From acba9f82515849f64b83d0090403567cf26bfbe0 Mon Sep 17 00:00:00 2001 From: Mu-Woong Lee Date: Fri, 20 May 2016 17:27:35 +0900 Subject: [PATCH] Enable privilege checking for trigger action setter functions This patch adds privilege checkers using the newly added DBus methods in context-service. Change-Id: Ib6fccfb0ea7077f9be12f05b0716ea419e8f45bd Signed-off-by: Mu-Woong Lee --- src/DBusClient.cpp | 21 +++++++++++++++++++++ src/DBusClient.h | 2 ++ src/context_trigger.cpp | 8 ++++---- src/priv_util.cpp | 46 ---------------------------------------------- src/priv_util.h | 30 ------------------------------ src/request_handler.cpp | 5 +++++ src/request_handler.h | 2 ++ 7 files changed, 34 insertions(+), 80 deletions(-) delete mode 100644 src/priv_util.cpp delete mode 100644 src/priv_util.h diff --git a/src/DBusClient.cpp b/src/DBusClient.cpp index c96e1f5..918a9b9 100644 --- a/src/DBusClient.cpp +++ b/src/DBusClient.cpp @@ -331,3 +331,24 @@ int DBusClient::write(std::string subject, Json inputData, Json *result) return error; } + +int DBusClient::call(const char *method) +{ + int ret = ERR_NONE; + GError *err = NULL; + + GVariant *response = g_dbus_connection_call_sync(__connection, DBUS_DEST, DBUS_PATH, DBUS_IFACE, + method, NULL, NULL, G_DBUS_CALL_FLAGS_NONE, DBUS_TIMEOUT, NULL, &err); + + if (response) { + g_variant_unref(response); + return ERR_NONE; + } + + ret = ERR_OPERATION_FAILED; + if (err->code == G_DBUS_ERROR_ACCESS_DENIED) + ret = ERR_PERMISSION_DENIED; + + HANDLE_GERROR(err); + return ret; +} diff --git a/src/DBusClient.h b/src/DBusClient.h index 3e4622c..76406b8 100644 --- a/src/DBusClient.h +++ b/src/DBusClient.h @@ -42,6 +42,8 @@ namespace ctx { int write(std::string subject, Json inputData); int write(std::string subject, Json inputData, Json *result); + int call(const char *method); + private: static void __onMethodCalled(GDBusConnection *conn, const gchar *sender, const gchar *path, const gchar *iface, const gchar *name, diff --git a/src/context_trigger.cpp b/src/context_trigger.cpp index c5643ae..7ad7df5 100644 --- a/src/context_trigger.cpp +++ b/src/context_trigger.cpp @@ -17,6 +17,7 @@ //#include //#include #include +#include #include #include #include @@ -27,7 +28,6 @@ #include #include "request_handler.h" #include "rule_validator.h" -#include "priv_util.h" #define INITIAL_RULE "{ \"ID\" : -1, \"DESCRIPTION\" : \"\", \"DETAILS\" : { } }" #define INITIAL_ENTRY "{ \"DATA_ARR\" : [ ] }" @@ -352,11 +352,11 @@ SO_EXPORT int context_trigger_rule_set_action_app_control(context_trigger_rule_h int error; // Privilege check - error = ctx::privilege_util::is_allowed("appmanager.launch"); + error = ctx::request_handler::call(METHOD_CHK_PRIV_APPLAUNCH); IF_FAIL_RETURN_TAG(error == ERR_NONE, error, _E, "Privilege checking failed (%#x)", error); if (is_call_operation(app_control)) { - error = ctx::privilege_util::is_allowed("call"); + error = ctx::request_handler::call(METHOD_CHK_PRIV_CALL); IF_FAIL_RETURN_TAG(error == ERR_NONE, error, _E, "Privilege checking failed (%#x)", error); } @@ -414,7 +414,7 @@ SO_EXPORT int context_trigger_rule_set_action_notification(context_trigger_rule_ ASSERT_NOT_NULL(rule && title && content); // Privilege check - int error = ctx::privilege_util::is_allowed("notification"); + int error = ctx::request_handler::call(METHOD_CHK_PRIV_NOTIFICATION); IF_FAIL_RETURN_TAG(error == ERR_NONE, error, _E, "Privilege checking failed (%#x)", error); // if action arleady exists diff --git a/src/priv_util.cpp b/src/priv_util.cpp deleted file mode 100644 index 69aee04..0000000 --- a/src/priv_util.cpp +++ /dev/null @@ -1,46 +0,0 @@ -/* - * Copyright (c) 2015 Samsung Electronics Co., Ltd. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include -#include -#include -#include "priv_util.h" - -int ctx::privilege_util::is_allowed(const char* priv) -{ - /* TODO: Re-implement using Cynara */ -#if 0 - IF_FAIL_RETURN_TAG(priv, ERR_OPERATION_FAILED, _E, "Invalid parameter"); - - char *subject = NULL; - int ret = smack_new_label_from_self(&subject); - IF_FAIL_RETURN_TAG(ret == 0 && subject != NULL, ERR_OPERATION_FAILED, _E, "Getting smack label failed"); - - std::string priv_name = "privilege::tizen::"; - priv_name += priv; - ret = smack_have_access(subject, priv_name.c_str(), "rw"); - g_free(subject); - - if (ret == 1) - return ERR_NONE; - - if (ret == 0) - return ERR_PERMISSION_DENIED; - - return ERR_OPERATION_FAILED; -#endif - return ERR_NONE; -} diff --git a/src/priv_util.h b/src/priv_util.h deleted file mode 100644 index 7e51066..0000000 --- a/src/priv_util.h +++ /dev/null @@ -1,30 +0,0 @@ -/* - * Copyright (c) 2015 Samsung Electronics Co., Ltd. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifndef __CONTEXT_PRIVILEGE_UTIL_H__ -#define __CONTEXT_PRIVILEGE_UTIL_H__ - -#include - -namespace ctx { - namespace privilege_util { - - int is_allowed(const char* priv); - - } -} /* namespace ctx */ - -#endif /* __CONTEXT_PRIVILEGE_UTIL_H__ */ diff --git a/src/request_handler.cpp b/src/request_handler.cpp index 6ccdc09..b827d98 100644 --- a/src/request_handler.cpp +++ b/src/request_handler.cpp @@ -86,6 +86,11 @@ SO_EXPORT int ctx::request_handler::is_supported(const char* subject) return __dbusClient.isSupported(subject); } +SO_EXPORT int ctx::request_handler::call(const char* method) +{ + return __dbusClient.call(method); +} + SO_EXPORT bool ctx::request_handler::register_callback(const char* subject, subject_response_cb callback) { __dbusListener.setCb(subject, callback); diff --git a/src/request_handler.h b/src/request_handler.h index b4d7e0c..3d7fa41 100644 --- a/src/request_handler.h +++ b/src/request_handler.h @@ -57,6 +57,8 @@ namespace ctx { namespace request_handler { */ int is_supported(const char* subject); + int call(const char* method); + } } /* namespace ctx::request_handler */ #endif // __CONTEXT_LIB_REQUEST_HANDLER_H__ -- 2.7.4