From b87b4d5d0c26b407cb4ad921696f30c23e5b4233 Mon Sep 17 00:00:00 2001 From: Sangwan Kwon Date: Wed, 4 Sep 2019 15:32:58 +0900 Subject: [PATCH] Add dpm plugin implementations - bluetooth, usb, wifi Signed-off-by: Sangwan Kwon --- CMakeLists.txt | 4 + osquery/tizen/CMakeLists.txt | 2 - osquery/tizen/device_policy/bluetooth_policy.h | 96 -------- .../device_policy/tests/wifi_policy_tests.cpp | 52 ---- osquery/tizen/device_policy/usb_policy.h | 81 ------- osquery/tizen/device_policy/wifi_policy.cpp | 165 ------------- osquery/tizen/device_policy/wifi_policy.h | 89 ------- osquery/tizen/tables/bluetooth_policy.cpp | 67 +++++ osquery/tizen/tables/tests/policy_tests.cpp | 84 +++++++ osquery/tizen/tables/usb_policy.cpp | 63 +++++ osquery/tizen/tables/wifi_policy.cpp | 20 +- packaging/osquery-plugins.manifest | 5 + packaging/osquery.spec | 40 ++- plugins/CMakeLists.txt | 20 ++ plugins/bluetooth/CMakeLists.txt | 35 +++ plugins/bluetooth/bluetooth.cpp | 269 +++++++++++++++++++++ plugins/dlog.h | 56 +++++ plugins/usb/CMakeLists.txt | 33 +++ plugins/usb/usb.cpp | 208 ++++++++++++++++ plugins/wifi/CMakeLists.txt | 35 +++ plugins/wifi/wifi.cpp | 239 ++++++++++++++++++ specs/tizen/bluetooth_policy.table | 9 + specs/tizen/usb_policy.table | 8 + specs/tizen/wifi_policy.table | 4 +- 24 files changed, 1174 insertions(+), 510 deletions(-) delete mode 100644 osquery/tizen/device_policy/bluetooth_policy.h delete mode 100644 osquery/tizen/device_policy/tests/wifi_policy_tests.cpp delete mode 100644 osquery/tizen/device_policy/usb_policy.h delete mode 100644 osquery/tizen/device_policy/wifi_policy.cpp delete mode 100644 osquery/tizen/device_policy/wifi_policy.h create mode 100644 osquery/tizen/tables/bluetooth_policy.cpp create mode 100644 osquery/tizen/tables/tests/policy_tests.cpp create mode 100644 osquery/tizen/tables/usb_policy.cpp create mode 100644 packaging/osquery-plugins.manifest create mode 100644 plugins/CMakeLists.txt create mode 100644 plugins/bluetooth/CMakeLists.txt create mode 100644 plugins/bluetooth/bluetooth.cpp create mode 100644 plugins/dlog.h create mode 100644 plugins/usb/CMakeLists.txt create mode 100644 plugins/usb/usb.cpp create mode 100644 plugins/wifi/CMakeLists.txt create mode 100644 plugins/wifi/wifi.cpp create mode 100644 specs/tizen/bluetooth_policy.table create mode 100644 specs/tizen/usb_policy.table diff --git a/CMakeLists.txt b/CMakeLists.txt index d799952..f67f781 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -59,3 +59,7 @@ EXECUTE_PROCESS(COMMAND mkdir -p "${CMAKE_BINARY_DIR}/generated") ADD_SUBDIRECTORY(osquery) ADD_SUBDIRECTORY(tools/sqlite3) + +IF(DEFINED GBS_BUILD) + ADD_SUBDIRECTORY(plugins) +ENDIF() diff --git a/osquery/tizen/CMakeLists.txt b/osquery/tizen/CMakeLists.txt index 4c0dbe5..8cb3170 100644 --- a/osquery/tizen/CMakeLists.txt +++ b/osquery/tizen/CMakeLists.txt @@ -21,8 +21,6 @@ FILE(GLOB OSQUERY_TIZEN_TESTS "[!d]*/tests/*.cpp") ADD_OSQUERY_TEST(${OSQUERY_TIZEN_TESTS}) IF(DEFINED GBS_BUILD) - ADD_OSQUERY_LIBRARY(wifi_policy device_policy/wifi_policy.cpp) - # tables FILE(GLOB TIZEN_TABLES "tables/*.cpp") ADD_OSQUERY_LIBRARY(tizen_tables ${TIZEN_TABLES}) diff --git a/osquery/tizen/device_policy/bluetooth_policy.h b/osquery/tizen/device_policy/bluetooth_policy.h deleted file mode 100644 index 4367893..0000000 --- a/osquery/tizen/device_policy/bluetooth_policy.h +++ /dev/null @@ -1,96 +0,0 @@ -/* - * Copyright (c) 2019 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License - */ - -#pragma once - -#include - -#include -#include -#include - -/// TODO(Sangwan): Move rmi header to policy-model -#include -#include - -namespace osquery { - -/* - TODO List: - 1. Change VLOG to LOG(ERROR). - 2. Make sure that privilege model works with cynara. - 3. Consider policy-violation model. - 4. Unify exeception handling among getter/setter APIs. - 5. Verify with full-DPM at runtime. -*/ - -class BluetoothPolicy final : public AbstractPolicyProvider { -public: - struct Bluetooth : public GlobalPolicy { - Bluetooth(); - bool apply(const DataType&) override; - }; - - struct DesktopConnectivity : public GlobalPolicy { - DesktopConnectivity(); - bool apply(const DataType&) override; - }; - - struct Paring : public GlobalPolicy { - Paring(); - bool apply(const DataType&) override; - }; - - struct Tethering : public GlobalPolicy { - Tethering(); - bool apply(const DataType&) override; - }; - - BluetoothPolicy(); - ~BluetoothPolicy(); - - BluetoothPolicy(const BluetoothPolicy&) = delete; - BluetoothPolicy& operator=(const BluetoothPolicy&) = delete; - -/* TODO: Support move semantic from parent class (GlobalPolicy) - BluetoothPolicy(BluetoothPolicy&&) noexcept; - BluetoothPolicy& operator=(BluetoothPolicy&&) noexcept; -*/ - void setBluetooth(bool enable); - bool getBluetooth(void); - - void setDesktopConnectivity(bool enable); - bool getDesktopConnectivity(void); - - void setParing(bool enable); - bool getParing(void); - - void setTethering(bool enable); - bool getTethering(void); - - static void onConnection(int result, bt_adapter_state_e state, void *user_data); - - static const std::string PRIVILEGE; - -private: - Bluetooth bluetooth; - DesktopConnectivity desktopConnectivity; - Paring Paring; - Tethering tethering; - -}; - -} // namespace osquery diff --git a/osquery/tizen/device_policy/tests/wifi_policy_tests.cpp b/osquery/tizen/device_policy/tests/wifi_policy_tests.cpp deleted file mode 100644 index 5dd1e66..0000000 --- a/osquery/tizen/device_policy/tests/wifi_policy_tests.cpp +++ /dev/null @@ -1,52 +0,0 @@ -/* - * Copyright (c) 2019 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License - */ - -#include - -#include - -#include "../wifi_policy.h" - -class WifiPolicyTests : public testing::Test {}; - -using namespace osquery; - -TEST_F(WifiPolicyTests, Wifi) { - WifiPolicy policy; - policy.setWifi(true); - EXPECT_EQ(policy.getWifi(), true); - - policy.setWifi(false); - EXPECT_EQ(policy.getWifi(), false); -} - -TEST_F(WifiPolicyTests, Profile) { - WifiPolicy policy; - policy.setProfile(true); - EXPECT_EQ(policy.getProfile(), true); - - policy.setProfile(false); - EXPECT_EQ(policy.getProfile(), false); -} - -TEST_F(WifiPolicyTests, Hotspot) { - WifiPolicy policy; - policy.setHotspot(true); - EXPECT_EQ(policy.getHotspot(), true); - - policy.setHotspot(false); - EXPECT_EQ(policy.getHotspot(), false); -} diff --git a/osquery/tizen/device_policy/usb_policy.h b/osquery/tizen/device_policy/usb_policy.h deleted file mode 100644 index 777b470..0000000 --- a/osquery/tizen/device_policy/usb_policy.h +++ /dev/null @@ -1,81 +0,0 @@ -/* - * Copyright (c) 2019 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License - */ - -#pragma once - -#include - -/// TODO(Sangwan): Move rmi header to policy-model -#include -#include - -namespace osquery { - -/* - TODO List: - 1. Change VLOG to LOG(ERROR). - 2. Make sure that privilege model works with cynara. - 3. Consider policy-violation model. - 4. Unify exeception handling among getter/setter APIs. - 5. Verify with full-DPM at runtime. -*/ - -class UsbPolicy final : public AbstractPolicyProvider { -public: - /// usb-client - struct Usb : public GlobalPolicy { - Usb(); - bool apply(const DataType&) override; - }; - - struct Debugging : public GlobalPolicy { - Debugging(); - bool apply(const DataType&) override; - }; - - struct Tethering : public GlobalPolicy { - Tethering(); - bool apply(const DataType&) override; - }; - - UsbPolicy() = default; - ~UsbPolicy() = default; - - UsbPolicy(const UsbPolicy&) = delete; - UsbPolicy& operator=(const UsbPolicy&) = delete; - -/* TODO: Support move semantic from parent class (GlobalPolicy) - UsbPolicy(UsbPolicy&&) noexcept; - UsbPolicy& operator=(UsbPolicy&&) noexcept; -*/ - void setUsb(bool enable); - bool getUsb(void); - - void setDebugging(bool enable); - bool getDebugging(void); - - void setTethering(bool enable); - bool getTethering(void); - - static const std::string PRIVILEGE; - -private: - Usb Usb; - Debugging debugging; - Tethering tethering; -}; - -} // namespace osquery diff --git a/osquery/tizen/device_policy/wifi_policy.cpp b/osquery/tizen/device_policy/wifi_policy.cpp deleted file mode 100644 index 336d485..0000000 --- a/osquery/tizen/device_policy/wifi_policy.cpp +++ /dev/null @@ -1,165 +0,0 @@ -/* - * Copyright (c) 2019 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or ManagerImplied. - * See the License for the specific language governing permissions and - * limitations under the License - */ - -#include "wifi_policy.h" - -/// TODO: Resolve macro ERROR conflicts. -#define GLOG_NO_ABBREVIATED_SEVERITIES -#include - -#include -#include - -namespace { - -const std::string NETCONFIG_BUSNAME = "net.netconfig"; -const std::string NETCONFIG_OBJECT = "net/netconfig/network"; -const std::string NETCONFIG_INTERFACE = "net.netconfig.network"; - -} // anonymous namespace - -namespace osquery { - -const std::string WifiPolicy::PRIVILEGE = "http://tizen.org/privilege/dpm.wifi"; - -WifiPolicy::Wifi::Wifi() : GlobalPolicy("wifi") -{ - PolicyEventNotifier::create("wifi"); -} - -bool WifiPolicy::Wifi::apply(const DataType& value) try -{ - int enable = value; - klay::dbus::Connection &systemDBus = klay::dbus::Connection::getSystem(); - systemDBus.methodcall(NETCONFIG_BUSNAME, - NETCONFIG_OBJECT, - NETCONFIG_INTERFACE, - "DevicePolicySetWifi", - -1, - "", - "(i)", - enable); - PolicyEventNotifier::emit("wifi", enable ? "allowed" : "disallowed"); - return true; -} catch (runtime::Exception& e) -{ - VLOG(1) << "Failed to change Wi-Fi state"; - return false; -} - -WifiPolicy::Profile::Profile() : GlobalPolicy("wifi-profile-change") -{ - PolicyEventNotifier::create("wifi_profile_change"); -} - -bool WifiPolicy::Profile::apply(const DataType& value) try -{ - int enable = value; - klay::dbus::Connection &systemDBus = klay::dbus::Connection::getSystem(); - systemDBus.methodcall(NETCONFIG_BUSNAME, - NETCONFIG_OBJECT, - NETCONFIG_INTERFACE, - "DevicePolicySetWifiProfile", - -1, - "", - "(i)", - enable); - PolicyEventNotifier::emit("wifi_profile_change", enable ? "allowed" : "disallowed"); - return true; -} catch (runtime::Exception& e) -{ - VLOG(1) << "Failed to change Profile state"; - return false; -} - -WifiPolicy::Hotspot::Hotspot() : GlobalPolicy("wifi-hotspot") -{ - PolicyEventNotifier::create("wifi_hotspot"); -} - -bool WifiPolicy::Hotspot::apply(const DataType& value) try -{ - int enable = value; - PolicyEventNotifier::emit("wifi_hotspot", enable ? "allowed" : "disallowed"); - return true; -} catch (runtime::Exception& e) -{ - VLOG(1) << "Failed to change Hotspot state"; - return false; -} - -WifiPolicy::WifiPolicy() -{ - int ret = ::wifi_manager_initialize(&handle); - if (ret != WIFI_MANAGER_ERROR_NONE) { - if (ret == WIFI_MANAGER_ERROR_NOT_SUPPORTED) - throw std::runtime_error("WiFi Manager isn't supported."); - - throw std::runtime_error("WiFi Manager initialization failed"); - } - - ret = ::wifi_manager_set_connection_state_changed_cb(handle, &onConnection, nullptr); - if (ret != WIFI_MANAGER_ERROR_NONE) - VLOG(1) << "WiFi Manager set connection state changed callback failed"; -} - -WifiPolicy::~WifiPolicy() -{ - ::wifi_manager_unset_connection_state_changed_cb(handle); - ::wifi_manager_deinitialize(handle); -} - -void WifiPolicy::onConnection(wifi_manager_connection_state_e state, - wifi_manager_ap_h ap, - void *user_data) -{ - /// TODO: This section is able to check policy violation. - if (state == WIFI_MANAGER_CONNECTION_STATE_FAILURE || - state == WIFI_MANAGER_CONNECTION_STATE_DISCONNECTED) - return; -} - -void WifiPolicy::setWifi(bool enable) -{ - wifi.set(enable); -} - -bool WifiPolicy::getWifi() -{ - return wifi.get(); -} - -void WifiPolicy::setProfile(bool enable) -{ - profile.set(enable); -} - -bool WifiPolicy::getProfile() -{ - return profile.get(); -} - -void WifiPolicy::setHotspot(bool enable) -{ - hotspot.set(enable); -} - -bool WifiPolicy::getHotspot() -{ - return hotspot.get(); -} - -} // namespace osquery diff --git a/osquery/tizen/device_policy/wifi_policy.h b/osquery/tizen/device_policy/wifi_policy.h deleted file mode 100644 index 815c797..0000000 --- a/osquery/tizen/device_policy/wifi_policy.h +++ /dev/null @@ -1,89 +0,0 @@ -/* - * Copyright (c) 2019 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License - */ - -#pragma once - -#include -#include - -#include - -/// TODO(Sangwan): Move rmi header to policy-model -#include -#include - -namespace osquery { - -/* - TODO List: - 1. Change VLOG to LOG(ERROR). - 2. Make sure that privilege model works with cynara. - 3. Consider policy-violation model. - 4. Unify exeception handling among getter/setter APIs. - 5. Verify with full-DPM at runtime. -*/ - -class WifiPolicy final : public AbstractPolicyProvider { -public: - struct Wifi : public GlobalPolicy { - Wifi(); - bool apply(const DataType&) override; - }; - - struct Profile : public GlobalPolicy { - Profile(); - bool apply(const DataType&) override; - }; - - struct Hotspot : public GlobalPolicy { - Hotspot(); - bool apply(const DataType&) override; - }; - - WifiPolicy(); - ~WifiPolicy(); - - WifiPolicy(const WifiPolicy&) = delete; - WifiPolicy& operator=(const WifiPolicy&) = delete; - -/* TODO: Support move semantic from parent class (GlobalPolicy) - WifiPolicy(WifiPolicy&&) noexcept; - WifiPolicy& operator=(WifiPolicy&&) noexcept; -*/ - void setWifi(bool enable); - bool getWifi(void); - - void setProfile(bool enable); - bool getProfile(void); - - void setHotspot(bool enable); - bool getHotspot(void); - - static void onConnection(wifi_manager_connection_state_e state, - wifi_manager_ap_h ap, - void *user_data); - - static const std::string PRIVILEGE; - -private: - Wifi wifi; - Profile profile; - Hotspot hotspot; - - wifi_manager_h handle; -}; - -} // namespace osquery diff --git a/osquery/tizen/tables/bluetooth_policy.cpp b/osquery/tizen/tables/bluetooth_policy.cpp new file mode 100644 index 0000000..b285835 --- /dev/null +++ b/osquery/tizen/tables/bluetooth_policy.cpp @@ -0,0 +1,67 @@ +/* + * Copyright (c) 2019 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ +/* + * @file bluetooth_policy.cpp + * @author Sangwan Kwon (sangwan.kwon@samsung.com) + * @brief Implementation of bluetooth_policy table + */ + +#include +#include +#include + +#include +#include +#include + +#include +#include + +namespace osquery { +namespace tables { + +QueryData genBluetoothPolicy(QueryContext& context) try { + std::shared_ptr handle(dpm_manager_create(), dpm_manager_destroy); + if (handle == nullptr) + throw std::runtime_error("Cannot create dpm-client handle."); + + /// This status is defined at DPM + ::Status status { true }; + Row r; + + DevicePolicyClient &client = GetDevicePolicyClient(handle.get()); + status = client.methodCall("Bluetooth::getModeChangeState"); + r["mode_change_state"] = INTEGER(status.get()); + + status = client.methodCall("Bluetooth::getDesktopConnectivityState"); + r["desktop_connectivity_state"] = INTEGER(status.get()); + + status = client.methodCall("Bluetooth::getTetheringState"); + r["tethering_state"] = INTEGER(status.get()); + + status = client.methodCall("Bluetooth::getPairingState"); + r["paring_state"] = INTEGER(status.get()); + + return { r }; +} catch (...) { +// TODO(Sangwan): Resolve duplicated "ERROR" macro with DPM +// LOG(ERROR) << "Exception occured"; + Row r; + return { r }; +} + +} // namespace tables +} // namespace osquery diff --git a/osquery/tizen/tables/tests/policy_tests.cpp b/osquery/tizen/tables/tests/policy_tests.cpp new file mode 100644 index 0000000..13aad8f --- /dev/null +++ b/osquery/tizen/tables/tests/policy_tests.cpp @@ -0,0 +1,84 @@ +/* + * Copyright (c) 2019 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ + +#include + +#include +#include + +#include +#include + +class PolicyTests : public testing::Test {}; + +using namespace osquery; + +TEST_F(PolicyTests, Bluetooth) { + std::shared_ptr handle(dpm_manager_create(), dpm_manager_destroy); + if (handle == nullptr) + throw std::runtime_error("Cannot create dpm-client handle."); + + ::Status status { true }; + + DevicePolicyClient &client = GetDevicePolicyClient(handle.get()); + status = client.methodCall("Bluetooth::getModeChangeState"); + EXPECT_EQ(true, status.get()); + + status = client.methodCall("Bluetooth::getDesktopConnectivityState"); + EXPECT_EQ(true, status.get()); + + status = client.methodCall("Bluetooth::getTetheringState"); + EXPECT_EQ(true, status.get()); + + status = client.methodCall("Bluetooth::getPairingState"); + EXPECT_EQ(true, status.get()); +} + +TEST_F(PolicyTests, Wifi) { + std::shared_ptr handle(dpm_manager_create(), dpm_manager_destroy); + if (handle == nullptr) + throw std::runtime_error("Cannot create dpm-client handle."); + + ::Status status { true }; + + DevicePolicyClient &client = GetDevicePolicyClient(handle.get()); + status = client.methodCall("Wifi::getState"); + EXPECT_EQ(true, status.get()); + + status = client.methodCall("Wifi::isProfileChangeRestricted"); + EXPECT_EQ(true, status.get()); + + status = client.methodCall("Wifi::getHotspotState"); + EXPECT_EQ(true, status.get()); +} + +TEST_F(PolicyTests, Usb) { + std::shared_ptr handle(dpm_manager_create(), dpm_manager_destroy); + if (handle == nullptr) + throw std::runtime_error("Cannot create dpm-client handle."); + + ::Status status { true }; + + DevicePolicyClient &client = GetDevicePolicyClient(handle.get()); + status = client.methodCall("Usb::getDebuggingState"); + EXPECT_EQ(true, status.get()); + + status = client.methodCall("Usb::getTetheringState"); + EXPECT_EQ(true, status.get()); + + status = client.methodCall("Usb::getClientState"); + EXPECT_EQ(true, status.get()); +} diff --git a/osquery/tizen/tables/usb_policy.cpp b/osquery/tizen/tables/usb_policy.cpp new file mode 100644 index 0000000..e9ba03c --- /dev/null +++ b/osquery/tizen/tables/usb_policy.cpp @@ -0,0 +1,63 @@ +/* + * Copyright (c) 2019 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ +/* + * @file usb_policy.cpp + * @author Sangwan Kwon (sangwan.kwon@samsung.com) + * @brief Implementation of usb_policy table + */ + +#include +#include +#include + +#include +#include +#include + +#include +#include + +namespace osquery { +namespace tables { + +QueryData genUsbPolicy(QueryContext& context) try { + std::shared_ptr handle(dpm_manager_create(), dpm_manager_destroy); + if (handle == nullptr) + throw std::runtime_error("Cannot create dpm-client handle."); + + /// This status is defined at DPM + ::Status status { true }; + Row r; + + DevicePolicyClient &client = GetDevicePolicyClient(handle.get()); + status = client.methodCall("Usb::getDebuggingState"); + r["usb_debugging"] = INTEGER(status.get()); + + status = client.methodCall("Usb::getTetheringState"); + r["usb_tethering"] = INTEGER(status.get()); + + status = client.methodCall("Usb::getClientState"); + r["usb_client"] = INTEGER(status.get()); + + return { r }; +} catch (...) { +// TODO(Sangwan): Resolve duplicated "ERROR" macro with DPM + Row r; + return { r }; +} + +} // namespace tables +} // namespace osquery diff --git a/osquery/tizen/tables/wifi_policy.cpp b/osquery/tizen/tables/wifi_policy.cpp index 43add00..2a45151 100644 --- a/osquery/tizen/tables/wifi_policy.cpp +++ b/osquery/tizen/tables/wifi_policy.cpp @@ -16,7 +16,7 @@ /* * @file wifi_policy.cpp * @author Sangwan Kwon (sangwan.kwon@samsung.com) - * @brief Implementation of wifi-policy table + * @brief Implementation of wifi_policy table */ #include @@ -33,13 +33,6 @@ namespace osquery { namespace tables { -/* - TODO List - 1. Migrate full DPM. - 2. Expose client API. - 3. Verfy below code. -*/ - QueryData genWifiPolicy(QueryContext& context) try { std::shared_ptr handle(dpm_manager_create(), dpm_manager_destroy); if (handle == nullptr) @@ -50,19 +43,18 @@ QueryData genWifiPolicy(QueryContext& context) try { Row r; DevicePolicyClient &client = GetDevicePolicyClient(handle.get()); - status = client.methodCall("Wifi::getWifi"); + status = client.methodCall("Wifi::getState"); r["wifi"] = INTEGER(status.get()); - status = client.methodCall("Wifi::getProfile"); - r["profile"] = INTEGER(status.get()); + status = client.methodCall("Wifi::isProfileChangeRestricted"); + r["wifi_profile_change"] = INTEGER(status.get()); - status = client.methodCall("Wifi::getHotspot"); - r["hotspot"] = INTEGER(status.get()); + status = client.methodCall("Wifi::getHotspotState"); + r["wifi_hotspot"] = INTEGER(status.get()); return { r }; } catch (...) { // TODO(Sangwan): Resolve duplicated "ERROR" macro with DPM -// LOG(ERROR) << "Exception occured while getting wifi-policy" << s.toString(); Row r; return { r }; } diff --git a/packaging/osquery-plugins.manifest b/packaging/osquery-plugins.manifest new file mode 100644 index 0000000..017d22d --- /dev/null +++ b/packaging/osquery-plugins.manifest @@ -0,0 +1,5 @@ + + + + + diff --git a/packaging/osquery.spec b/packaging/osquery.spec index 30532e2..7a14004 100644 --- a/packaging/osquery.spec +++ b/packaging/osquery.spec @@ -41,14 +41,6 @@ Requires: libreadline Requires: procps-ng Requires: libsystemd Requires: iptables -### Tizen dependencies -BuildRequires: pkgconfig(buxton2) -BuildRequires: pkgconfig(klay) -BuildRequires: pkgconfig(dpm-pil) -BuildRequires: pkgconfig(capi-network-wifi-manager) -BuildRequires: pkgconfig(capi-network-connection) -BuildRequires: pkgconfig(capi-system-info) -BuildRequires: pkgconfig(capi-base-common) %description Osquery exposes an operating system as a high-performance relational database. @@ -67,7 +59,8 @@ cp %SOURCE1 . %{!?build_type:%define build_type "RELEASE"} %cmake . -DCMAKE_BUILD_TYPE=%{build_type} \ -DOSQUERY_BUILD_VERSION=%{version} \ - -DGBS_BUILD="TRUE" + -DGBS_BUILD="TRUE" \ + -DPLUGIN_INSTALL_DIR=%{_libdir}/dpm/plugins make %{?jobs:-j%jobs} @@ -88,3 +81,32 @@ Testcases for osquery %files test %manifest %{name}.manifest %{_bindir}/osquery-test + +## DPM Plugins - ############################################################ +%package plugins +Summary: DPM plugins +Group: Security/Other +## Common +BuildRequires: pkgconfig(buxton2) +BuildRequires: pkgconfig(dlog) +BuildRequires: pkgconfig(klay) +BuildRequires: pkgconfig(dpm-pil) +BuildRequires: pkgconfig(capi-system-info) +BuildRequires: pkgconfig(capi-base-common) + +## Bluetooth +BuildRequires: pkgconfig(bluetooth-api) +BuildRequires: pkgconfig(capi-network-bluetooth) + +## Wifi +BuildRequires: pkgconfig(capi-network-wifi-manager) +BuildRequires: pkgconfig(capi-network-connection) + +%description plugins +Provides plugins for device policy manager + +%files plugins +%manifest packaging/%{name}-plugins.manifest +%{_libdir}/dpm/plugins/bluetooth +%{_libdir}/dpm/plugins/usb +%{_libdir}/dpm/plugins/wifi diff --git a/plugins/CMakeLists.txt b/plugins/CMakeLists.txt new file mode 100644 index 0000000..c8027f0 --- /dev/null +++ b/plugins/CMakeLists.txt @@ -0,0 +1,20 @@ +# Copyright (c) 2019 Samsung Electronics Co., Ltd All Rights Reserved +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +INCLUDE(FindPkgConfig) + +ADD_SUBDIRECTORY(bluetooth) +ADD_SUBDIRECTORY(usb) +ADD_SUBDIRECTORY(wifi) diff --git a/plugins/bluetooth/CMakeLists.txt b/plugins/bluetooth/CMakeLists.txt new file mode 100644 index 0000000..d8a1ea2 --- /dev/null +++ b/plugins/bluetooth/CMakeLists.txt @@ -0,0 +1,35 @@ +# Copyright (c) 2019 Samsung Electronics Co., Ltd All Rights Reserved +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +SET(TARGET "dpm-plugin-bluetooth") + +SET(PLUGIN_SOURCES "bluetooth.cpp") + +SET(DEPENDENCY klay + dpm-pil + bluetooth-api + capi-network-bluetooth) + +PKG_CHECK_MODULES(PLUGIN_DEPS REQUIRED ${DEPENDENCY}) + +SET(CMAKE_SHARED_LINKER_FLAGS "${CMAKE_SHARED_LINKER_FLAGS} -Wl,-z,noexecstack") + +ADD_LIBRARY(${TARGET} SHARED ${PLUGIN_SOURCES}) +SET_TARGET_PROPERTIES(${TARGET} PROPERTIES COMPILE_FLAGS "-fvisibility=default") +INCLUDE_DIRECTORIES(SYSTEM ${PLUGIN_DEPS_INCLUDE_DIRS}) +TARGET_LINK_LIBRARIES(${TARGET} ${PLUGIN_DEPS_LIBRARIES}) + +INSTALL(FILES libdpm-plugin-bluetooth.so + RENAME bluetooth + DESTINATION ${PLUGIN_INSTALL_DIR}) diff --git a/plugins/bluetooth/bluetooth.cpp b/plugins/bluetooth/bluetooth.cpp new file mode 100644 index 0000000..ba362a5 --- /dev/null +++ b/plugins/bluetooth/bluetooth.cpp @@ -0,0 +1,269 @@ +/* + * Copyright (c) 2019 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ + +#include +#include +#include + +#include +#include +#include +#include + +#include "../dlog.h" + +#define BT_FAILED(ret) \ + (((int)(ret) == BLUETOOTH_DPM_RESULT_ACCESS_DENIED) || \ + ((int)(ret) == BLUETOOTH_DPM_RESULT_FAIL)) + +#define POLICY_IS_ALLOWED(enable) \ + ((int)(enable) ? BLUETOOTH_DPM_ALLOWED : \ + BLUETOOTH_DPM_RESTRICTED) + +#define STATE_CHANGE_IS_ALLOWED(enable) \ + ((int)(enable) ? BLUETOOTH_DPM_BT_ALLOWED : \ + BLUETOOTH_DPM_BT_RESTRICTED) + +namespace { + +inline int canonicalize(int value) +{ + return -value; +} + +} // namespace + +class ModeChange : public GlobalPolicy { +public: + ModeChange() : GlobalPolicy("bluetooth") + { + PolicyEventNotifier::create("bluetooth"); + } + + bool apply(const DataType& value) + { + int ret = bluetooth_dpm_set_allow_mode(STATE_CHANGE_IS_ALLOWED(value)); + if (!BT_FAILED(ret)) { + int enable = value; + PolicyEventNotifier::emit("bluetooth", enable ? "allowed" : "disallowed"); + return true; + } + return false; + } +}; + +class DesktopConnectivity : public GlobalPolicy { +public: + DesktopConnectivity() : GlobalPolicy("bluetooth-desktop-connectivity") + { + PolicyEventNotifier::create("bluetooth_desktop_connectivity"); + } + + bool apply(const DataType & value) + { + int ret = bluetooth_dpm_set_desktop_connectivity_state(POLICY_IS_ALLOWED(value)); + if (!BT_FAILED(ret)) { + int enable = value; + PolicyEventNotifier::emit("bluetooth_desktop_connectivity", + enable ? "allowed" : "disallowed"); + return true; + } + return false; + } +}; + +class Pairing: public GlobalPolicy { +public: + Pairing() : GlobalPolicy("bluetooth-pairing") + { + PolicyEventNotifier::create("bluetooth_pairing"); + } + + bool apply(const DataType& value) + { + int ret = bluetooth_dpm_set_pairing_state(POLICY_IS_ALLOWED(value)); + if (!BT_FAILED(ret)) { + int enable = value; + PolicyEventNotifier::emit("bluetooth_pairing", + enable ? "allowed" : "disallowed"); + return true; + } + return false; + } +}; + +class Tethering: public GlobalPolicy { +public: + Tethering() : GlobalPolicy("bluetooth-tethering") + { + PolicyEventNotifier::create("bluetooth_tethering"); + } + + bool apply(const DataType& value) + { + int enable = value; + PolicyEventNotifier::emit("bluetooth_tethering", + enable ? "allowed" : "disallowed"); + return true; + } +}; + +class Bluetooth : public AbstractPolicyProvider { +public: + Bluetooth(); + ~Bluetooth(); + + int setModeChangeState(bool enable); + bool getModeChangeState(); + int setDesktopConnectivityState(bool enable); + bool getDesktopConnectivityState(); + int setTetheringState(bool enable); + bool getTetheringState(); + int setPairingState(bool enable); + bool getPairingState(); + +private: + static void onStateChanged(int result, bt_adapter_state_e state, void *user_data); + +private: + ModeChange modeChange; + DesktopConnectivity connectivity; + Pairing pairing; + Tethering tethering; +}; + +Bluetooth::Bluetooth() +{ + if (::bt_initialize() != BT_ERROR_NONE) { + ERROR(PLUGINS, "Bluetooth framework was not initilaized"); + return; + } + + if (::bt_adapter_set_state_changed_cb(onStateChanged, this) != BT_ERROR_NONE) { + ERROR(PLUGINS, "Failed to register Bluetooth callback"); + return; + } +} + +Bluetooth::~Bluetooth() +{ + ::bt_deinitialize(); +} + +void Bluetooth::onStateChanged(int result, bt_adapter_state_e state, void *user_data) +{ + Bluetooth *pimpl = reinterpret_cast(user_data); + if (pimpl != nullptr && state == BT_ADAPTER_ENABLED) { +// pimpl->modeChange.apply(); +// pimpl->desktopConnectivity.apply(); +// pimpl->pairing.apply(); +// pimpl->deviceRestriction.enforce(); +// pimpl->uuidRestriction.enforce(); + } +} + +int Bluetooth::setModeChangeState(bool enable) +{ + try { + modeChange.set(enable); + } catch (runtime::Exception& e) { + ERROR(PLUGINS, "Exception: " << e.what()); + return -1; + } + + return 0; +} + +bool Bluetooth::getModeChangeState() +{ + return modeChange.get(); +} + +int Bluetooth::setDesktopConnectivityState(bool enable) +{ + try { + connectivity.set(enable); + } catch (runtime::Exception& e) { + ERROR(PLUGINS, "Exception: " << e.what()); + return -1; + } + + return 0; +} + +bool Bluetooth::getDesktopConnectivityState() +{ + return connectivity.get(); +} + +int Bluetooth::setPairingState(bool enable) +{ + try { + pairing.set(enable); + } catch (runtime::Exception& e) { + ERROR(PLUGINS, "Exception: " << e.what()); + return -1; + } + + return 0; +} + +bool Bluetooth::getPairingState() +{ + return pairing.get(); +} + +int Bluetooth::setTetheringState(bool enable) +{ + try { + tethering.set(enable); + } catch (runtime::Exception& e) { + ERROR(PLUGINS, "Exception " << e.what()); + return -1; + } + + return 0; +} + +bool Bluetooth::getTetheringState() +{ + return tethering.get(); +} + + +extern "C" { + +#define PRIVILEGE "http://tizen.org/privilege/dpm.bluetooth" + +AbstractPolicyProvider *PolicyFactory(PolicyControlContext& context) +{ + INFO(PLUGINS, "Bluetooth plugin loaded"); + Bluetooth *policy = new Bluetooth(); + + context.expose(policy, PRIVILEGE, (int)(Bluetooth::setModeChangeState)(bool)); + context.expose(policy, PRIVILEGE, (int)(Bluetooth::setDesktopConnectivityState)(bool)); + context.expose(policy, PRIVILEGE, (int)(Bluetooth::setTetheringState)(bool)); + context.expose(policy, PRIVILEGE, (int)(Bluetooth::setPairingState)(bool)); + + context.expose(policy, "", (bool)(Bluetooth::getModeChangeState)()); + context.expose(policy, "", (bool)(Bluetooth::getDesktopConnectivityState)()); + context.expose(policy, "", (bool)(Bluetooth::getTetheringState)()); + context.expose(policy, "", (bool)(Bluetooth::getPairingState)()); + + return policy; +} + +} // extern "C" diff --git a/plugins/dlog.h b/plugins/dlog.h new file mode 100644 index 0000000..701c6d5 --- /dev/null +++ b/plugins/dlog.h @@ -0,0 +1,56 @@ +/* + * Copyright (c) 2019 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or DLogied. + * See the License for the specific language governing permissions and + * limitations under the License + */ + +#pragma once + +#include +#include + +#define PLUGINS osquery::DLog::getSink() + +namespace osquery { + +class DLog final { +public: + DLog(const DLog&) = delete; + DLog& operator=(const DLog&) = delete; + + DLog(DLog&&) noexcept = default; + DLog& operator=(DLog&&) noexcept = default; + + static inline DLog& instance() + { + static DLog dlog; + return dlog; + } + + static inline audit::LogSink* getSink() + { + return DLog::instance().logSink.get(); + } + +private: + DLog() + { + auto dlog = new audit::DlogLogSink("DPM_PLUGIN"); + this->logSink.reset(dynamic_cast(dlog)); + } + ~DLog() noexcept = default; + + std::unique_ptr logSink; +}; + +} // namespace osquery diff --git a/plugins/usb/CMakeLists.txt b/plugins/usb/CMakeLists.txt new file mode 100644 index 0000000..52602b9 --- /dev/null +++ b/plugins/usb/CMakeLists.txt @@ -0,0 +1,33 @@ +# Copyright (c) 2019 Samsung Electronics Co., Ltd All Rights Reserved +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +SET(TARGET "dpm-plugin-usb") + +SET(PLUGIN_SOURCES "usb.cpp") + +SET(DEPENDENCY klay + dpm-pil) + +PKG_CHECK_MODULES(PLUGIN_DEPS REQUIRED ${DEPENDENCY}) + +SET (CMAKE_SHARED_LINKER_FLAGS "${CMAKE_SHARED_LINKER_FLAGS} -Wl,-z,noexecstack") + +ADD_LIBRARY(${TARGET} SHARED ${PLUGIN_SOURCES}) +SET_TARGET_PROPERTIES(${TARGET} PROPERTIES COMPILE_FLAGS "-fvisibility=default") +INCLUDE_DIRECTORIES(SYSTEM ${PLUGIN_DEPS_INCLUDE_DIRS}) +TARGET_LINK_LIBRARIES(${TARGET} ${PLUGIN_DEPS_LIBRARIES}) + +INSTALL(FILES libdpm-plugin-usb.so + RENAME usb + DESTINATION ${PLUGIN_INSTALL_DIR}) diff --git a/plugins/usb/usb.cpp b/plugins/usb/usb.cpp new file mode 100644 index 0000000..5c2c171 --- /dev/null +++ b/plugins/usb/usb.cpp @@ -0,0 +1,208 @@ +/* + * Copyright (c) 2019 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ + +#include +#include +#include +#include +#include +#include + +#include +#include +#include + +#include + +#include "../dlog.h" + +#define DEVICED_SYSNOTI_INTERFACE \ + "org.tizen.system.deviced", \ + "/Org/Tizen/System/DeviceD/SysNoti", \ + "org.tizen.system.deviced.SysNoti", \ + "control" + +class DebuggingMode : public GlobalPolicy { +public: + DebuggingMode() : GlobalPolicy("usb-debugging") + { + PolicyEventNotifier::create("usb_debugging"); + } + + bool apply(const DataType& value) + { + int enable = value; + PolicyEventNotifier::emit("usb_debugging", enable ? "allowed" : "disallowed"); + return true; + } +}; + +class Tethering : public GlobalPolicy { +public: + Tethering() : GlobalPolicy("usb-tethering") + { + PolicyEventNotifier::create("usb_tethering"); + } + + bool apply(const DataType& value) + { + int enable = value; + PolicyEventNotifier::emit("usb_tethering", enable ? "allowed" : "disallowed"); + return true; + } +}; + +class Client : public GlobalPolicy { +public: + Client() : GlobalPolicy("usb-client") + { + PolicyEventNotifier::create("usb_client"); + sendDbusSignal(); + } + + bool apply(const DataType& value) + { + int ret; + int enable = value; + + try { + std::string pid(std::to_string(::getpid())); + std::string state(std::to_string(enable)); + dbus::Connection &systemDBus = dbus::Connection::getSystem(); + systemDBus.methodcall(DEVICED_SYSNOTI_INTERFACE, + -1, "(i)", "(sisss)", + "control", 3, pid.c_str(), "1", state.c_str()).get("(i)", &ret); + } catch(runtime::Exception& e) { + ERROR(PLUGINS, "Failed to enforce usb client"); + return false; + } + + if (ret == 0) { + PolicyEventNotifier::emit("usb_client", enable ? "allowed" : "disallowed"); + return true; + } + + return false; + } + + void sendDbusSignal(void) + { + int ret; + int enable = get().value; + + try { + std::string pid(std::to_string(::getpid())); + std::string state(std::to_string(enable)); + dbus::Connection &systemDBus = dbus::Connection::getSystem(); + systemDBus.methodcall(DEVICED_SYSNOTI_INTERFACE, + -1, "(i)", "(sisss)", + "control", 3, pid.c_str(), "1", state.c_str()).get("(i)", &ret); + } catch(runtime::Exception& e) { + ERROR(PLUGINS, "Failed to enforce usb client"); + } + } +}; + +class Usb : public AbstractPolicyProvider { +public: + int setDebuggingState(bool enable); + bool getDebuggingState(); + + int setTetheringState(bool enable); + bool getTetheringState(); + + int setClientState(bool enable); + bool getClientState(); + +private: + DebuggingMode debugging; + Tethering tethering; + Client client; +}; + +int Usb::setDebuggingState(bool enable) +{ + try { + debugging.set(enable); + } catch (runtime::Exception& e) { + ERROR(PLUGINS, e.what()); + return -1; + } + + return 0; +} + +bool Usb::getDebuggingState() +{ + return debugging.get(); +} + +int Usb::setTetheringState(bool enable) +{ + try { + tethering.set(enable); + } catch (runtime::Exception& e) { + ERROR(PLUGINS, e.what()); + return -1; + } + + return 0; +} + +bool Usb::getTetheringState() +{ + return tethering.get(); +} + +int Usb::setClientState(bool enable) +{ + try { + client.set(enable); + } catch (runtime::Exception& e) { + ERROR(PLUGINS, e.what()); + return -1; + } + + return 0; +} + +bool Usb::getClientState() +{ + return client.get(); +} + +extern "C" { + +#define PRIVILEGE_USB "http://tizen.org/privilege/dpm.usb" +#define PRIVILEGE_DEBUGGING "http://tizen.org/privilege/dpm.debugging" + +AbstractPolicyProvider *PolicyFactory(PolicyControlContext& context) +{ + INFO(PLUGINS, "Usb plugin loaded"); + Usb *policy = new Usb(); + + context.expose(policy, PRIVILEGE_DEBUGGING, (int)(Usb::setDebuggingState)(bool)); + context.expose(policy, PRIVILEGE_USB, (int)(Usb::setTetheringState)(bool)); + context.expose(policy, PRIVILEGE_USB, (int)(Usb::setClientState)(bool)); + + context.expose(policy, "", (bool)(Usb::getDebuggingState)()); + context.expose(policy, "", (bool)(Usb::getTetheringState)()); + context.expose(policy, "", (bool)(Usb::getClientState)()); + + return policy; +} + +} // extern "C" diff --git a/plugins/wifi/CMakeLists.txt b/plugins/wifi/CMakeLists.txt new file mode 100644 index 0000000..777e8f4 --- /dev/null +++ b/plugins/wifi/CMakeLists.txt @@ -0,0 +1,35 @@ +# Copyright (c) 2019 Samsung Electronics Co., Ltd All Rights Reserved +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +SET(TARGET "dpm-plugin-wifi") + +SET(PLUGIN_SOURCES "wifi.cpp") + +SET(DEPENDENCY klay + dpm-pil + capi-network-wifi-manager + capi-network-connection) + +PKG_CHECK_MODULES(PLUGIN_DEPS REQUIRED ${DEPENDENCY}) + +SET(CMAKE_SHARED_LINKER_FLAGS "${CMAKE_SHARED_LINKER_FLAGS} -Wl,-z,noexecstack") + +ADD_LIBRARY(${TARGET} SHARED ${PLUGIN_SOURCES}) +SET_TARGET_PROPERTIES(${TARGET} PROPERTIES COMPILE_FLAGS "-fvisibility=default") +INCLUDE_DIRECTORIES(SYSTEM ${PLUGIN_DEPS_INCLUDE_DIRS}) +TARGET_LINK_LIBRARIES(${TARGET} ${PLUGIN_DEPS_LIBRARIES}) + +INSTALL(FILES libdpm-plugin-wifi.so + RENAME wifi + DESTINATION ${PLUGIN_INSTALL_DIR}) diff --git a/plugins/wifi/wifi.cpp b/plugins/wifi/wifi.cpp new file mode 100644 index 0000000..97df098 --- /dev/null +++ b/plugins/wifi/wifi.cpp @@ -0,0 +1,239 @@ +/* + * Copyright (c) 2019 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ + +#include + +#include +#include +#include + +#include + +#include + +#include +#include +#include +#include + +#include "../dlog.h" + +#define NETCONFIG_INTERFACE \ + "net.netconfig", \ + "/net/netconfig/network", \ + "net.netconfig.network" + +class ModeChange : public GlobalPolicy { +public: + ModeChange() : GlobalPolicy("wifi") + { + PolicyEventNotifier::create("wifi"); + } + + bool apply(const DataType& value) + { + int enable = value; + try { + dbus::Connection &systemDBus = dbus::Connection::getSystem(); + systemDBus.methodcall(NETCONFIG_INTERFACE, + "DevicePolicySetWifi", + -1, + "", + "(i)", + enable); + } catch (runtime::Exception& e) { + ERROR(PLUGINS, "Failed to chaneg Wi-Fi state"); + return false; + } + + PolicyEventNotifier::emit("wifi", enable ? "allowed" : "disallowed"); + return true; + } +}; + +class ProfileChange : public GlobalPolicy { +public: + ProfileChange() : GlobalPolicy("wifi-profile-change") + { + PolicyEventNotifier::create("wifi_profile_change"); + } + + bool apply(const DataType& value) + { + int enable = value; + try { + dbus::Connection &systemDBus = dbus::Connection::getSystem(); + systemDBus.methodcall(NETCONFIG_INTERFACE, + "DevicePolicySetWifiProfile", + -1, + "", + "(i)", + enable); + } catch (runtime::Exception& e) { + ERROR(PLUGINS, "Failed to set Wi-Fi profile change restriction"); + return false; + } + PolicyEventNotifier::emit("wifi_profile_change", enable ? "allowed" : "disallowed"); + return true; + } +}; + +class Hotspot : public GlobalPolicy { +public: + Hotspot() : GlobalPolicy("wifi-hotspot") + { + PolicyEventNotifier::create("wifi_hotspot"); + } + + bool apply(const DataType& value) + { + int enable = value; + PolicyEventNotifier::emit("wifi_hotspot", enable ? "allowed" : "disallowed"); + return true; + } +}; + +class Wifi : public AbstractPolicyProvider { +public: + Wifi(); + ~Wifi(); + + int setState(bool enable); + bool getState(); + int setHotspotState(bool enable); + bool getHotspotState(); + int setProfileChangeRestriction(bool enable); + bool isProfileChangeRestricted(); + + static void onConnectionStateChanged(wifi_manager_connection_state_e state, + wifi_manager_ap_h ap, void *user_data); + +private: + wifi_manager_h handle; + + ModeChange modeChange; + ProfileChange profileChange; + Hotspot hotspot; +}; + + +Wifi::Wifi() : handle(nullptr) +{ + int ret = 0; + + ret = ::wifi_manager_initialize(&handle); + if (ret != WIFI_MANAGER_ERROR_NONE) { + if (ret == WIFI_MANAGER_ERROR_NOT_SUPPORTED) { + return; + } + throw runtime::Exception("WiFi Manager initialization failed"); + } + + ret = ::wifi_manager_set_connection_state_changed_cb(handle, &onConnectionStateChanged, this); + if (ret != WIFI_MANAGER_ERROR_NONE) { + throw runtime::Exception("WiFi Manager set connection state changed callback failed"); + } +} + +Wifi::~Wifi() +{ + if (handle) { + ::wifi_manager_unset_connection_state_changed_cb(handle); + ::wifi_manager_deinitialize(handle); + } +} + +void Wifi::onConnectionStateChanged(wifi_manager_connection_state_e state, + wifi_manager_ap_h ap, void *user_data) +{ + if (state == WIFI_MANAGER_CONNECTION_STATE_FAILURE || + state == WIFI_MANAGER_CONNECTION_STATE_DISCONNECTED) { + return; + } +} + +int Wifi::setState(bool enable) +{ + try { + modeChange.set(enable); + } catch (runtime::Exception& e) { + ERROR(PLUGINS, e.what()); + return -1; + } + + return 0; +} + +bool Wifi::getState() +{ + return modeChange.get(); +} + +int Wifi::setHotspotState(bool enable) +{ + try { + hotspot.set(enable); + } catch (runtime::Exception& e) { + ERROR(PLUGINS, e.what()); + return -1; + } + + return 0; +} + +bool Wifi::getHotspotState() +{ + return hotspot.get(); +} + +int Wifi::setProfileChangeRestriction(bool enable) +{ + try { + profileChange.set(enable); + } catch (runtime::Exception& e) { + ERROR(PLUGINS, e.what()); + return -1; + } + + return 0; +} + +bool Wifi::isProfileChangeRestricted() +{ + return profileChange.get(); +} + +extern "C" { + +#define PRIVILEGE "http://tizen.org/privilege/dpm.wifi" + +AbstractPolicyProvider *PolicyFactory(PolicyControlContext& context) +{ + INFO(PLUGINS, "Wifi plugin loaded"); + Wifi *policy = new Wifi(); + + context.expose(policy, PRIVILEGE, (int)(Wifi::setState)(bool)); + context.expose(policy, PRIVILEGE, (int)(Wifi::setHotspotState)(bool)); + context.expose(policy, PRIVILEGE, (int)(Wifi::setProfileChangeRestriction)(bool)); + + context.expose(policy, "", (bool)(Wifi::getState)()); + context.expose(policy, "", (bool)(Wifi::getHotspotState)()); + context.expose(policy, "", (bool)(Wifi::isProfileChangeRestricted)()); + + return policy; +} + +} // extern "C" diff --git a/specs/tizen/bluetooth_policy.table b/specs/tizen/bluetooth_policy.table new file mode 100644 index 0000000..40c2a7c --- /dev/null +++ b/specs/tizen/bluetooth_policy.table @@ -0,0 +1,9 @@ +table_name("bluetooth_policy") +description("A single row containing the bluetooth policy.") +schema([ + Column("mode_change_state", INTEGER, "Bluetooth policy state"), + Column("desktop_connectivity_state", INTEGER, "Desktop connectivity policy state"), + Column("tethering_state", INTEGER, "Tethering policy state"), + Column("paring_state", INTEGER, "Paring policy state"), +]) +implementation("bluetooth_policy@genBluetoothPolicy") diff --git a/specs/tizen/usb_policy.table b/specs/tizen/usb_policy.table new file mode 100644 index 0000000..57a230d --- /dev/null +++ b/specs/tizen/usb_policy.table @@ -0,0 +1,8 @@ +table_name("usb_policy") +description("A single row containing the usb policy.") +schema([ + Column("usb_debugging", INTEGER, "USB debugging mode policy state"), + Column("usb_tethering", INTEGER, "USB tethering policy state"), + Column("usb_client", INTEGER, "USB client policy state"), +]) +implementation("usb_policy@genUsbPolicy") diff --git a/specs/tizen/wifi_policy.table b/specs/tizen/wifi_policy.table index 020c327..f6aad48 100644 --- a/specs/tizen/wifi_policy.table +++ b/specs/tizen/wifi_policy.table @@ -2,7 +2,7 @@ table_name("wifi_policy") description("A single row containing the wifi policy.") schema([ Column("wifi", INTEGER, "Wi-Fi policy state"), - Column("profile", INTEGER, "Profile policy state"), - Column("hotspot", INTEGER, "Hotspot policy state"), + Column("wifi_profile_change", INTEGER, "Profile policy state"), + Column("wifi_hotspot", INTEGER, "Hotspot policy state"), ]) implementation("wifi_policy@genWifiPolicy") -- 2.7.4