From 5936b2af2c74dbf327e2186a3d5460009f752989 Mon Sep 17 00:00:00 2001
From: Rafal Krypa <r.krypa@samsung.com>
Date: Mon, 3 Apr 2017 21:00:34 +0200
Subject: [PATCH] Trigger toast messages in cynara PrivacyPlugin, once per
 session

Toast messages will be generated from server side cynara plugin. The answer
is then cached on client as long as the session parameter of cynara check
is unchanged. When client performs a check with changes session argument,
the cached value will be discarded, client will send check request to cynara
service again, triggering another pop-up.

Change-Id: I28d2eb43bdbf54362c9088dfb1405016a4bd271a
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
---
 src/plugin/CMakeLists.txt            |  4 +++-
 src/plugin/client/PrivacyPlugin.cpp  |  9 ++++-----
 src/plugin/service/PrivacyPlugin.cpp | 25 ++++++++++++++++++++-----
 3 files changed, 27 insertions(+), 11 deletions(-)

diff --git a/src/plugin/CMakeLists.txt b/src/plugin/CMakeLists.txt
index 24880c2..b02000a 100644
--- a/src/plugin/CMakeLists.txt
+++ b/src/plugin/CMakeLists.txt
@@ -61,10 +61,12 @@ INSTALL(TARGETS ${TARGET_PLUGIN_CLIENT}
 PKG_CHECK_MODULES(PDP_DEP
     REQUIRED
     cynara-plugin
+    security-manager
     )
 
 INCLUDE_DIRECTORIES(
     ${ASKUSER_PATH}/common/config
+    ${ASKUSER_PATH}/common/protocol
     SYSTEM
     ${PDP_DEP_INCLUDE_DIRS}
     )
@@ -82,7 +84,7 @@ LINK_DIRECTORIES(${PDP_DEP_LIBRARY_DIRS})
 ADD_LIBRARY(${TARGET_PRIVACYDENIED_PLUGIN_SERVICE} SHARED ${PDP_SERVICE_SOURCES})
 ADD_LIBRARY(${TARGET_PRIVACYDENIED_PLUGIN_CLIENT} SHARED ${PDP_CLIENT_SOURCES})
 
-TARGET_LINK_LIBRARIES(${TARGET_PRIVACYDENIED_PLUGIN_SERVICE} ${PDP_DEP_LIBRARIES})
+TARGET_LINK_LIBRARIES(${TARGET_PRIVACYDENIED_PLUGIN_SERVICE} ${PDP_DEP_LIBRARIES} ${TARGET_ASKUSER_NOTIFICATION_LIB})
 TARGET_LINK_LIBRARIES(${TARGET_PRIVACYDENIED_PLUGIN_CLIENT} ${PDP_DEP_LIBRARIES})
 
 INSTALL(TARGETS ${TARGET_PRIVACYDENIED_PLUGIN_SERVICE}
diff --git a/src/plugin/client/PrivacyPlugin.cpp b/src/plugin/client/PrivacyPlugin.cpp
index 4ed893b..f1722e7 100644
--- a/src/plugin/client/PrivacyPlugin.cpp
+++ b/src/plugin/client/PrivacyPlugin.cpp
@@ -44,19 +44,18 @@ public:
         return true;
     }
 
-    bool isUsable(const ClientSession &session UNUSED,
-                  const ClientSession &prevSession UNUSED,
+    bool isUsable(const ClientSession &session,
+                  const ClientSession &prevSession,
                   bool &updateSession,
-                  PolicyResult & result UNUSED)
+                  PolicyResult &result UNUSED)
     {
         updateSession = false;
-        return true;
+        return (session.compare(prevSession) == 0);
     }
 
     void invalidate() {}
 
     int toResult(const ClientSession &session UNUSED, PolicyResult &result UNUSED) {
-        // This is the place where notify service should be notified
         return CYNARA_API_ACCESS_DENIED;
     }
 };
diff --git a/src/plugin/service/PrivacyPlugin.cpp b/src/plugin/service/PrivacyPlugin.cpp
index 307111d..2478814 100644
--- a/src/plugin/service/PrivacyPlugin.cpp
+++ b/src/plugin/service/PrivacyPlugin.cpp
@@ -19,12 +19,15 @@
  * @brief       Implementation of cynara service side PrivacyDenied plugin.
  */
 
+#include <memory>
 #include <string>
 #include <vector>
 #include <cynara-plugin.h>
 
+#include <app-runtime.h>
 #include <attributes/attributes.h>
 #include <PrivacyConfig.h>
+#include <askuser-notification/ask-user-client.h>
 
 using namespace Cynara;
 
@@ -43,15 +46,15 @@ public:
         return serviceDescriptions;
     }
 
-    PluginStatus check(const std::string &client UNUSED,
-                       const std::string &user UNUSED,
-                       const std::string &privilege UNUSED,
+    PluginStatus check(const std::string &client,
+                       const std::string &user,
+                       const std::string &privilege,
                        PolicyResult &result UNUSED,
                        AgentType &requiredAgent UNUSED,
                        PluginData &pluginData UNUSED) noexcept
     {
-        // Don't touch result. It's already set up by cynara
-        return PluginStatus::SUCCESS;
+        toast(client, user, privilege);
+        return PluginStatus::ANSWER_READY;
     }
 
     PluginStatus update(const std::string &client UNUSED,
@@ -65,6 +68,18 @@ public:
     }
 
     void invalidate() {}
+
+private:
+    void toast(const std::string &client, const std::string &user, const std::string &privilege) {
+        char *pkgName = nullptr, *appName = nullptr;
+        int ret = security_manager_identify_app_from_cynara_client(client.c_str(), &pkgName, &appName);
+        if (ret != SECURITY_MANAGER_SUCCESS || pkgName == nullptr)
+            return;
+
+        std::unique_ptr<char, decltype(free)*> pkgNamePtr(pkgName, free);
+        std::unique_ptr<char, decltype(free)*> appNamePtr(appName, free);
+        AskUser::Protocol::toast_deny(pkgName, (appName ? appName : ""), std::stoi(user), privilege);
+    }
 };
 
 } // namespace PrivacyDeniedPlugin
-- 
2.7.4