From 491f127ef5b5f4452465a09f79605ec1bc7c4657 Mon Sep 17 00:00:00 2001 From: Mu-Woong Date: Tue, 20 Oct 2015 15:26:00 +0900 Subject: [PATCH] Apply Cynara Change-Id: If49547cd2ac7a419ef860f4d976bca9128947ecd Signed-off-by: Mu-Woong --- CMakeLists.txt | 2 ++ packaging/context-service.spec | 2 ++ src/access_control/peer_creds.cpp | 25 ++++++++++++++----- src/access_control/peer_creds.h | 6 +++-- src/access_control/privilege.cpp | 51 +++++++++++++++++++++++++++++++-------- 5 files changed, 68 insertions(+), 18 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index a4d2fd8..4404751 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -22,6 +22,8 @@ SET(DEPS notification capi-system-system-settings cynara-creds-gdbus + cynara-client + cynara-session clips context-common device-context-provider diff --git a/packaging/context-service.spec b/packaging/context-service.spec index d9cbf58..e94a404 100644 --- a/packaging/context-service.spec +++ b/packaging/context-service.spec @@ -29,6 +29,8 @@ BuildRequires: pkgconfig(ecore) %endif BuildRequires: pkgconfig(cynara-creds-gdbus) +BuildRequires: pkgconfig(cynara-client) +BuildRequires: pkgconfig(cynara-session) BuildRequires: pkgconfig(clips) BuildRequires: pkgconfig(context-common) diff --git a/src/access_control/peer_creds.cpp b/src/access_control/peer_creds.cpp index 8a81aaa..a4a74dc 100644 --- a/src/access_control/peer_creds.cpp +++ b/src/access_control/peer_creds.cpp @@ -15,13 +15,16 @@ */ #include +#include #include #include #include "peer_creds.h" -ctx::credentials::credentials(char *_app_id, char *_client) : +ctx::credentials::credentials(char *_app_id, char *_client, char *_session, char *_user) : app_id(_app_id), - client(_client) + client(_client), + session(_session), + user(_user) { } @@ -29,6 +32,8 @@ ctx::credentials::~credentials() { g_free(app_id); g_free(client); + g_free(session); + g_free(user); } bool ctx::peer_creds::get(GDBusConnection *connection, const char *unique_name, ctx::credentials **creds) @@ -36,20 +41,26 @@ bool ctx::peer_creds::get(GDBusConnection *connection, const char *unique_name, pid_t pid = 0; char *app_id = NULL; gchar *client = NULL; + char *session = NULL; + gchar *user = NULL; int err; err = cynara_creds_gdbus_get_pid(connection, unique_name, &pid); IF_FAIL_RETURN_TAG(err == CYNARA_API_SUCCESS, false, _E, "Peer credentialing failed"); + app_manager_get_app_id(pid, &app_id); + _D("AppId: %s", app_id); + err = cynara_creds_gdbus_get_client(connection, unique_name, CLIENT_METHOD_DEFAULT, &client); IF_FAIL_CATCH_TAG(err == CYNARA_API_SUCCESS, _E, "Peer credentialing failed"); - /* TODO: session & user */ + session = cynara_session_from_pid(pid); + IF_FAIL_CATCH_TAG(session, _E, "Peer credentialing failed"); - app_manager_get_app_id(pid, &app_id); - _D("AppId: %s", app_id); + err = cynara_creds_gdbus_get_user(connection, unique_name, USER_METHOD_DEFAULT, &user); + IF_FAIL_CATCH_TAG(err == CYNARA_API_SUCCESS, _E, "Peer credentialing failed"); - *creds = new(std::nothrow) credentials(app_id, client); + *creds = new(std::nothrow) credentials(app_id, client, session, user); IF_FAIL_CATCH_TAG(*creds, _E, "Memory allocation failed"); return true; @@ -57,5 +68,7 @@ bool ctx::peer_creds::get(GDBusConnection *connection, const char *unique_name, CATCH: g_free(app_id); g_free(client); + g_free(session); + g_free(user); return false; } diff --git a/src/access_control/peer_creds.h b/src/access_control/peer_creds.h index 31ac9a0..d122ec8 100644 --- a/src/access_control/peer_creds.h +++ b/src/access_control/peer_creds.h @@ -26,8 +26,10 @@ namespace ctx { class credentials { public: char *app_id; - char *client; /* smack label */ - credentials(char *_app_id, char *_client); + char *client; /* default: smack label */ + char *session; + char *user; /* default: UID */ + credentials(char *_app_id, char *_client, char *_session, char *_user); ~credentials(); }; diff --git a/src/access_control/privilege.cpp b/src/access_control/privilege.cpp index f49797e..a0951d9 100644 --- a/src/access_control/privilege.cpp +++ b/src/access_control/privilege.cpp @@ -15,23 +15,54 @@ */ #include +#include #include #include "peer_creds.h" #include "privilege.h" +class permission_checker { +private: + cynara *__cynara; + + permission_checker() + { + if (cynara_initialize(&__cynara, NULL) != CYNARA_API_SUCCESS) { + _E("Cynara initialization failed"); + __cynara = NULL; + return; + } + _I("Cynara initialized"); + } + + ~permission_checker() + { + if (__cynara) + cynara_finish(__cynara); + + _I("Cynara deinitialized"); + } + +public: + static permission_checker& get_instance() + { + static permission_checker instance; + return instance; + } + + bool has_permission(const ctx::credentials *creds, const char *privilege) + { + IF_FAIL_RETURN_TAG(__cynara, false, _E, "Cynara not initialized"); + int ret = cynara_check(__cynara, creds->client, creds->session, creds->user, privilege); + return (ret == CYNARA_API_ACCESS_ALLOWED); + } +}; + bool ctx::privilege_manager::is_allowed(const ctx::credentials *creds, const char *privilege) { - /* TODO: need to be implemented using Cynara */ -#if 0 - IF_FAIL_RETURN(privilege, true); + IF_FAIL_RETURN(creds && privilege, true); - std::string priv = "privilege::tizen::"; + std::string priv = "http://tizen.org/privilege/"; priv += privilege; - int ret = smack_have_access(client, priv.c_str(), "rw"); - _SD("Client: %s, Priv: %s, Enabled: %d", client, privilege, ret); - - return (ret == 1); -#endif - return true; + return permission_checker::get_instance().has_permission(creds, priv.c_str()); } -- 2.7.4