2 * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
17 * This class simply redirects the access requests to access control engine.
18 * The aim is to hide access control engine specific details from WRT modules.
19 * It also implements WRT_INTERFACE.h interfaces, so that ACE could access
20 * WRT specific and other information during the decision making.
22 * @file security_controller.h
23 # @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com)
24 * @author Ming Jin(ming79.jin@samsung.com)
25 * @author Piotr Kozbial (p.kozbial@samsung.com)
27 * @brief Header file for security logic
30 #include <dpl/ace/PromptDecision.h>
31 #include <security_logic.h>
32 #include <attribute_facade.h>
33 #ifdef WRT_SMACK_ENABLED
34 #include <privilege-control.h>
36 #include <dpl/wrt-dao-ro/widget_dao_read_only.h>
38 void SecurityLogic::initialize() {
39 m_policyEnforcementPoint.initialize(new WebRuntimeImpl(),
40 new ResourceInformationImpl(),
41 new OperationSystemImpl());
44 void SecurityLogic::terminate() {
45 m_policyEnforcementPoint.terminate();
48 void SecurityLogic::authorizeWidgetInstall(
50 AbstractPolicyEnforcementPoint::ResponseReceiver receiver)
52 PolicyResult result = m_policyEnforcementPoint.check(*request);
54 // this is bad idea, what about context in request ??
55 // We could resolve problem with memory allocation by adding default
56 // constructor to Request and pass object by value.
62 PolicyResult SecurityLogic::checkFunctionCall(Request* request)
64 PolicyResult aceResult = m_policyEnforcementPoint.check(*request);
65 if (aceResult == PolicyEffect::PERMIT) {
66 #ifdef WRT_SMACK_ENABLED
68 WrtDB::WidgetDAOReadOnly dao(request->getWidgetHandle());
69 DPL::OptionalString pkgName = dao.getPkgname();
70 Assert(!pkgName.IsNull() && "widget doesn't have a pkg name");
71 const char *devCap = "";
72 int ret = grant_rules_forWAC(DPL::ToUTF8String(*pkgName).c_str(), devCap);
73 Assert(ret==PC_OPERATION_SUCCESS && "smack rules couldn't be granted");
74 } catch (WrtDB::WidgetDAOReadOnly::Exception) {
75 Assert(false && "can't access widget data");
78 return PolicyEffect::PERMIT;
79 } else if (aceResult == PolicyEffect::PROMPT_ONESHOT ||
80 aceResult == PolicyEffect::PROMPT_SESSION ||
81 aceResult == PolicyEffect::PROMPT_BLANKET)
83 // TODO: check stored user answers!!!
84 // if necessary, grant SMACK rules
85 // return appropriately - the following is a dummy:
88 return PolicyEffect::DENY;
92 //void SecurityLogic::setWidgetPreference(
93 // std::string devCap,
94 // WidgetHandle widgetHandle,
95 // AceDB::PreferenceTypes preference)
97 // m_aceSettingsLogic.setWidgetPreference(devCap,
102 //void SecurityLogic::setResourcePreference(
103 // std::string devCap,
104 // AceDB::PreferenceTypes preference)
106 // m_aceSettingsLogic.setResourcePreference(devCap, preference);
109 //AceSettings::WidgetsPreferences SecurityLogic::getWidgetsPreferences() {
110 // return m_aceSettingsLogic.getWidgetsPreferences();
113 //AceSettings::ResourcesPreferences SecurityLogic::getResourcesPreferences() {
114 // return m_aceSettingsLogic.getResourcesPreferences();
117 //void SecurityLogic::resetWidgetsPreferences() {
118 // m_aceSettingsLogic.resetWidgetsPreferences();
121 //void SecurityLogic::resetResourcesPreferences() {
122 // m_aceSettingsLogic.resetResourcesPreferences();