2 * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
17 * @author Grzegorz Krawczyk (g.krawczyk@samsung.com)
26 #include <sys/types.h>
28 #include <dpl/log/log.h>
29 #include <dpl/log/secure_log.h>
30 #include <dpl/scoped_array.h>
31 #include <dpl/scoped_resource.h>
32 #include <dpl/assert.h>
33 #include <Commons/Exception.h>
34 #include "WrtAccess.h"
35 #include <ace_api_client.h>
36 #include <dpl/singleton_safe_impl.h>
38 #include "popup-runner.h"
39 IMPLEMENT_SAFE_SINGLETON(WrtDeviceApis::Commons::WrtAccess)
43 * Helper class - single parameter and its value
51 name(NULL), value(NULL)
54 AceParam(const char *name, const char *value) :
55 name(name), value(value)
60 * Helper class - list of params for single dev cap
72 struct DeviceCapParamPolicy
74 typedef AceParamList* Type;
75 static Type NullValue()
79 static void Destroy(Type ptr)
89 * Helper class - modified ScopedArray for ace_param_list_t
91 class ScopedDeviceCapArray : public DPL::ScopedResource<DeviceCapParamPolicy>
94 explicit ScopedDeviceCapArray(AceParamList *ptr =
95 DeviceCapParamPolicy::NullValue()) :
96 DPL::ScopedResource<DeviceCapParamPolicy>(ptr)
99 AceParamList & operator [](std::ptrdiff_t k) const
101 Assert(this->m_value != DeviceCapParamPolicy::NullValue() &&
102 "Dereference of scoped NULL array!");
103 Assert(k >= 0 && "Negative array index");
105 return this->m_value[k];
110 namespace WrtDeviceApis {
112 WrtAccess::WrtAccess() :
113 m_sessionId(GenerateSessionId()),
117 WrtAccess::~WrtAccess()
120 WrtAccess::SessionId WrtAccess::GenerateSessionId()
122 const size_t SESSION_ID_LENGTH = 32;
124 std::ostringstream pid;
125 pid << static_cast<int>(getpid());
127 std::string session_id = pid.str();
129 session_id.reserve(session_id.length() + SESSION_ID_LENGTH);
131 for (size_t i = 0; i < SESSION_ID_LENGTH; ++i) {
132 int c = random() % 16;
134 session_id += (c < 10 ?
135 static_cast<char>('0' + c) :
136 static_cast<char>('A' + c - 10));
141 void WrtAccess::initialize(int widgetId)
145 _E("Invalid widget id");
149 m_widgetId = widgetId;
151 if (!m_pluginOwners++) {
152 DPL::Log::LogSystemSingleton::Instance().SetTag("SECURITY_DAEMON");
153 ace_return_t ret = ace_client_initialize(Wrt::Popup::run_popup);
154 DPL::Log::LogSystemSingleton::Instance().SetTag("WRT_PLUGINS");
155 Assert(ACE_OK == ret);
159 void WrtAccess::deinitialize(int /*widgetId*/)
163 if (!--m_pluginOwners) {
164 DPL::Log::LogSystemSingleton::Instance().SetTag("SECURITY_DAEMON");
165 ace_return_t ret = ace_client_shutdown();
166 DPL::Log::LogSystemSingleton::Instance().SetTag("WRT_PLUGINS");
167 Assert(ACE_OK == ret);
171 int WrtAccess::getWidgetId() const
176 WrtAccess::CheckAccessReturnType WrtAccess::checkAccessControl(const AceFunction& aceFunction) const
179 m_pluginOwners && "WrtAccessSingleton needs to be initialized with"
180 "WidgetId during on_widget_start_callback in each plugin");
181 size_t deviceCount = aceFunction.deviceCapabilities.size();
183 DPL::ScopedArray <const char *> deviceScopedArray;
184 ScopedDeviceCapArray paramsScopedArray;
187 deviceScopedArray.Reset(new const char*[deviceCount]);
188 paramsScopedArray.Reset(new AceParamList[deviceCount]);
190 for (size_t i = 0; i < deviceCount; ++i) {
191 deviceScopedArray[i] =
192 aceFunction.deviceCapabilities.at(i).devCapName.c_str();
193 paramsScopedArray[i].count =
194 aceFunction.deviceCapabilities.at(i).devCapParams.size();
196 paramsScopedArray[i].param =
197 new AceParam[paramsScopedArray[i].count];
199 for (size_t j = 0; j < paramsScopedArray[i].count; ++j) {
200 paramsScopedArray[i].param[j].name =
201 aceFunction.deviceCapabilities.at(i).
202 devCapParams[j].name.c_str();
203 paramsScopedArray[i].param[j].value =
204 aceFunction.deviceCapabilities.at(i).
205 devCapParams[j].value.c_str();
210 size_t featuresCount = aceFunction.features.size();
212 DPL::ScopedArray <const char*> featureScopedArray;
214 featureScopedArray.Reset(new const char*[featuresCount]);
216 for (size_t i = 0; i < featuresCount; ++i) {
217 featureScopedArray[i] =
218 aceFunction.features.at(i).name.c_str();
222 _D("constructing ACE request");
224 ace_request_t aceRequest;
225 aceRequest.session_id =
226 const_cast<const ace_session_id_t>(m_sessionId.c_str());
227 aceRequest.widget_handle = getWidgetId();
228 aceRequest.feature_list.count = featuresCount;
229 aceRequest.feature_list.items =
230 const_cast<ace_string_t*>(featureScopedArray.Get());
231 aceRequest.dev_cap_list.count = deviceCount;
232 aceRequest.dev_cap_list.items = new ace_dev_cap_t[deviceCount];
234 const char** devCapNames = deviceScopedArray.Get();
235 AceParamList* paramList = paramsScopedArray.Get();
238 for (i = 0; i < deviceCount; ++i) {
239 aceRequest.dev_cap_list.items[i].name =
240 const_cast<const ace_string_t>(devCapNames[i]);
241 aceRequest.dev_cap_list.items[i].param_list.count = paramList[i].count;
242 aceRequest.dev_cap_list.items[i].param_list.items =
243 new ace_param_t[paramList[i].count];
245 for (j = 0; j < paramList[i].count; ++j) {
246 aceRequest.dev_cap_list.items[i].param_list.items[j].name =
247 const_cast<ace_string_t>(paramList[i].param[j].name);
248 aceRequest.dev_cap_list.items[i].param_list.items[j].value =
249 const_cast<ace_string_t>(paramList[i].param[j].value);
253 ace_check_result_t aceCheckResult = ACE_PRIVILEGE_DENIED;
254 DPL::Log::LogSystemSingleton::Instance().SetTag("SECURITY_DAEMON");
255 ace_return_t ret = ace_check_access_ex(&aceRequest, &aceCheckResult);
256 DPL::Log::LogSystemSingleton::Instance().SetTag("WRT_PLUGINS");
257 for (i = 0; i < deviceCount; ++i) {
258 delete[] aceRequest.dev_cap_list.items[i].param_list.items;
260 delete[] aceRequest.dev_cap_list.items;
263 _E("Error in ace check: %d", static_cast<int>(ret));
264 return CHECK_ACCESS_INTERNAL_ERROR;
267 if (aceCheckResult == ACE_ACCESS_GRANTED) {
268 return CHECK_ACCESS_GRANTED;
270 else if (aceCheckResult == ACE_PRIVILEGE_DENIED) {
271 return CHECK_ACCESS_PRIVILEGE_DENIED;
273 else if (aceCheckResult == ACE_PRIVACY_DENIED) {
274 return CHECK_ACCESS_PRIVACY_DENIED;
277 return CHECK_ACCESS_INTERNAL_ERROR;
280 } // WrtDeviceApisCommon