnabled(context, "bluetooth-device-restriction")); if (ret != BLUETOOTH_DPM_RESULT_SUCCESS) { // TODO(seok85.hong): we can notify to admin client with this notification. @@ -79,6 +83,8 @@ BluetoothPolicy::BluetoothPolicy(PolicyControlContext& ctxt) : // for restriction CPIs ctxt.registerParametricMethod(this, (int)(BluetoothPolicy::setModeChangeState)(bool)); ctxt.registerNonparametricMethod(this, (bool)(BluetoothPolicy::getModeChangeState)); + ctxt.registerParametricMethod(this, (int)(BluetoothPolicy::setDesktopConnectivityState)(bool)); + ctxt.registerNonparametricMethod(this, (bool)(BluetoothPolicy::getDesktopConnectivityState)); // for bluetooth CPIs ctxt.registerParametricMethod(this, (int)(BluetoothPolicy::addDeviceToBlacklist)(std::string)); ctxt.registerParametricMethod(this, (int)(BluetoothPolicy::removeDeviceFromBlacklist)(std::string)); @@ -90,6 +96,7 @@ BluetoothPolicy::BluetoothPolicy(PolicyControlContext& ctxt) : ctxt.registerNonparametricMethod(this, (bool)(BluetoothPolicy::isUuidRestricted)); ctxt.createNotification("bluetooth"); + ctxt.createNotification("bluetooth-desktop-connectivity"); ctxt.createNotification("bluetooth-uuid-restriction"); ctxt.createNotification("bluetooth-device-restriction"); @@ -129,6 +136,25 @@ bool BluetoothPolicy::getModeChangeState() return IsPolicyEnabled(context, "bluetooth"); } +int BluetoothPolicy::setDesktopConnectivityState(const bool enable) +{ + int ret = BLUETOOTH_DPM_RESULT_SUCCESS; + ret = bluetooth_dpm_set_desktop_connectivity_state(enable == true ? BLUETOOTH_DPM_ALLOWED : BLUETOOTH_DPM_RESTRICTED); + if (ret == BLUETOOTH_DPM_RESULT_ACCESS_DENIED || + ret == BLUETOOTH_DPM_RESULT_FAIL) { + return -1; + } + + SetPolicyEnabled(context, "bluetooth-desktop-connectivity", enable); + + return 0; +} + +bool BluetoothPolicy::getDesktopConnectivityState() +{ + return IsPolicyEnabled(context, "bluetooth-desktop-connectivity"); +} + int BluetoothPolicy::addDeviceToBlacklist(const std::string& mac) { int ret = BLUETOOTH_DPM_RESULT_SUCCESS; diff --git a/tools/dpm-cli-toolkit/dpm-cli-toolkit.c b/tools/dpm-cli-toolkit/dpm-cli-toolkit.c index 9132048..1c1afb6 100644 --- a/tools/dpm-cli-toolkit/dpm-cli-toolkit.c +++ b/tools/dpm-cli-toolkit/dpm-cli-toolkit.c @@ -627,3 +627,21 @@ void bluetooth_tethering_policy_handler(int command, int state) else printf("bluetooth-tethering state: %s\n", state_text[p_state]); } + +void bluetooth_desktop_connectivity_policy_handler(int command, int state) +{ + int ret = 1; + int p_state = 1; + char state_text[2][10] = {"DISALLOW", "ALLOW"}; + + if (command == 'v') { + p_state = state; + ret = set_bluetooth_desktop_connectivity_handler(p_state); + } else + ret = get_bluetooth_desktop_connectivity_handler(&p_state); + + if (ret < 0) + printf("bluetooth-desktop-connectivity policy operation is failed.\n"); + else + printf("bluetooth-desktop-connectivity state: %s\n", state_text[p_state]); +} diff --git a/tools/dpm-cli-toolkit/dpm-cli-toolkit.h b/tools/dpm-cli-toolkit/dpm-cli-toolkit.h index 9ef28e8..4ffe27e 100644 --- a/tools/dpm-cli-toolkit/dpm-cli-toolkit.h +++ b/tools/dpm-cli-toolkit/dpm-cli-toolkit.h @@ -41,6 +41,7 @@ void settings_policy_handler(int command, int state); void usb_debugging_policy_handler(int command, int state); void usb_tethering_policy_handler(int command, int state); void bluetooth_tethering_policy_handler(int command, int state); +void bluetooth_desktop_connectivity_policy_handler(int command, int state); int set_password_quality_handler(int password_quality); int set_password_min_length_handler(int min_length); @@ -91,5 +92,7 @@ int set_usb_tethering_state_handler(int state); int get_usb_tethering_state_handler(int *state); int set_bluetooth_tethering_state_handler(int state); int get_bluetooth_tethering_state_handler(int *state); +int set_bluetooth_desktop_connectivity_handler(int state); +int get_bluetooth_desktop_connectivity_handler(int *state); #endif /* !__DPM_CLI_TOOLKIT_H__ */ diff --git a/tools/dpm-cli-toolkit/main.c b/tools/dpm-cli-toolkit/main.c index bdb2126..5f8f7f2 100644 --- a/tools/dpm-cli-toolkit/main.c +++ b/tools/dpm-cli-toolkit/main.c @@ -33,7 +33,7 @@ void print_rule(void) printf("--------------------------------------------------------------\n"); printf("[Restrictioin Policy]\n"); printf("camera, microphone, location, clipboard, settings, usb_debugging\n"); - printf("usb_tethering, bluetooth_tethering\n"); + printf("usb_tethering, bluetooth_tethering, bluetooth_desktop_connectivity\n"); printf("Usage: dpm-cli-toolkit -s [policy-name] -v [value: 0 or 1]\n"); printf("Ex: dpm-cli-toolkit -s camera -v 1\n"); printf("--------------------------------------------------------------\n"); @@ -139,6 +139,8 @@ void restriction_policy_command_handler(char *policy, int command, int state) usb_tethering_policy_handler(command, state); else if (strcmp(policy, "bluetooth_tethering") == 0) bluetooth_tethering_policy_handler(command, state); + else if (strcmp(policy, "bluetooth_desktop_connectivity") == 0) + bluetooth_desktop_connectivity_policy_handler(command, state); else { printf("Wrong policy name! Please refer to the policy names bleow.\n"); print_rule(); diff --git a/tools/dpm-cli-toolkit/restriction.c b/tools/dpm-cli-toolkit/restriction.c index 7d1433e..d5a40c9 100644 --- a/tools/dpm-cli-toolkit/restriction.c +++ b/tools/dpm-cli-toolkit/restriction.c @@ -672,3 +672,58 @@ int is_mode_change_state_handler(int *enable) return 0; } + +int set_bluetooth_desktop_connectivity_handler(int state) +{ + dpm_context_h context; + context = dpm_context_create(); + if (context == NULL) { + printf("Failed to create client context\n"); + return -1; + } + + dpm_restriction_policy_h policy = dpm_context_acquire_restriction_policy(context); + if (policy == NULL) { + printf("Failed to get restriction policy interface\n"); + dpm_context_destroy(context); + return -1; + } + + if (dpm_restriction_set_bluetooth_desktop_connectivity_state(policy, state) < 0) { + printf("Failed to set mode change state\n"); + dpm_context_release_restriction_policy(context, policy); + dpm_context_destroy(context); + return -1; + } + + return 0; +} + +int get_bluetooth_desktop_connectivity_handler(int *state) +{ + dpm_context_h context; + context = dpm_context_create(); + if (context == NULL) { + printf("Failed to create client context\n"); + return -1; + } + + dpm_restriction_policy_h policy = dpm_context_acquire_restriction_policy(context); + if (policy == NULL) { + printf("Failed to get restriction policy interface\n"); + dpm_context_destroy(context); + return -1; + } + + if (dpm_restriction_get_bluetooth_desktop_connectivity_state(policy, state) != DPM_ERROR_NONE) { + printf("Failed to check mode change state\n"); + dpm_context_release_restriction_policy(context, policy); + dpm_context_destroy(context); + return -1; + } + + dpm_context_release_restriction_policy(context, policy); + dpm_context_destroy(context); + + return 0; +}