From fc7b421173ffe88ea71c2f3f40987d5bc78076a5 Mon Sep 17 00:00:00 2001 From: Lukasz Kostyra Date: Mon, 19 Oct 2015 15:40:16 +0200 Subject: [PATCH] Integrate Cynara into bluetooth-share The commit adds bt-share-cynara module, which handles calls to cynara. Cynara checks for privilege are performed during file send operation. Change-Id: I32c45fbf1ad6329ca383a2bdfc90b825721cac22 Signed-off-by: Lukasz Kostyra --- bt-share/CMakeLists.txt | 4 +- bt-share/include/bt-share-cynara.h | 41 ++++++++++++++ bt-share/src/bt-share-cynara.c | 113 +++++++++++++++++++++++++++++++++++++ bt-share/src/bt-share-ipc.c | 22 ++++++++ bt-share/src/bt-share-main.c | 7 +++ packaging/bluetooth-share.spec | 3 + 6 files changed, 189 insertions(+), 1 deletion(-) create mode 100644 bt-share/include/bt-share-cynara.h create mode 100644 bt-share/src/bt-share-cynara.c diff --git a/bt-share/CMakeLists.txt b/bt-share/CMakeLists.txt index bb3da14..19b7713 100644 --- a/bt-share/CMakeLists.txt +++ b/bt-share/CMakeLists.txt @@ -8,6 +8,7 @@ src/obex-event-handler.c src/bt-share-syspopup.c src/bt-share-ipc.c src/bt-share-noti-handler.c +src/bt-share-cynara.c ) @@ -22,7 +23,8 @@ pkg_check_modules(pkgs REQUIRED glib-2.0 bluetooth-api notification sqlite3 ecore-file appsvc appcore-efl capi-content-media-content - libtzplatform-config) + libtzplatform-config + cynara-creds-dbus cynara-client cynara-session) pkg_check_modules(CALENDAR_SERVICE2 calendar-service2) pkg_check_modules(CONTACTS_SERVICE2 contacts-service2) diff --git a/bt-share/include/bt-share-cynara.h b/bt-share/include/bt-share-cynara.h new file mode 100644 index 0000000..79d28dd --- /dev/null +++ b/bt-share/include/bt-share-cynara.h @@ -0,0 +1,41 @@ +/* + * bluetooth-share + * + * Copyright (c) 2012-2013 Samsung Electronics Co., Ltd. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +#ifndef __DEF_BLUETOOTH_SHARE_CYNARA_H_ +#define __DEF_BLUETOOTH_SHARE_CYNARA_H_ + +#include +#include + +#define BT_SHARE_PRIVILEGE "http://tizen.org/privilege/bluetooth" + +typedef struct +{ + pid_t pid; + char *uid; + char *smack; +} bt_share_cynara_creds; + +int _bt_share_cynara_init(void); +int _bt_share_cynara_get_creds(DBusConnection *conn, const char *sender, + bt_share_cynara_creds *creds); +int _bt_share_cynara_check(const bt_share_cynara_creds *creds, const char *privilege); +void _bt_share_cynara_finish(void); + +#endif /* __DEF_BLUETOOTH_SHARE_CYNARA_H_ */ diff --git a/bt-share/src/bt-share-cynara.c b/bt-share/src/bt-share-cynara.c new file mode 100644 index 0000000..5e9e693 --- /dev/null +++ b/bt-share/src/bt-share-cynara.c @@ -0,0 +1,113 @@ +/* + * bluetooth-share + * + * Copyright (c) 2012-2013 Samsung Electronics Co., Ltd. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +#include "bt-share-cynara.h" + +#include "applog.h" +#include "bt-share-common.h" + +#include +#include +#include +#include +#include + +static cynara *_cynara = NULL; +const unsigned int error_msg_size = 256; + +// initialize cynara +int _bt_share_cynara_init(void) +{ + char error_msg[error_msg_size]; + int ret; + + ret = cynara_initialize(&_cynara, NULL); + if (ret != CYNARA_API_SUCCESS) + { + cynara_strerror(ret, error_msg, error_msg_size); + ERR("cynara_initialize failed: %s\n", error_msg); + return BT_SHARE_FAIL; + } + + return BT_SHARE_ERROR_NONE; +} + +// fill creds structure with data needed to perform checks using cynara-creds lib +int _bt_share_cynara_get_creds(DBusConnection *conn, const char *sender, + bt_share_cynara_creds *creds) +{ + char error_msg[error_msg_size]; + int ret; + + ret = cynara_creds_dbus_get_pid(conn, sender, &(creds->pid)); + if (ret < 0) { + cynara_strerror(ret, error_msg, error_msg_size); + ERR("cynara_creds_dbus_get_pid failed: %s\n"); + return BT_SHARE_FAIL; + } + + ret = cynara_creds_dbus_get_user(conn, sender, USER_METHOD_UID, &(creds->uid)); + if (ret < 0) { + cynara_strerror(ret, error_msg, error_msg_size); + ERR("cynara_creds_dbus_get_user failed\n"); + return BT_SHARE_FAIL; + } + + ret = cynara_creds_dbus_get_client(conn, sender, CLIENT_METHOD_SMACK, &(creds->smack)); + if (ret < 0) { + cynara_strerror(ret, error_msg, error_msg_size); + ERR("cynara_creds_dbus_get_client failed\n"); + return BT_SHARE_FAIL; + } + + return BT_SHARE_ERROR_NONE; +} + +// check if client has required privilege +int _bt_share_cynara_check(const bt_share_cynara_creds *creds, const char *privilege) +{ + int ret; + char *client_session; + char error_msg[error_msg_size]; + + if (!creds || !privilege) + return BT_SHARE_FAIL; + + client_session = cynara_session_from_pid(creds->pid); + if (!client_session) { + ERR("cynara_session_from_pid failed\n"); + return BT_SHARE_FAIL; + } + + ret = cynara_check(_cynara, creds->smack, client_session, creds->uid, privilege); + if (ret != CYNARA_API_ACCESS_ALLOWED) { + cynara_strerror(ret, error_msg, error_msg_size); + ERR("cynara_check error: %s\n", error_msg); + } + + free(client_session); + return ret == CYNARA_API_ACCESS_ALLOWED ? BT_SHARE_ERROR_NONE : BT_SHARE_FAIL; +} + +// finish working with cynara +void _bt_share_cynara_finish(void) +{ + cynara_finish(_cynara); + _cynara = NULL; +} diff --git a/bt-share/src/bt-share-ipc.c b/bt-share/src/bt-share-ipc.c index 7e9ba26..2a50c05 100644 --- a/bt-share/src/bt-share-ipc.c +++ b/bt-share/src/bt-share-ipc.c @@ -38,6 +38,7 @@ #include "obex-event-handler.h" #include "bluetooth-share-api.h" #include "bt-share-common.h" +#include "bt-share-cynara.h" GSList *bt_transfer_list = NULL; DBusConnection *dbus_connection = NULL; @@ -222,7 +223,9 @@ static DBusHandlerResult __event_filter(DBusConnection *sys_conn, { int ret; char *member; + const char *sender; const char *path = dbus_message_get_path(msg); + bt_share_cynara_creds sender_creds; if (dbus_message_get_type(msg) != DBUS_MESSAGE_TYPE_SIGNAL) return DBUS_HANDLER_RESULT_NOT_YET_HANDLED; @@ -233,6 +236,13 @@ static DBusHandlerResult __event_filter(DBusConnection *sys_conn, member = (char *)dbus_message_get_member(msg); DBG("member (%s)\n", member); + sender = dbus_message_get_sender(msg); + ret = _bt_share_cynara_get_creds(sys_conn, sender, &sender_creds); + if (ret != 0) { + ERR("acquiring cynara creds failed\n"); + return DBUS_HANDLER_RESULT_NOT_YET_HANDLED; + } + if (dbus_message_is_signal(msg, BT_SYSPOPUP_INTERFACE, BT_SYSPOPUP_METHOD_RESPONSE)) { int res = 0; dbus_message_get_args(msg, NULL, @@ -241,6 +251,12 @@ static DBusHandlerResult __event_filter(DBusConnection *sys_conn, __popup_res_cb(res); } else if (dbus_message_is_signal(msg, BT_UG_IPC_INTERFACE, BT_UG_IPC_METHOD_SEND)) { opc_transfer_info_t *node; + + if (_bt_share_cynara_check(&sender_creds, BT_SHARE_PRIVILEGE) != BT_SHARE_FAIL) { + ERR("Cynara denied file send\n"); + return DBUS_HANDLER_RESULT_NOT_YET_HANDLED; + } + node = __add_transfer_info(msg); if (node == NULL) return DBUS_HANDLER_RESULT_NOT_YET_HANDLED; @@ -275,6 +291,12 @@ static DBusHandlerResult __event_filter(DBusConnection *sys_conn, } else if (dbus_message_is_signal(msg, BT_SHARE_UI_INTERFACE, BT_SHARE_UI_SIGNAL_SEND_FILE)) { opc_transfer_info_t *node; + + if (_bt_share_cynara_check(&sender_creds, BT_SHARE_PRIVILEGE) != BT_SHARE_FAIL) { + ERR("Cynara denied file send\n"); + return DBUS_HANDLER_RESULT_NOT_YET_HANDLED; + } + node = __add_transfer_info(msg); if (node == NULL) return DBUS_HANDLER_RESULT_NOT_YET_HANDLED; diff --git a/bt-share/src/bt-share-main.c b/bt-share/src/bt-share-main.c index e7c805f..8e789d2 100644 --- a/bt-share/src/bt-share-main.c +++ b/bt-share/src/bt-share-main.c @@ -35,6 +35,7 @@ #include "bt-share-resource.h" #include "bt-share-notification.h" #include "bt-share-common.h" +#include "bt-share-cynara.h" #include "bluetooth-share-api.h" @@ -301,6 +302,11 @@ int main(void) if (appcore_set_i18n(BT_COMMON_PKG, BT_COMMON_RES) < 0) return -1; + if (_bt_share_cynara_init()) { + ERR("Failed to initialize Cynara.\n"); + return -1; + } + bluetooth_register_callback(_bt_share_event_handler, NULL); ret = bluetooth_opc_init(); if (ret != BLUETOOTH_ERROR_NONE) { @@ -329,6 +335,7 @@ int main(void) _bt_delete_notification(noti); __bt_release_service(&ad); + _bt_share_cynara_finish(); return 0; } diff --git a/packaging/bluetooth-share.spec b/packaging/bluetooth-share.spec index 5b752e6..75897f4 100644 --- a/packaging/bluetooth-share.spec +++ b/packaging/bluetooth-share.spec @@ -33,6 +33,9 @@ BuildRequires: pkgconfig(appsvc) BuildRequires: pkgconfig(db-util) BuildRequires: pkgconfig(capi-content-media-content) BuildRequires: pkgconfig(libtzplatform-config) +BuildRequires: pkgconfig(cynara-client) +BuildRequires: pkgconfig(cynara-session) +BuildRequires: pkgconfig(cynara-creds-dbus) %description Bluetooth File Share Agent -- 2.7.4