From 9aefee09819711b9ee56c722bd8433696fa1c2c6 Mon Sep 17 00:00:00 2001 From: DoHyun Pyun Date: Fri, 3 May 2013 13:13:56 +0900 Subject: [PATCH] Implement User Space SMACK To control OSP privileges implement the codes Change-Id: Id52f99b3cb1533d00e0ac6197e6aa822a13eeb63 --- bt-api/CMakeLists.txt | 7 +- bt-api/bt-common.c | 40 +++++++++++ bt-api/bt-request-sender.c | 8 +++ bt-api/include/bt-common.h | 4 ++ bt-service/CMakeLists.txt | 2 +- bt-service/bt-request-handler.c | 127 +++++++++++++++++++++++++++++++++ bt-service/include/bt-service-common.h | 8 +++ packaging/bluetooth-frwk.spec | 1 + 8 files changed, 193 insertions(+), 4 deletions(-) diff --git a/bt-api/CMakeLists.txt b/bt-api/CMakeLists.txt index 0d4a554..4d0f78b 100644 --- a/bt-api/CMakeLists.txt +++ b/bt-api/CMakeLists.txt @@ -30,6 +30,7 @@ bluetooth-media-control.h) SET(PREFIX ${CMAKE_INSTALL_PREFIX}) SET(EXEC_PREFIX "\${prefix}") +SET(LIBDIR "\${prefix}/lib") SET(INCLUDEDIR "\${prefix}/include") SET(VERSION_MAJOR 1) SET(VERSION ${VERSION_MAJOR}.0.0) @@ -40,7 +41,7 @@ INCLUDE_DIRECTORIES(${CMAKE_CURRENT_SOURCE_DIR}/include) INCLUDE(FindPkgConfig) pkg_check_modules(packages REQUIRED dlog dbus-glib-1 gobject-2.0 gmodule-2.0 vconf -libxml-2.0 syspopup-caller) +libxml-2.0 syspopup-caller security-server) FOREACH(flag ${packages_CFLAGS}) SET(EXTRA_CFLAGS "${EXTRA_CFLAGS} ${flag}") @@ -72,8 +73,8 @@ SET_TARGET_PROPERTIES(bluetooth-api PROPERTIES SOVERSION ${VERSION_MAJOR}) SET_TARGET_PROPERTIES(bluetooth-api PROPERTIES VERSION ${VERSION}) TARGET_LINK_LIBRARIES(bluetooth-api ${packages_LDFLAGS}) CONFIGURE_FILE(${CMAKE_CURRENT_SOURCE_DIR}/bluetooth-api.pc.in ${CMAKE_CURRENT_BINARY_DIR}/bluetooth-api.pc @ONLY) -INSTALL(FILES ${CMAKE_CURRENT_BINARY_DIR}/bluetooth-api.pc DESTINATION ${LIB_INSTALL_DIR}/pkgconfig) -INSTALL(TARGETS bluetooth-api DESTINATION ${LIB_INSTALL_DIR} COMPONENT RuntimeLibraries) +INSTALL(FILES ${CMAKE_CURRENT_BINARY_DIR}/bluetooth-api.pc DESTINATION lib/pkgconfig) +INSTALL(TARGETS bluetooth-api DESTINATION lib COMPONENT RuntimeLibraries) FOREACH(hfile ${HEADERS}) INSTALL(FILES ${CMAKE_SOURCE_DIR}/include/${hfile} DESTINATION include/bt-service) diff --git a/bt-api/bt-common.c b/bt-api/bt-common.c index 4dc7385..7be1d0f 100644 --- a/bt-api/bt-common.c +++ b/bt-api/bt-common.c @@ -22,6 +22,7 @@ #include #include #include +#include #include "bluetooth-api.h" #include "bluetooth-audio-api.h" @@ -35,6 +36,8 @@ static bt_user_info_t user_info[BT_MAX_USER_INFO]; static DBusGConnection *system_conn = NULL; +static char *cookie; +static size_t cookie_size; void _bt_print_device_address_t(const bluetooth_device_address_t *addr) { @@ -313,6 +316,39 @@ DBusConnection *_bt_get_system_conn(void) return dbus_g_connection_get_connection(g_conn); } +static void __bt_generate_cookie(void) +{ + int retval; + + ret_if(cookie != NULL); + + cookie_size = security_server_get_cookie_size(); + + cookie = g_malloc0((cookie_size*sizeof(char))+1); + + retval = security_server_request_cookie(cookie, cookie_size); + if(retval < 0) { + BT_ERR("Fail to get cookie: %d", retval); + } +} + +static void __bt_destroy_cookie(void) +{ + g_free(cookie); + cookie = NULL; + cookie_size = 0; +} + +char *_bt_get_cookie(void) +{ + return cookie; +} + +int _bt_get_cookie_size(void) +{ + return cookie_size; +} + BT_EXPORT_API int bluetooth_is_supported(void) { int is_supported = 0; @@ -371,6 +407,8 @@ BT_EXPORT_API int bluetooth_register_callback(bluetooth_cb_func_ptr callback_ptr return ret; } + __bt_generate_cookie(); + _bt_set_user_data(BT_COMMON, (void *)callback_ptr, user_data); /* Register All events */ @@ -385,6 +423,8 @@ BT_EXPORT_API int bluetooth_register_callback(bluetooth_cb_func_ptr callback_ptr BT_EXPORT_API int bluetooth_unregister_callback(void) { + __bt_destroy_cookie(); + _bt_unregister_event(BT_ADAPTER_EVENT); _bt_unregister_event(BT_DEVICE_EVENT); _bt_unregister_event(BT_NETWORK_EVENT); diff --git a/bt-api/bt-request-sender.c b/bt-api/bt-request-sender.c index 2438cb3..cafd584 100644 --- a/bt-api/bt-request-sender.c +++ b/bt-api/bt-request-sender.c @@ -293,6 +293,7 @@ int _bt_send_request(int service_type, int service_function, GArray **out_param1) { int result = BLUETOOTH_ERROR_NONE; + char *cookie; gboolean ret; GError *error = NULL; GArray *in_param5 = NULL; @@ -307,6 +308,13 @@ int _bt_send_request(int service_type, int service_function, in_param5 = g_array_new(FALSE, FALSE, sizeof(gchar)); + cookie = _bt_get_cookie(); + + if (cookie) { + g_array_append_vals(in_param5, cookie, + _bt_get_cookie_size()); + } + ret = org_projectx_bt_service_request(proxy, service_type, service_function, BT_SYNC_REQ, in_param1, in_param2, diff --git a/bt-api/include/bt-common.h b/bt-api/include/bt-common.h index 1183ca4..63db823 100644 --- a/bt-api/include/bt-common.h +++ b/bt-api/include/bt-common.h @@ -226,6 +226,10 @@ DBusGConnection *_bt_get_system_gconn(void); DBusConnection *_bt_get_system_conn(void); +char *_bt_get_cookie(void); + +int _bt_get_cookie_size(void); + #ifdef __cplusplus } #endif /* __cplusplus */ diff --git a/bt-service/CMakeLists.txt b/bt-service/CMakeLists.txt index 6a6be0a..ad0c38d 100644 --- a/bt-service/CMakeLists.txt +++ b/bt-service/CMakeLists.txt @@ -35,7 +35,7 @@ INCLUDE_DIRECTORIES(${CMAKE_CURRENT_SOURCE_DIR}/include) INCLUDE(FindPkgConfig) pkg_check_modules(service_pkgs REQUIRED vconf aul vconf syspopup-caller dbus-glib-1 capi-network-tethering -libprivilege-control status alarm-service notification) +libprivilege-control status alarm-service notification security-server) FOREACH(flag ${service_pkgs_CFLAGS}) SET(EXTRA_CFLAGS "${EXTRA_CFLAGS} ${flag} -Wall") diff --git a/bt-service/bt-request-handler.c b/bt-service/bt-request-handler.c index 164e931..5deb175 100644 --- a/bt-service/bt-request-handler.c +++ b/bt-service/bt-request-handler.c @@ -23,6 +23,7 @@ #include #include #include +#include #include "bluetooth-api.h" #include "bt-service-common.h" @@ -809,6 +810,126 @@ static int __bt_obexd_request(int function_name, return result; } +gboolean __bt_service_check_privilege(int function_name, + int service_type, + GArray *in_param5) +{ + const char *cookie; + int ret_val; + gboolean result = TRUE; + + cookie = (const char *)&g_array_index(in_param5, char, 0); + + retv_if(cookie == NULL, TRUE); + + if (service_type == BT_OBEX_SERVICE) { + ret_val = security_server_check_privilege_by_cookie(cookie, + BT_PRIVILEGE_OPP, "w"); + if (ret_val == SECURITY_SERVER_API_ERROR_ACCESS_DENIED) { + BT_ERR("[SMACK] Fail to access: %s", BT_PRIVILEGE_OPP); + return FALSE; + } else { + return TRUE; + } + } + + switch (function_name) { + case BT_SET_DISCOVERABLE_MODE: + ret_val = security_server_check_privilege_by_cookie(cookie, + BT_PRIVILEGE_MANAGER, "w"); + if (ret_val == SECURITY_SERVER_API_ERROR_ACCESS_DENIED) { + BT_ERR("[SMACK] Fail to access: %s", BT_PRIVILEGE_MANAGER); + result = FALSE; + } + break; + case BT_ENABLE_ADAPTER: + case BT_DISABLE_ADAPTER: + case BT_CHECK_ADAPTER: + case BT_SET_LOCAL_NAME: + ret_val = security_server_check_privilege_by_cookie(cookie, + BT_PRIVILEGE_ADMIN, "w"); + if (ret_val == SECURITY_SERVER_API_ERROR_ACCESS_DENIED) { + BT_ERR("[SMACK] Fail to access: %s", BT_PRIVILEGE_ADMIN); + result = FALSE; + } + break; + case BT_START_DISCOVERY: + case BT_CANCEL_DISCOVERY: + case BT_BOND_DEVICE: + case BT_CANCEL_BONDING: + case BT_UNBOND_DEVICE: + case BT_SEARCH_SERVICE: + ret_val = security_server_check_privilege_by_cookie(cookie, + BT_PRIVILEGE_GAP, "w"); + if (ret_val == SECURITY_SERVER_API_ERROR_ACCESS_DENIED) { + BT_ERR("[SMACK] Fail to access: %s", BT_PRIVILEGE_GAP); + result = FALSE; + } + break; + + case BT_RFCOMM_CLIENT_CONNECT: + case BT_RFCOMM_CLIENT_CANCEL_CONNECT: + case BT_RFCOMM_SOCKET_DISCONNECT: + case BT_RFCOMM_SOCKET_WRITE: + case BT_RFCOMM_CREATE_SOCKET: + case BT_RFCOMM_REMOVE_SOCKET: + case BT_RFCOMM_LISTEN: + case BT_RFCOMM_ACCEPT_CONNECTION: + case BT_RFCOMM_REJECT_CONNECTION: + ret_val = security_server_check_privilege_by_cookie(cookie, + BT_PRIVILEGE_SPP, "w"); + if (ret_val == SECURITY_SERVER_API_ERROR_ACCESS_DENIED) { + BT_ERR("[SMACK] Fail to access: %s", BT_PRIVILEGE_SPP); + result = FALSE; + } + break; + case BT_GET_LOCAL_NAME: + case BT_RESET_ADAPTER: + case BT_GET_LOCAL_ADDRESS: + case BT_IS_SERVICE_USED: + case BT_GET_DISCOVERABLE_MODE: + case BT_GET_DISCOVERABLE_TIME: + case BT_IS_DISCOVERYING: + case BT_GET_BONDED_DEVICES: + case BT_GET_BONDED_DEVICE: + case BT_SET_ALIAS: + case BT_CANCEL_SEARCH_SERVICE: + case BT_SET_AUTHORIZATION: + case BT_IS_DEVICE_CONNECTED: + case BT_HID_CONNECT: + case BT_HID_DISCONNECT: + case BT_NETWORK_ACTIVATE: + case BT_NETWORK_DEACTIVATE: + case BT_NETWORK_CONNECT: + case BT_NETWORK_DISCONNECT: + case BT_AUDIO_CONNECT: + case BT_AUDIO_DISCONNECT: + case BT_AG_CONNECT: + case BT_AG_DISCONNECT: + case BT_AV_CONNECT: + case BT_AV_DISCONNECT: + case BT_GET_SPEAKER_GAIN: + case BT_SET_SPEAKER_GAIN: + case BT_OOB_READ_LOCAL_DATA: + case BT_OOB_ADD_REMOTE_DATA: + case BT_OOB_REMOVE_REMOTE_DATA: + case BT_AVRCP_SET_TRACK_INFO: + case BT_AVRCP_SET_PROPERTY: + case BT_AVRCP_SET_PROPERTIES: + case BT_RFCOMM_CLIENT_IS_CONNECTED: + case BT_RFCOMM_IS_UUID_AVAILABLE: + /* Non-privilege control */ + BT_DBG("Non-privilege control"); + break; + default: + BT_ERR("Unknown function!"); + result = FALSE; + break; + } + + return result; +} + gboolean bt_service_request( BtService *service, int service_type, @@ -829,6 +950,12 @@ gboolean bt_service_request( out_param1 = g_array_new(FALSE, FALSE, sizeof(gchar)); out_param2 = g_array_new(FALSE, FALSE, sizeof(gchar)); + if (__bt_service_check_privilege(service_function, + service_type, in_param5) == FALSE) { + + /* Will return access error! */ + } + if (request_type == BT_ASYNC_REQ || service_function == BT_OBEX_SERVER_ACCEPT_CONNECTION || service_function == BT_RFCOMM_ACCEPT_CONNECTION) { diff --git a/bt-service/include/bt-service-common.h b/bt-service/include/bt-service-common.h index 9d69326..489cacc 100644 --- a/bt-service/include/bt-service-common.h +++ b/bt-service/include/bt-service-common.h @@ -131,6 +131,14 @@ extern "C" { #define BT_FREEDESKTOP_INTERFACE "org.freedesktop.DBus" #define BT_FREEDESKTOP_PATH "/org/freedesktop/DBus" +/* Privilege */ +#define BT_PRIVILEGE_MANAGER "bt-service::manager" +#define BT_PRIVILEGE_ADMIN "bt-service::admin" +#define BT_PRIVILEGE_GAP "bt-service::gap" +#define BT_PRIVILEGE_OPP "bt-service::opp" +#define BT_PRIVILEGE_SPP "bt-service::spp" +#define BT_PRIVILEGE_HEALTH "bt-service::health" + typedef enum { BT_OBEX_SERVER = 0x00, BT_RFCOMM_SERVER = 0x01, diff --git a/packaging/bluetooth-frwk.spec b/packaging/bluetooth-frwk.spec index 5c7cf75..363599f 100644 --- a/packaging/bluetooth-frwk.spec +++ b/packaging/bluetooth-frwk.spec @@ -22,6 +22,7 @@ BuildRequires: pkgconfig(libprivilege-control) BuildRequires: pkgconfig(status) BuildRequires: pkgconfig(alarm-service) BuildRequires: pkgconfig(notification) +BuildRequires: pkgconfig(security-server) BuildRequires: cmake Requires(post): vconf -- 2.7.4