From 25258ab1eb05bea3075a697b0009e4937d525e36 Mon Sep 17 00:00:00 2001 From: "kibak.yoon" Date: Wed, 5 Apr 2017 16:20:26 +0900 Subject: [PATCH] sensord: add permission_checker for checking privileges - permission_checker provides two way to check privilege: - by string - by sensor_permission_t(enum) - [TBD] in the future, we will only check privilege with string. - [TBD] since there is a direct dependency on cynara, it will be separated. Change-Id: Ic7ddac594bebb669a9643992ef7f52f1c36dcdfb Signed-off-by: kibak.yoon --- src/server/permission_checker.cpp | 101 ++++++++++++++++++++++++++++++++++++-- src/server/permission_checker.h | 25 +++++++--- 2 files changed, 115 insertions(+), 11 deletions(-) diff --git a/src/server/permission_checker.cpp b/src/server/permission_checker.cpp index 20b03ec..644ce61 100644 --- a/src/server/permission_checker.cpp +++ b/src/server/permission_checker.cpp @@ -1,7 +1,7 @@ /* * sensord * - * Copyright (c) 2014 Samsung Electronics Co., Ltd. + * Copyright (c) 2017 Samsung Electronics Co., Ltd. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -17,22 +17,113 @@ * */ -#include +#include "permission_checker.h" + #include #include #include +#include +#include #define CACHE_SIZE 16 -static bool check_privilege_by_sockfd(int sock_fd, const char *priv, const char *access) +using namespace sensor; + +static cynara *cynara_env = NULL; +static std::unordered_map permissions; + +permission_checker::permission_checker() +{ + init_cynara(); +} + +permission_checker::~permission_checker() +{ + deinit_cynara(); +} + +void permission_checker::init(void) +{ + /* if needed, add privilege to permissions */ + permissions[SENSOR_PERMISSION_HEALTH_INFO] = "http://tizen.org/privilege/healthinfo"; +} + +void permission_checker::init_cynara(void) +{ + int err; + cynara_configuration *conf; + + err = cynara_configuration_create(&conf); + retm_if(err != CYNARA_API_SUCCESS, "Failed to create cynara configuration"); + + err = cynara_configuration_set_cache_size(conf, CACHE_SIZE); + if (err != CYNARA_API_SUCCESS) { + _E("Failed to set cynara cache"); + cynara_configuration_destroy(conf); + return; + } + + err = cynara_initialize(&cynara_env, conf); + cynara_configuration_destroy(conf); + + if (err != CYNARA_API_SUCCESS) { + _E("Failed to initialize cynara"); + cynara_env = NULL; + return; + } + + _I("Initialized"); +} + +void permission_checker::deinit_cynara(void) +{ + if (cynara_env) { + cynara_finish(cynara_env); + cynara_env = NULL; + } + + _I("Deinitialized"); +} + +bool permission_checker::has_permission_cynara(int sock_fd, std::string &perm) { + retvm_if(cynara_env == NULL, false, "Cynara not initialized"); + + int pid = -1; + char *client = NULL; + char *session = NULL; + char *user = NULL; + + retvm_if(cynara_creds_socket_get_pid(sock_fd, &pid) != CYNARA_API_SUCCESS, + false, "Failed to get pid"); + + if (cynara_creds_socket_get_client(sock_fd, + CLIENT_METHOD_DEFAULT, &client) != CYNARA_API_SUCCESS || + cynara_creds_socket_get_user(sock_fd, + USER_METHOD_DEFAULT, &user) != CYNARA_API_SUCCESS || + (session = cynara_session_from_pid(pid)) == NULL) { + _E("Failed to get client information"); + free(client); + free(user); + free(session); + return false; + } + return true; } -permission_checker::permission_checker() +bool permission_checker::has_permission(int sock_fd, std::string &perm) { + retv_if(perm.empty(), true); + + return has_permission_cynara(sock_fd, perm); } -permission_checker::~permission_checker() +/* TODO: remove sensor_permission_t and this function */ +bool permission_checker::has_permission(int sock_fd, sensor_permission_t perm) { + auto it = permissions.find(perm); + retv_if(it == permissions.end(), true); + + return has_permission(sock_fd, permissions[perm]); } diff --git a/src/server/permission_checker.h b/src/server/permission_checker.h index 01cc8b4..b307dc0 100644 --- a/src/server/permission_checker.h +++ b/src/server/permission_checker.h @@ -1,7 +1,7 @@ /* * sensord * - * Copyright (c) 2014 Samsung Electronics Co., Ltd. + * Copyright (c) 2017 Samsung Electronics Co., Ltd. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -17,16 +17,29 @@ * */ -#ifndef _PERMISSION_CHECKER_H_ -#define _PERMISSION_CHECKER_H_ +#ifndef __PERMISSION_CHECKER_H__ +#define __PERMISSION_CHECKER_H__ +#include #include -#include -#include + +namespace sensor { class permission_checker { +public: permission_checker(); ~permission_checker(); + + void init(void); + + void init_cynara(void); + void deinit_cynara(void); + bool has_permission_cynara(int sock_fd, std::string &perm); + + bool has_permission(int sock_fd, std::string &perm); + bool has_permission(int sock_fd, sensor_permission_t perm); }; -#endif /* _PERMISSION_CHECKER_H_ */ +} + +#endif /* __PERMISSION_CHECKER_H__ */ -- 2.7.4