});
}
- virtual int allowAccess(uid_t /*user*/,
- const std::string &/*owner*/,
- const std::string &/*alias*/,
- const std::string &/*accessor*/,
- AccessRight /*granted*/)
+ virtual int allowAccess(uid_t user,
+ const std::string &owner,
+ const std::string &alias,
+ const std::string &accessor,
+ AccessRight granted)
{
- return CKM_API_ERROR_UNKNOWN;
+ return try_catch([&] {
+ MessageBuffer send, recv;
+ Serialization::Serialize(send, static_cast<int>(ControlCommand::ALLOW_ACCESS));
+ Serialization::Serialize(send, static_cast<int>(user));
+ Serialization::Serialize(send, owner);
+ Serialization::Serialize(send, alias);
+ Serialization::Serialize(send, accessor);
+ Serialization::Serialize(send, static_cast<int>(granted));
+
+ int retCode = sendToServer(
+ SERVICE_SOCKET_CKM_CONTROL,
+ send.Pop(),
+ recv);
+
+ if (CKM_API_SUCCESS != retCode) {
+ return retCode;
+ }
+
+ int command;
+ int counter;
+ Deserialization::Deserialize(recv, command);
+ Deserialization::Deserialize(recv, counter);
+ Deserialization::Deserialize(recv, retCode);
+
+ return retCode;
+ });
}
- virtual int denyAccess(uid_t /*user*/,
- const std::string &/*owner*/,
- const std::string &/*alias*/,
- const std::string &/*accessor*/)
+ virtual int denyAccess(uid_t user,
+ const std::string &owner,
+ const std::string &alias,
+ const std::string &accessor)
{
- return CKM_API_ERROR_UNKNOWN;
+ return try_catch([&] {
+ MessageBuffer send, recv;
+ Serialization::Serialize(send, static_cast<int>(ControlCommand::DENY_ACCESS));
+ Serialization::Serialize(send, static_cast<int>(user));
+ Serialization::Serialize(send, owner);
+ Serialization::Serialize(send, alias);
+ Serialization::Serialize(send, accessor);
+
+ int retCode = sendToServer(
+ SERVICE_SOCKET_CKM_CONTROL,
+ send.Pop(),
+ recv);
+
+ if (CKM_API_SUCCESS != retCode) {
+ return retCode;
+ }
+
+ int command;
+ int counter;
+ Deserialization::Deserialize(recv, command);
+ Deserialization::Deserialize(recv, counter);
+ Deserialization::Deserialize(recv, retCode);
+
+ return retCode;
+ });
}
virtual ~ControlImpl(){}
CHANGE_USER_PASSWORD,
RESET_USER_PASSWORD,
REMOVE_APP_DATA,
- SET_CC_MODE
+ SET_CC_MODE,
+ ALLOW_ACCESS,
+ DENY_ACCESS,
+ // for backward compatibility append new at the end
};
enum class LogicCommand : int {
CREATE_KEY_PAIR_DSA,
ALLOW_ACCESS,
DENY_ACCESS,
- // for backward compatibility append new on the end
+ // for backward compatibility append new at the end
};
// Do not use DB_KEY_FIRST and DB_KEY_LAST in the code.
RawBuffer CKMLogic::allowAccess(
Credentials &cred,
- int commandId,
+ int command,
+ int msgID,
const Alias &item_alias,
const std::string &accessor_label,
const AccessRight req_rights)
}
MessageBuffer response;
- Serialization::Serialize(response, static_cast<int>(LogicCommand::ALLOW_ACCESS));
- Serialization::Serialize(response, commandId);
+ Serialization::Serialize(response, command);
+ Serialization::Serialize(response, msgID);
Serialization::Serialize(response, retCode);
return response.Pop();
RawBuffer CKMLogic::denyAccess(
Credentials &cred,
- int commandId,
+ int command,
+ int msgID,
const Alias &item_alias,
const std::string &accessor_label)
{
}
MessageBuffer response;
- Serialization::Serialize(response, static_cast<int>(LogicCommand::DENY_ACCESS));
- Serialization::Serialize(response, commandId);
+ Serialization::Serialize(response, command);
+ Serialization::Serialize(response, msgID);
Serialization::Serialize(response, retCode);
return response.Pop();
RawBuffer allowAccess(
Credentials &cred,
- int commandId,
+ int command,
+ int msgID,
const Alias &item_alias,
const std::string &accessor_label,
const AccessRight req_rights);
RawBuffer denyAccess(
Credentials &cred,
- int commandId,
+ int command,
+ int msgID,
const Alias &item_alias,
const std::string &accessor_label);
case ControlCommand::SET_CC_MODE:
Deserialization::Deserialize(buffer, cc_mode_status);
return m_logic->setCCModeStatus(static_cast<CCModeState>(cc_mode_status));
+ case ControlCommand::ALLOW_ACCESS:
+ {
+ std::string owner;
+ std::string item_alias;
+ std::string accessor_label;
+ int req_rights;
+
+ Deserialization::Deserialize(buffer, user);
+ Deserialization::Deserialize(buffer, owner);
+ Deserialization::Deserialize(buffer, item_alias);
+ Deserialization::Deserialize(buffer, accessor_label);
+ Deserialization::Deserialize(buffer, req_rights);
+ Credentials cred =
+ {
+ user,
+ owner
+ };
+ return m_logic->allowAccess(
+ cred,
+ command,
+ 0, // dummy
+ item_alias,
+ accessor_label,
+ static_cast<AccessRight>(req_rights));
+ }
+ case ControlCommand::DENY_ACCESS:
+ {
+ std::string owner;
+ std::string item_alias;
+ std::string accessor_label;
+
+ Deserialization::Deserialize(buffer, user);
+ Deserialization::Deserialize(buffer, owner);
+ Deserialization::Deserialize(buffer, item_alias);
+ Deserialization::Deserialize(buffer, accessor_label);
+ Credentials cred =
+ {
+ user,
+ owner
+ };
+ return m_logic->denyAccess(
+ cred,
+ command,
+ 0, // dummy
+ item_alias,
+ accessor_label);
+ }
default:
Throw(Exception::BrokenProtocol);
}
}
-RawBuffer CKMService::processStorage(Credentials &cred, MessageBuffer &buffer){
+RawBuffer CKMService::processStorage(Credentials &cred, MessageBuffer &buffer)
+{
int command;
- int commandId;
+ int msgID;
int tmpDataType;
Alias alias;
std::string user;
Deserialization::Deserialize(buffer, command);
- Deserialization::Deserialize(buffer, commandId);
+ Deserialization::Deserialize(buffer, msgID);
// This is a workaround solution for locktype=None in Tizen 2.2.1
// When locktype is None, lockscreen app doesn't interfere with unlocking process.
Deserialization::Deserialize(buffer, policy);
return m_logic->saveData(
cred,
- commandId,
+ msgID,
static_cast<DBDataType>(tmpDataType),
alias,
rawData,
Deserialization::Deserialize(buffer, alias);
return m_logic->removeData(
cred,
- commandId,
+ msgID,
static_cast<DBDataType>(tmpDataType),
alias);
}
Deserialization::Deserialize(buffer, password);
return m_logic->getData(
cred,
- commandId,
+ msgID,
static_cast<DBDataType>(tmpDataType),
alias,
password);
Deserialization::Deserialize(buffer, tmpDataType);
return m_logic->getDataList(
cred,
- commandId,
+ msgID,
static_cast<DBDataType>(tmpDataType));
}
case LogicCommand::CREATE_KEY_PAIR_RSA:
return m_logic->createKeyPair(
cred,
static_cast<LogicCommand>(command),
- commandId,
+ msgID,
additional_param,
privateKeyAlias,
publicKeyAlias,
Deserialization::Deserialize(buffer, rawBufferVector);
return m_logic->getCertificateChain(
cred,
- commandId,
+ msgID,
certificate,
rawBufferVector);
}
Deserialization::Deserialize(buffer, aliasVector);
return m_logic->getCertificateChain(
cred,
- commandId,
+ msgID,
certificate,
aliasVector);
}
return m_logic->createSignature(
cred,
- commandId,
+ msgID,
privateKeyAlias,
password, // password for private_key
message,
Deserialization::Deserialize(buffer, padding);
return m_logic->verifySignature(
cred,
- commandId,
+ msgID,
publicKeyOrCertAlias,
password, // password for public_key (optional)
message,
Deserialization::Deserialize(buffer, req_rights);
return m_logic->allowAccess(
cred,
- commandId,
+ command,
+ msgID,
item_alias,
accessor_label,
static_cast<AccessRight>(req_rights));
Deserialization::Deserialize(buffer, accessor_label);
return m_logic->denyAccess(
cred,
- commandId,
+ command,
+ msgID,
item_alias,
accessor_label);
}
projects / platform / core / security / key-manager.git / commitdiff