From 0651799339f7d989218ca9ef9a811f787a10fb0a Mon Sep 17 00:00:00 2001 From: Jaemin Ryu Date: Thu, 10 Aug 2017 13:29:11 +0900 Subject: [PATCH 2/6] Add zone policy Change-Id: I5fd8e3f87c5710d1a30ed8b4aafba9c37aef1cb4 Signed-off-by: Jaemin Ryu --- CMakeLists.txt | 85 +++++++++++++++++++++++++ api/CMakeLists.txt | 48 +++++++++++++++ api/dpm-zone.pc.in | 13 ++++ api/zone.cpp | 101 ++++++++++++++++++++++++++++++ api/zone.h | 160 ++++++++++++++++++++++++++++++++++++++++++++++++ dpm-zone.manifest | 5 ++ packaging/dpm-zone.spec | 77 +++++++++++++++++++++++ plugin/CMakeLists.txt | 34 ++++++++++ plugin/zone.cpp | 158 +++++++++++++++++++++++++++++++++++++++++++++++ 9 files changed, 681 insertions(+) create mode 100755 CMakeLists.txt create mode 100755 api/CMakeLists.txt create mode 100644 api/dpm-zone.pc.in create mode 100755 api/zone.cpp create mode 100644 api/zone.h create mode 100644 dpm-zone.manifest create mode 100755 packaging/dpm-zone.spec create mode 100755 plugin/CMakeLists.txt create mode 100644 plugin/zone.cpp diff --git a/CMakeLists.txt b/CMakeLists.txt new file mode 100755 index 0000000..a786284 --- /dev/null +++ b/CMakeLists.txt @@ -0,0 +1,85 @@ +# +# Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +CMAKE_MINIMUM_REQUIRED(VERSION 2.8) + +PROJECT(dpm-zone) + +IF(NOT DEFINED VERSION) + SET(VERSION "0.0.1") +ENDIF(NOT DEFINED VERSION) + +INCLUDE(FindPkgConfig) + +IF(NOT CMAKE_BUILD_TYPE) + SET(CMAKE_BUILD_TYPE "DEBUG") +ENDIF(NOT CMAKE_BUILD_TYPE) + +SET(DPM_API ${PROJECT_SOURCE_DIR}/api) +SET(DPM_PLUGIN ${PROJECT_SOURCE_DIR}/plugin) + +IF("${CMAKE_CXX_COMPILER_ID}" STREQUAL "GNU" AND CMAKE_CXX_COMPILER_VERSION VERSION_LESS 4.7) + SET(CXX_STD "c++0x") +else() + SET(CXX_STD "c++11") +endif() + +SET(COMPILE_BASE_FLAGS "-g -fPIC -Werror -Wall -Wl,--as-needed -Wl,--no-whole-archive") +SET(CMAKE_C_FLAGS_PROFILING "${COMPILE_BASE_FLAGS} -O0 -pg") +SET(CMAKE_CXX_FLAGS_PROFILING "${COMPILE_BASE_FLAGS} -O0 -pg -std=${CXX_STD} -fno-rtti") +SET(CMAKE_C_FLAGS_DEBUG "${COMPILE_BASE_FLAGS} -O0 -ggdb") +SET(CMAKE_CXX_FLAGS_DEBUG "${COMPILE_BASE_FLAGS} -O0 -ggdb -std=${CXX_STD} -fno-rtti") +SET(CMAKE_C_FLAGS_RELEASE "${COMPILE_BASE_FLAGS} -O2 -DNDEBUG") +SET(CMAKE_CXX_FLAGS_RELEASE "${COMPILE_BASE_FLAGS} -O2 -DNDEBUG -std=${CXX_STD} -fno-rtti") +SET(CMAKE_C_FLAGS_CCOV "${COMPILE_BASE_FLAGS} -O0 --coverage") +SET(CMAKE_CXX_FLAGS_CCOV "${COMPILE_BASE_FLAGS} -O0 --coverage -std=${CXX_STD} -fno-rtti") + +IF(NOT DEFINED LIB_INSTALL_DIR) + SET(LIB_INSTALL_DIR "${CMAKE_INSTALL_LIBDIR}") +ENDIF(NOT DEFINED LIB_INSTALL_DIR) + +IF(NOT DEFINED INCLUDE_INSTALL_DIR) + SET(INCLUDE_INSTALL_DIR "${CMAKE_INSTALL_INCLUDEDIR}") +ENDIF(NOT DEFINED INCLUDE_INSTALL_DIR) + +IF(NOT DEFINED CONF_INSTALL_DIR) + SET(CONF_INSTALL_DIR "${SYSCONF_INSTALL_DIR}/dpm") +ENDIF(NOT DEFINED CONF_INSTALL_DIR) + +IF(NOT DEFINED DATA_INSTALL_DIR) + SET(DATA_INSTALL_DIR "${CMAKE_INSTALL_PREFIX}/share/dpm") +ENDIF(NOT DEFINED DATA_INSTALL_DIR) + +IF(NOT DEFINED DB_INSTALL_DIR) + SET(DB_INSTALL_DIR "${CMAKE_INSTALL_PREFIX}/dbspace") +ENDIF(NOT DEFINED DB_INSTALL_DIR) + +IF(NOT DEFINED RUN_INSTALL_DIR) + SET(RUN_INSTALL_DIR "/var/run") +ENDIF(NOT DEFINED RUN_INSTALL_DIR) + +IF(NOT DEFINED PAMD_INSTALL_DIR) + SET(PAMD_INSTALL_DIR "${SYSCONF_INSTALL_DIR}/pam.d") +ENDIF(NOT DEFINED PAMD_INSTALL_DIR) + +IF(NOT DEFINED SYSTEMD_UNIT_INSTALL_DIR) + SET(SYSTEMD_UNIT_INSTALL_DIR "${CMAKE_INSTALL_PREFIX}/lib/systemd/system") +ENDIF(NOT DEFINED SYSTEMD_UNIT_INSTALL_DIR) + +ADD_DEFINITIONS(-DUG_WAYLAND) + +ADD_SUBDIRECTORY(${DPM_PLUGIN}) +ADD_SUBDIRECTORY(${DPM_API}) diff --git a/api/CMakeLists.txt b/api/CMakeLists.txt new file mode 100755 index 0000000..2dc179a --- /dev/null +++ b/api/CMakeLists.txt @@ -0,0 +1,48 @@ +# +# Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +SET(TARGET ${PROJECT_NAME}) +SET(PC_FILE "${TARGET}.pc") + +SET(LIB_VERSION "${VERSION}") +SET(LIB_SOVERSION "0") + +SET(API_SOURCES "zone.cpp") +SET(API_HEADERS "zone.h") + +SET(DEPENDENCY klay + dpm-pil + capi-base-common + capi-system-info +) + +PKG_CHECK_MODULES(API_DEPS REQUIRED ${DEPENDENCY}) + +SET (CMAKE_SHARED_LINKER_FLAGS "${CMAKE_SHARED_LINKER_FLAGS} -Wl,-z,noexecstack") + +ADD_LIBRARY(${TARGET} SHARED ${API_SOURCES}) + +SET_TARGET_PROPERTIES(${TARGET} PROPERTIES COMPILE_FLAGS "-fvisibility=default") +SET_TARGET_PROPERTIES(${TARGET} PROPERTIES SOVERSION ${LIB_SOVERSION}) +SET_TARGET_PROPERTIES(${TARGET} PROPERTIES VERSION ${LIB_VERSION}) + +INCLUDE_DIRECTORIES(SYSTEM ${API_DEPS_INCLUDE_DIRS}) +TARGET_LINK_LIBRARIES(${TARGET} ${API_DEPS_LIBRARIES} pthread) + +CONFIGURE_FILE(${PC_FILE}.in ${CMAKE_BINARY_DIR}/${PC_FILE} @ONLY) + +INSTALL(FILES ${CMAKE_BINARY_DIR}/${PC_FILE} DESTINATION ${LIB_INSTALL_DIR}/pkgconfig) +INSTALL(TARGETS ${TARGET} DESTINATION ${LIB_INSTALL_DIR} COMPONENT RuntimeLibraries) +#INSTALL(FILES ${API_HEADERS} DESTINATION ${INCLUDE_INSTALL_DIR}/dpm) diff --git a/api/dpm-zone.pc.in b/api/dpm-zone.pc.in new file mode 100644 index 0000000..fcd9999 --- /dev/null +++ b/api/dpm-zone.pc.in @@ -0,0 +1,13 @@ +# Package Information for pkg-config + +prefix=@CMAKE_INSTALL_PREFIX@ +exec_prefix=@CMAKE_INSTALL_PREFIX@ +libdir=@LIB_INSTALL_DIR@ +includedir=@INCLUDE_INSTALL_DIR@ + +Name: Zone policy module +Description: Zone policy module for device policy manager +Version: @VERSION@ +Libs: -L${libdir} -ldpm-zone +Cflags: -I${includedir}/dpm + diff --git a/api/zone.cpp b/api/zone.cpp new file mode 100755 index 0000000..3caf419 --- /dev/null +++ b/api/zone.cpp @@ -0,0 +1,101 @@ +/* + * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ + +#include +#include + +#include + +#include "zone.h" + +EXPORT_API int dpm_zone_create(device_policy_manager_h handle, const char* name, const char* pkgname) +{ + RET_ON_FAILURE(handle, DPM_ERROR_INVALID_PARAMETER); + RET_ON_FAILURE(name, DPM_ERROR_INVALID_PARAMETER); + RET_ON_FAILURE(pkgname, DPM_ERROR_INVALID_PARAMETER); + + DevicePolicyClient &client = GetDevicePolicyClient(handle); + + try { + Status status { -1 }; + status = client.methodCall("Zone::create", name, pkgname); + return status.get(); + } catch (...) { + return -1; + } +} + +EXPORT_API int dpm_zone_destroy(device_policy_manager_h handle, const char* name) +{ + RET_ON_FAILURE(handle, DPM_ERROR_INVALID_PARAMETER); + RET_ON_FAILURE(name, DPM_ERROR_INVALID_PARAMETER); + + DevicePolicyClient &client = GetDevicePolicyClient(handle); + + try { + Status status { -1 }; + status = client.methodCall("Zone::remove", name); + return status.get(); + } catch (...) { + return -1; + } +} + +EXPORT_API int dpm_zone_get_state(device_policy_manager_h handle, const char* name, dpm_zone_state_e *state) +{ + RET_ON_FAILURE(handle, DPM_ERROR_INVALID_PARAMETER); + RET_ON_FAILURE(name, DPM_ERROR_INVALID_PARAMETER); + RET_ON_FAILURE(state, DPM_ERROR_INVALID_PARAMETER); + + DevicePolicyClient &client = GetDevicePolicyClient(handle); + + try { + Status status { 0 }; + status = client.methodCall("KratePolicy::getState", name); + if (status.get() == 0) { + return DPM_ERROR_NO_DATA; + } + + *state = (dpm_zone_state_e)status.get(); + } catch (...) { + return -1; + } + + return DPM_ERROR_NONE; +} + +EXPORT_API int dpm_zone_foreach_name(device_policy_manager_h handle, dpm_zone_state_e state, + dpm_zone_foreach_name_cb callback, void* user_data) +{ + RET_ON_FAILURE(handle, DPM_ERROR_INVALID_PARAMETER); + RET_ON_FAILURE(callback, DPM_ERROR_INVALID_PARAMETER); + + DevicePolicyClient &client = GetDevicePolicyClient(handle); + + try { + Status> status { std::vector() }; + status = client.methodCall>("Zone::enumerate", (int)state); + + for (const std::string& name : status.get()) { + if (!callback(name.c_str(), user_data)) + break; + } + } catch (...) { + return -1; + } + + return DPM_ERROR_NONE; +} diff --git a/api/zone.h b/api/zone.h new file mode 100644 index 0000000..16bf233 --- /dev/null +++ b/api/zone.h @@ -0,0 +1,160 @@ +/* + * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ + +#ifndef __CAPI_DPM_ZONE_POLICY_H__ +#define __CAPI_DPM_ZONE_POLICY_H__ + +typedef void * device_policy_manager_h; + +/** + * @file zone.h + * @brief This file provides APIs to control zones + */ + +#ifdef __cplusplus +extern "C" { +#endif + +/** + * @addtogroup CAPI_DPM_ZONE_POLICY_MODULE + * @{ + */ + +/** + * @partner + * @brief Creates a new zone. + * @details An administrator can use this API to create a container. Once the container + * is created, the admin package given to the parameter will be installed inside + * the container. Then ownership of the container gets transferred to the admin + * package from the client which triggered the container creation process. + * @since_tizen 3.0 + * @privlevel partner + * @privilege %http://tizen.org/privilege/dpm.zone + * @param[in] handle Device policy manager handle + * @param[in] name The zone name to be created + * @param[in] pkgname Admin package container ownership will be transferred + * @return #DPM_ERROR_NONE on success, otherwise a negative value + * @retval #DPM_ERROR_NONE Successful + * @retval #DPM_ERROR_INVALID_PARAMETER Invalid parameter + * @retval #DPM_ERROR_TIMED_OUT Time out + * @retval #DPM_ERROR_NOT_PERMITTED Operation not permitted + * @retval #DPM_ERROR_PERMISSION_DENIED The application does not have + * the privilege to call this API + * @pre The handle must be created by dpm_manager_create(). + * @see dpm_manager_create() + * @see dpm_zone_destroy() + * @see dpm_zone_create_iterator() + */ +int dpm_zone_create(device_policy_manager_h handle, const char* name, const char* pkgname); + +/** + * @partner + * @brief Removes existing zone. + * @details Administrator can use this API to remove zone. All file system objects + * created for the zone will be also erased. + * @since_tizen 3.0 + * @privlevel partner + * @privilege %http://tizen.org/privilege/dpm.zone + * @param[in] handle Device policy manager handle + * @param[in] name The zone name to be removed + * @return #DPM_ERROR_NONE on success, otherwise a negative value + * @retval #DPM_ERROR_NONE Successful + * @retval #DPM_ERROR_INVALID_PARAMETER Invalid parameter + * @retval #DPM_ERROR_TIMED_OUT Time out + * @retval #DPM_ERROR_PERMISSION_DENIED The application does not have + * the privilege to call this API or the caller is not the owner + * of the zone + * @pre The handle must be created by dpm_manager_create(). + * @pre The zone corresponding to the given name must be + * created before use of this API. + * @see dpm_manager_create() + * @see dpm_zone_create() + * @see dpm_zone_create_iterator() + */ +int dpm_zone_destroy(device_policy_manager_h handle, const char* name); + +/** + * @brief Enumeration for zone state + * @since_tizen 3.0 + */ +typedef enum { + DPM_ZONE_STATE_LOCKED = 0x01, /**< Zone has been defined, but it can not start. */ + DPM_ZONE_STATE_RUNNING = 0x02, /**< Zone has been started. */ + DPM_ZONE_STATE_ALL = 0xff /**< This presents all of the state */ +} dpm_zone_state_e; + +/** + * @brief Gets the zone state. + * @details This API can be used to get the state of the zone. The zone can + * have one of the three states(running, locked). + * @since_tizen 3.0 + * @param[in] handle Device policy manager handle + * @param[in] name The zone name + * @param[out] state The zone state + * @return #DPM_ERROR_NONE on success, otherwise a negative value + * @retval #DPM_ERROR_NONE Successful + * @retval #DPM_ERROR_NO_DATA No such zone to get state + * @retval #DPM_ERROR_INVALID_PARAMETER Invalid parameter + * @retval #DPM_ERROR_TIMED_OUT Time out + * @pre The handle must be created by dpm_manager_create(). + * @see dpm_manager_create() + * @see dpm_zone_create() + * @see dpm_zone_destroy() + */ +int dpm_zone_get_state(device_policy_manager_h handle, const char* name, dpm_zone_state_e *state); + +/** + * @brief Called to get all the name of created zones. + * @since_tizen 3.0 + * @param[in] name The zone name + * @param[in] user_data The user data passed from dpm_zone_foreach_name + * @return true to continue with the next iteration of the loop, otherwise false to break out out the loop + * @see dpm_zone_foreach_name() + */ +typedef bool(*dpm_zone_foreach_name_cb)(const char* name, void *user_data); + +/** + * @brief Retrieves all the name of created zones + * @details This API calls dpm_zone_foreach_cb() once for each zone name + * with traversing the created zones list. + * @since_tizen 3.0 + * @param[in] handle Device policy manager handle + * @param[in] state a combination of the zone state to look + * @param[in] callback The iteration callback function + * @param[in] user_data The user data passed to the callback function + * @return #DPM_ERROR_NONE on success, otherwise a negative value + * @retval #DPM_ERROR_NONE Successful + * @retval #DPM_ERROR_TIMED_OUT Time out + * @retval #DPM_ERROR_INVALID_PARAMETER Invalid parameter + * @pre The handle must be created by dpm_manager_create(). + * @see dpm_manager_create() + * @see dpm_zone_create() + * @see dpm_zone_destroy() + */ +int dpm_zone_foreach_name(device_policy_manager_h handle, + dpm_zone_state_e state, + dpm_zone_foreach_name_cb callback, void* user_data); + + +/** + * @} + */ + +#ifdef __cplusplus +} +#endif + +#endif /* __CAPI_DPM_ZONE_POLICY__ */ diff --git a/dpm-zone.manifest b/dpm-zone.manifest new file mode 100644 index 0000000..a76fdba --- /dev/null +++ b/dpm-zone.manifest @@ -0,0 +1,5 @@ + + + + + diff --git a/packaging/dpm-zone.spec b/packaging/dpm-zone.spec new file mode 100755 index 0000000..fad7bcf --- /dev/null +++ b/packaging/dpm-zone.spec @@ -0,0 +1,77 @@ +Name: dpm-zone +Version: 1.0.1 +Release: 0 +License: Apache-2.0 +Source0: %{name}-%{version}.tar.gz +Summary: Tizen Device Policy Manager Zone Policy Module +Group: Security/Other +BuildRequires: gcc +BuildRequires: cmake +BuildRequires: gettext-tools +BuildRequires: pkgconfig(klay) +BuildRequires: pkgconfig(dpm-pil) +BuildRequires: pkgconfig(krate) +BuildRequires: pkgconfig(capi-system-info) +BuildRequires: pkgconfig(capi-base-common) + +%description +The dpm-zone package provides zone policy module for device policy manager + +%files +%manifest dpm-zone.manifest +%defattr(644,root,root,755) +%attr(755,root,root) /opt/data/dpm/plugins/zone +%attr(755,root,root) %{_libdir}/libdpm-zone.so.%{version} +%{_libdir}/libdpm-zone.so.0 + +%prep +%setup -q + +%build +%{!?build_type:%define build_type "RELEASE"} + +%if %{build_type} == "DEBUG" || %{build_type} == "PROFILING" || %{build_type} == "CCOV" + CFLAGS="$CFLAGS -Wp,-U_FORTIFY_SOURCE" + CXXFLAGS="$CXXFLAGS -Wp,-U_FORTIFY_SOURCE" +%endif + +%cmake . -DVERSION=%{version} \ + -DCMAKE_BUILD_TYPE=%{build_type} \ + -DSCRIPT_INSTALL_DIR=%{_scriptdir} \ + -DSYSTEMD_UNIT_INSTALL_DIR=%{_unitdir} \ + -DDATA_INSTALL_DIR=%{TZ_SYS_DATA}/dpm \ + -DDB_INSTALL_DIR=%{TZ_SYS_DB} \ + -DRUN_INSTALL_DIR=%{TZ_SYS_RUN} \ + -DAPP_INSTALL_PREFIX="%{TZ_SYS_RO_APP}" \ + -DAPP_SHARE_PACKAGES_DIR="%{TZ_SYS_RO_PACKAGES}" \ + +make %{?jobs:-j%jobs} + +%install +%make_install + +%clean +rm -rf %{buildroot} + +%post + +%preun + +%postun + +## Devel Package ############################################################## +%package -n libdpm-zone-devel +Summary: Libraries and header files for device policy client development +Group: Development/Libraries +Requires: device-policy-manager = %{version}-%{release} + +%description -n libdpm-zone-devel +The libdpm-zone-devel package includes the libraries and header files necessary for +developing the DPM client program. + +%files -n libdpm-zone-devel +%manifest dpm-zone.manifest +%defattr(644,root,root,755) +%{_libdir}/libdpm-zone.so +%{_libdir}/pkgconfig/dpm-zone.pc +#%{_includedir}/dpm diff --git a/plugin/CMakeLists.txt b/plugin/CMakeLists.txt new file mode 100755 index 0000000..7ec6e64 --- /dev/null +++ b/plugin/CMakeLists.txt @@ -0,0 +1,34 @@ +# +# Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +SET(TARGET "dpm-plugin-zone") + +SET(PLUGIN_SOURCES "zone.cpp") + +SET(DEPENDENCY klay + dpm-pil + krate +) + +PKG_CHECK_MODULES(PLUGIN_DEPS REQUIRED ${DEPENDENCY}) + +SET (CMAKE_SHARED_LINKER_FLAGS "${CMAKE_SHARED_LINKER_FLAGS} -Wl,-z,noexecstack") + +ADD_LIBRARY(${TARGET} SHARED ${PLUGIN_SOURCES}) +SET_TARGET_PROPERTIES(${TARGET} PROPERTIES COMPILE_FLAGS "-fvisibility=default") +INCLUDE_DIRECTORIES(SYSTEM ${PLUGIN_DEPS_INCLUDE_DIRS}) +TARGET_LINK_LIBRARIES(${TARGET} ${PLUGIN_DEPS_LIBRARIES}) + +INSTALL(FILES libdpm-plugin-zone.so RENAME zone DESTINATION /opt/data/dpm/plugins) diff --git a/plugin/zone.cpp b/plugin/zone.cpp new file mode 100644 index 0000000..c22049f --- /dev/null +++ b/plugin/zone.cpp @@ -0,0 +1,158 @@ +/* + * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ + +#include +#include +#include + +#include +#include +#include + +#include +#include +#include + +#include +#include +#include +#include +#include + +#define NAME_PATTERN "^[A-Za-z_][A-Za-z0-9_.-]*" + +namespace { + +std::regex krateNamePattern(NAME_PATTERN); + +bool foreachKrateCallback(const char* name, void* user_data) +{ + auto pList = (std::vector*)user_data; + pList->push_back(name); + return true; +} + +bool isAllowedName(const std::string& name) +{ + if (!std::regex_match(name, krateNamePattern)) { + return false; + } + + bool exists; + try { + runtime::User user(name); + exists = true; + } catch (runtime::Exception& e) { + exists = false; + } + + return !exists; +} + +} // namespace + + +class Zone : public AbstractPolicyProvider { +public: + int create(const std::string& name, const std::string& setupWizAppid); + int remove(const std::string& name); + int getState(const std::string& name); + std::vector enumerate(int state); +}; + +int Zone::create(const std::string& name, const std::string& setupWizAppid) +{ + if (!isAllowedName(name)) { + return -1; + } + + try { + Bundle bundle; + bundle.add("id", "krate-create"); + bundle.add("user-data", name); + + Launchpad launchpad(rmi::Service::getPeerUid()); + launchpad.launch("org.tizen.dpm-syspopup", bundle); + } catch (runtime::Exception& e) { + ERROR(e.what()); + return -1; + } + + return 0; +} + +int Zone::remove(const std::string& name) +{ + if (getState(name) == 0) { + return -1; + } + + try { + Bundle bundle; + bundle.add("id", "krate-remove"); + bundle.add("user-data", name); + + Launchpad launchpad(rmi::Service::getPeerUid()); + launchpad.launch("org.tizen.dpm-syspopup", bundle); + } catch (runtime::Exception& e) { + ERROR(e.what()); + return -1; + } + + return 0; +} + +int Zone::getState(const std::string& name) +{ + krate_state_e state = (krate_state_e)0; + krate_manager_h krate_manager; + + krate_manager_create(&krate_manager); + krate_manager_get_krate_state(krate_manager, name.c_str(), &state); + krate_manager_destroy(krate_manager); + + return (int)state; +} + +std::vector Zone::enumerate(int state) +{ + std::vector list; + krate_manager_h krate_manager; + + krate_manager_create(&krate_manager); + krate_manager_foreach_name(krate_manager, (krate_state_e)state, foreachKrateCallback, &list); + krate_manager_destroy(krate_manager); + + return list; +} + +extern "C" { + +#define PRIVILEGE "http://tizen.org/privilege/dpm.zone" + +AbstractPolicyProvider *PolicyFactory(PolicyControlContext& context) +{ + Zone *policy = new Zone(); + + context.expose(policy, PRIVILEGE, (int)(Zone::create)(std::string, std::string)); + context.expose(policy, PRIVILEGE, (int)(Zone::remove)(std::string)); + context.expose(policy, "", (int)(Zone::getState)(std::string)); + context.expose(policy, "", (std::vector)(Zone::enumerate)(int)); + + return policy; +} + +} // extern "C" -- 2.7.4 From 3f496fda447df3830388f510299c874d3de38fdb Mon Sep 17 00:00:00 2001 From: Sungbae Yoo Date: Tue, 26 Sep 2017 19:16:48 +0900 Subject: [PATCH 3/6] Add a license file Change-Id: I745a475e201d5c2ca7890b8afd5f57be9d81a911 Signed-off-by: Sungbae Yoo --- LICENSE | 204 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 204 insertions(+) create mode 100644 LICENSE diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..26b7de6 --- /dev/null +++ b/LICENSE @@ -0,0 +1,204 @@ +Copyright (c) 2015 Samsung Electronics Co., Ltd. All rights reserved. + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + -- 2.7.4 From 6e448a8c1542fa28f5079a6156f24e3732e66b0a Mon Sep 17 00:00:00 2001 From: Jaemin Ryu Date: Tue, 31 Oct 2017 14:54:16 +0900 Subject: [PATCH 4/6] Include device-policy-manager.h for the shared types Change-Id: I3b3ab191069276ba249ba3d6761893dbc7723115 Signed-off-by: Jaemin Ryu --- api/zone.cpp | 6 ++++++ api/zone.h | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/api/zone.cpp b/api/zone.cpp index 3caf419..8b45bae 100755 --- a/api/zone.cpp +++ b/api/zone.cpp @@ -21,6 +21,12 @@ #include "zone.h" +#define RET_ON_FAILURE(cond, ret) \ +{ \ + if (!(cond)) \ + return (ret); \ +} + EXPORT_API int dpm_zone_create(device_policy_manager_h handle, const char* name, const char* pkgname) { RET_ON_FAILURE(handle, DPM_ERROR_INVALID_PARAMETER); diff --git a/api/zone.h b/api/zone.h index 16bf233..c69588f 100644 --- a/api/zone.h +++ b/api/zone.h @@ -17,7 +17,7 @@ #ifndef __CAPI_DPM_ZONE_POLICY_H__ #define __CAPI_DPM_ZONE_POLICY_H__ -typedef void * device_policy_manager_h; +#include /** * @file zone.h -- 2.7.4 From 22f9174b0593f5e8a96fc2de96f79866f71624a6 Mon Sep 17 00:00:00 2001 From: Jaemin Ryu Date: Thu, 26 Jul 2018 15:30:46 +0900 Subject: [PATCH 5/6] Change plugin path to %{_libdir}/dpm/plugins Change-Id: I808b13a111bfc5b4579321a0e6b9d4ad1c178de2 Signed-off-by: Jaemin Ryu --- CMakeLists.txt | 4 ++++ packaging/dpm-zone.spec | 3 ++- plugin/CMakeLists.txt | 2 +- 3 files changed, 7 insertions(+), 2 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index a786284..a1fd7fa 100755 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -79,6 +79,10 @@ IF(NOT DEFINED SYSTEMD_UNIT_INSTALL_DIR) SET(SYSTEMD_UNIT_INSTALL_DIR "${CMAKE_INSTALL_PREFIX}/lib/systemd/system") ENDIF(NOT DEFINED SYSTEMD_UNIT_INSTALL_DIR) +IF(NOT DEFINED PLUGIN_INSTALL_DIR) + SET(PLUGIN_INSTALL_DIR "${LIB_INSTALL_DIR}/dpm/plugins") +ENDIF(NOT DEFINED PLUGIN_INSTALL_DIR) + ADD_DEFINITIONS(-DUG_WAYLAND) ADD_SUBDIRECTORY(${DPM_PLUGIN}) diff --git a/packaging/dpm-zone.spec b/packaging/dpm-zone.spec index fad7bcf..ea5b143 100755 --- a/packaging/dpm-zone.spec +++ b/packaging/dpm-zone.spec @@ -20,7 +20,7 @@ The dpm-zone package provides zone policy module for device policy manager %files %manifest dpm-zone.manifest %defattr(644,root,root,755) -%attr(755,root,root) /opt/data/dpm/plugins/zone +%attr(755,root,root) %{_libdir}/dpm/plugins/zone %attr(755,root,root) %{_libdir}/libdpm-zone.so.%{version} %{_libdir}/libdpm-zone.so.0 @@ -37,6 +37,7 @@ The dpm-zone package provides zone policy module for device policy manager %cmake . -DVERSION=%{version} \ -DCMAKE_BUILD_TYPE=%{build_type} \ + -DPLUGIN_INSTALL_DIR=%{_libdir}/dpm/plugins \ -DSCRIPT_INSTALL_DIR=%{_scriptdir} \ -DSYSTEMD_UNIT_INSTALL_DIR=%{_unitdir} \ -DDATA_INSTALL_DIR=%{TZ_SYS_DATA}/dpm \ diff --git a/plugin/CMakeLists.txt b/plugin/CMakeLists.txt index 7ec6e64..86ac78a 100755 --- a/plugin/CMakeLists.txt +++ b/plugin/CMakeLists.txt @@ -31,4 +31,4 @@ SET_TARGET_PROPERTIES(${TARGET} PROPERTIES COMPILE_FLAGS "-fvisibility=default") INCLUDE_DIRECTORIES(SYSTEM ${PLUGIN_DEPS_INCLUDE_DIRS}) TARGET_LINK_LIBRARIES(${TARGET} ${PLUGIN_DEPS_LIBRARIES}) -INSTALL(FILES libdpm-plugin-zone.so RENAME zone DESTINATION /opt/data/dpm/plugins) +INSTALL(FILES libdpm-plugin-zone.so RENAME zone DESTINATION ${PLUGIN_INSTALL_DIR}) -- 2.7.4 From 5a04a063379b8996072d1fb90eb453aeb950aa37 Mon Sep 17 00:00:00 2001 From: Sungbae Yoo Date: Tue, 12 Mar 2019 15:03:13 +0900 Subject: [PATCH 6/6] Add conditional statements for krate not supported Change-Id: Iee9d2918a2b8252192f319d9ea8102a7e8503b02 Signed-off-by: Sungbae Yoo --- CMakeLists.txt | 5 +++++ packaging/dpm-zone.spec | 5 +++-- plugin/CMakeLists.txt | 5 ++++- plugin/zone.cpp | 26 +++++++++++++++++++++----- 4 files changed, 33 insertions(+), 8 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index a1fd7fa..9f41d2a 100755 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -38,6 +38,11 @@ else() endif() SET(COMPILE_BASE_FLAGS "-g -fPIC -Werror -Wall -Wl,--as-needed -Wl,--no-whole-archive") + +IF(KRATE_SUPPORTED) + SET(COMPILE_BASE_FLAGS "${COMPILE_BASE_FLAGS} -DKRATE_SUPPORTED") +ENDIF(KRATE_SUPPORTED) + SET(CMAKE_C_FLAGS_PROFILING "${COMPILE_BASE_FLAGS} -O0 -pg") SET(CMAKE_CXX_FLAGS_PROFILING "${COMPILE_BASE_FLAGS} -O0 -pg -std=${CXX_STD} -fno-rtti") SET(CMAKE_C_FLAGS_DEBUG "${COMPILE_BASE_FLAGS} -O0 -ggdb") diff --git a/packaging/dpm-zone.spec b/packaging/dpm-zone.spec index ea5b143..8c96bc2 100755 --- a/packaging/dpm-zone.spec +++ b/packaging/dpm-zone.spec @@ -10,9 +10,9 @@ BuildRequires: cmake BuildRequires: gettext-tools BuildRequires: pkgconfig(klay) BuildRequires: pkgconfig(dpm-pil) -BuildRequires: pkgconfig(krate) BuildRequires: pkgconfig(capi-system-info) BuildRequires: pkgconfig(capi-base-common) +#BuildRequires: pkgconfig(krate) %description The dpm-zone package provides zone policy module for device policy manager @@ -37,7 +37,7 @@ The dpm-zone package provides zone policy module for device policy manager %cmake . -DVERSION=%{version} \ -DCMAKE_BUILD_TYPE=%{build_type} \ - -DPLUGIN_INSTALL_DIR=%{_libdir}/dpm/plugins \ + -DPLUGIN_INSTALL_DIR=%{_libdir}/dpm/plugins \ -DSCRIPT_INSTALL_DIR=%{_scriptdir} \ -DSYSTEMD_UNIT_INSTALL_DIR=%{_unitdir} \ -DDATA_INSTALL_DIR=%{TZ_SYS_DATA}/dpm \ @@ -45,6 +45,7 @@ The dpm-zone package provides zone policy module for device policy manager -DRUN_INSTALL_DIR=%{TZ_SYS_RUN} \ -DAPP_INSTALL_PREFIX="%{TZ_SYS_RO_APP}" \ -DAPP_SHARE_PACKAGES_DIR="%{TZ_SYS_RO_PACKAGES}" \ + -DKRATE_SUPPORTED=1 make %{?jobs:-j%jobs} diff --git a/plugin/CMakeLists.txt b/plugin/CMakeLists.txt index 86ac78a..ffe18f3 100755 --- a/plugin/CMakeLists.txt +++ b/plugin/CMakeLists.txt @@ -19,9 +19,12 @@ SET(PLUGIN_SOURCES "zone.cpp") SET(DEPENDENCY klay dpm-pil - krate ) +IF(NOT KRATE_SUPPORTED) + SET(DEPENDENCY ${DEPENDENCY} krate) +ENDIF(NOT KRATE_SUPPORTED) + PKG_CHECK_MODULES(PLUGIN_DEPS REQUIRED ${DEPENDENCY}) SET (CMAKE_SHARED_LINKER_FLAGS "${CMAKE_SHARED_LINKER_FLAGS} -Wl,-z,noexecstack") diff --git a/plugin/zone.cpp b/plugin/zone.cpp index c22049f..e505237 100644 --- a/plugin/zone.cpp +++ b/plugin/zone.cpp @@ -13,7 +13,6 @@ * See the License for the specific language governing permissions and * limitations under the License */ - #include #include #include @@ -24,14 +23,17 @@ #include #include -#include #include #include #include + +#ifndef KRATE_SUPPORTED #include #include +#include + #define NAME_PATTERN "^[A-Za-z_][A-Za-z0-9_.-]*" namespace { @@ -63,7 +65,7 @@ bool isAllowedName(const std::string& name) } } // namespace - +#endif class Zone : public AbstractPolicyProvider { public: @@ -75,8 +77,9 @@ public: int Zone::create(const std::string& name, const std::string& setupWizAppid) { +#ifndef KRATE_SUPPORTED if (!isAllowedName(name)) { - return -1; + return TIZEN_ERROR_NOT_PERMITTED; } try { @@ -92,14 +95,18 @@ int Zone::create(const std::string& name, const std::string& setupWizAppid) } return 0; +#else + return TIZEN_ERROR_NOT_PERMITTED; +#endif } int Zone::remove(const std::string& name) { if (getState(name) == 0) { - return -1; + return TIZEN_ERROR_NOT_PERMITTED; } +#ifndef KRATE_SUPPORTED try { Bundle bundle; bundle.add("id", "krate-remove"); @@ -113,16 +120,23 @@ int Zone::remove(const std::string& name) } return 0; +#else + return TIZEN_ERROR_NOT_PERMITTED; +#endif } int Zone::getState(const std::string& name) { +#ifndef KRATE_SUPPORTED krate_state_e state = (krate_state_e)0; krate_manager_h krate_manager; krate_manager_create(&krate_manager); krate_manager_get_krate_state(krate_manager, name.c_str(), &state); krate_manager_destroy(krate_manager); +#else + int state = 0; +#endif return (int)state; } @@ -130,11 +144,13 @@ int Zone::getState(const std::string& name) std::vector Zone::enumerate(int state) { std::vector list; +#ifndef KRATE_SUPPORTED krate_manager_h krate_manager; krate_manager_create(&krate_manager); krate_manager_foreach_name(krate_manager, (krate_state_e)state, foreachKrateCallback, &list); krate_manager_destroy(krate_manager); +#endif return list; } -- 2.7.4