# limitations under the License.
#
# @file CMakeLists.txt
-# @author
+# @author
# @brief
#
SET(CMAKE_CXX_FLAGS_DEBUG "-O0 -std=c++0x -g")
SET(CMAKE_C_FLAGS_RELEASE "-O2 -g")
SET(CMAKE_CXX_FLAGS_RELEASE "-O2 -std=c++0x -g")
+SET(CMAKE_C_FLAGS_CCOV "-O2 -g --coverage")
+SET(CMAKE_CXX_FLAGS_CCOV "-O2 -std=c++0x -g --coverage")
#SET(SMACK_ENABLE ON)
SET(TARGET_SEC_SRV_LIB "sec-srv")
SET(security-server-client "security-server-client")
+############################# Communicatin Client #############################
+
+SET(COMMUNICATION_CLIENT_DIR
+ ${PROJECT_SOURCE_DIR}/communication_client
+ )
+
+SET(COMMUNICATION_CLIENT_SRC_DIR
+ ${COMMUNICATION_CLIENT_DIR}/src
+ )
+
+SET(COMMUNICATION_CLIENT_INCLUDE_DIR
+ ${COMMUNICATION_CLIENT_DIR}/include
+ )
+
+SET(COMMUNICATION_CLIENT_SOURCES
+ ${COMMUNICATION_CLIENT_SRC_DIR}/SecurityCommunicationClient.cpp
+ ${PROJECT_SOURCE_DIR}/socket_connection/client/SecuritySocketClient.cpp
+ ${PROJECT_SOURCE_DIR}/socket_connection/connection/SocketConnection.cpp
+ ${PROJECT_SOURCE_DIR}/socket_connection/connection/SocketStream.cpp
+ )
+
+SET(COMMUNICATION_CLIENT_INCLUDES
+ ${COMMUNICATION_CLIENT_DEPS_INCLUDE_DIRS}
+ ${COMMUNICATION_CLIENT_INCLUDE_DIR}
+ ${PROJECT_SOURCE_DIR}/src/daemon/sockets
+ ${PROJECT_SOURCE_DIR}/src/daemon/dbus
+ ${PROJECT_SOURCE_DIR}/src/daemon/socket
+ ${PROJECT_SOURCE_DIR}/src/daemon/socket/api
+ ${PROJECT_SOURCE_DIR}/socket_connection/client
+ ${PROJECT_SOURCE_DIR}/socket_connection/connection
+ )
+
############################# subdirectories ##################################
ADD_SUBDIRECTORY(ace)
dpl-efl
dpl-db-efl
dpl-event-efl
- dpl-wrt-dao-ro
ecore
appcore-efl
openssl
DESTINATION lib)
INSTALL(FILES
- include/ace/AbstractPolicyEnforcementPoint.h
- include/ace/AbstractTreeElement.h
- include/ace/Attribute.h
- include/ace/AsyncVerdictResultListener.h
- include/ace/Combiner.h
- include/ace/CombinerImpl.h
- include/ace/ConfigurationManager.h
- include/ace/Constants.h
- include/ace/Effect.h
- include/ace/PermissionTriple.h
- include/ace/Policy.h
- include/ace/PolicyEffect.h
- include/ace/PolicyEnforcementPoint.h
- include/ace/PolicyEvaluator.h
- include/ace/PolicyEvaluatorFactory.h
- include/ace/PolicyInformationPoint.h
- include/ace/PolicyResult.h
- include/ace/Preference.h
- include/ace/PromptDecision.h
- include/ace/Request.h
- include/ace/SettingsLogic.h
- include/ace/Subject.h
- include/ace/TreeNode.h
- include/ace/UserDecision.h
include/ace/WRT_INTERFACE.h
- include/ace/Verdict.h
DESTINATION
include/ace
)
<policy-set id="Tizen-Policy" combine="first-matching-target">
- <policy id="Tizen-Policy-Trusted" description="Tizen's policy for trusted domain" combine="permit-overrides">
+ <policy id="Tizen-Policy-Partner-API" description="Partner API" combine="permit-overrides">
+ <!-- Partner API. This is finger-print of tizen-distributor-root-ca-partner.pem -->
+ <target>
+ <subject>
+ <subject-match attr="distributor-key-root-fingerprint" func="equal">
+ sha-1 67:37:DE:B7:B9:9D:D2:DB:A5:2C:42:DE:CB:2F:2C:3E:33:97:E1:85
+ </subject-match>
+ </subject>
+ </target>
+ <rule effect="permit">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="tizen" />
+ </condition>
+ </rule>
+
+ <!-- access to alarm -->
+ <rule effect="permit">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="alarm" />
+ <resource-match attr="device-cap" func="equal" match="alarm.read" />
+ <resource-match attr="device-cap" func="equal" match="alarm.write" />
+ </condition>
+ </rule>
+
+ <!-- access to application -->
+ <rule effect="permit">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="application" />
+ <resource-match attr="device-cap" func="equal" match="application.kill" />
+ <resource-match attr="device-cap" func="equal" match="application.launch" />
+ <resource-match attr="device-cap" func="equal" match="application.read" />
+ <resource-match attr="device-cap" func="equal" match="application.manager" />
+ <resource-match attr="device-cap" func="equal" match="application.service" />
+ </condition>
+ </rule>
+
+ <!-- access to bluetooth -->
+ <rule effect="permit">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="bluetooth" />
+ <resource-match attr="device-cap" func="equal" match="bluetooth.admin" />
+ <resource-match attr="device-cap" func="equal" match="bluetooth.gap" />
+ <resource-match attr="device-cap" func="equal" match="bluetooth.spp" />
+ </condition>
+ </rule>
+
+ <!-- access to calendar -->
+ <rule effect="permit">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="calendar" />
+ <resource-match attr="device-cap" func="equal" match="calendar.read" />
+ <resource-match attr="device-cap" func="equal" match="calendar.write" />
+ </condition>
+ </rule>
+
+ <!-- access to call history -->
+ <rule effect="permit">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="call" />
+ <resource-match attr="device-cap" func="equal" match="call.history" />
+ <resource-match attr="device-cap" func="equal" match="call.history.read" />
+ <resource-match attr="device-cap" func="equal" match="call.history.write" />
+ <resource-match attr="device-cap" func="equal" match="call.state" />
+ </condition>
+ </rule>
+
+ <!-- access to contact -->
+ <rule effect="permit">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="contact" />
+ <resource-match attr="device-cap" func="equal" match="contact.read" />
+ <resource-match attr="device-cap" func="equal" match="contact.write" />
+ </condition>
+ </rule>
+
+ <!-- access to filesystem -->
+ <rule effect="permit">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="filesystem" />
+ <resource-match attr="device-cap" func="equal" match="filesystem.read" />
+ <resource-match attr="device-cap" func="equal" match="filesystem.write" />
+ </condition>
+ </rule>
+
+ <!-- access to geo coder -->
+ <rule effect="permit">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="geocoder" />
+ </condition>
+ </rule>
+
+ <!-- access to mediacontent -->
+ <rule effect="permit">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="mediacontent" />
+ <resource-match attr="device-cap" func="equal" match="mediacontent.read" />
+ <resource-match attr="device-cap" func="equal" match="mediacontent.write" />
+ </condition>
+ </rule>
+
+ <!-- access to Messaging -->
+ <rule effect="permit">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="messaging" />
+ <resource-match attr="device-cap" func="equal" match="messaging.read" />
+ <resource-match attr="device-cap" func="equal" match="messaging.write" />
+ <resource-match attr="device-cap" func="equal" match="messaging.send" />
+ </condition>
+ </rule>
+
+ <!-- access to NFC -->
+ <rule effect="permit">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="nfc" />
+ <resource-match attr="device-cap" func="equal" match="nfc.tag" />
+ <resource-match attr="device-cap" func="equal" match="nfc.p2p" />
+ <resource-match attr="device-cap" func="equal" match="nfc.admin" />
+ </condition>
+ </rule>
+
+ <!-- access to Sensors -->
+ <rule effect="permit">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="sensors" />
+ </condition>
+ </rule>
+
+ <!-- access to systeminfo -->
+ <rule effect="permit">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="systeminfo" />
+ </condition>
+ </rule>
+
+ <!-- access to timeutil -->
+ <rule effect="permit">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="time" />
+ <resource-match attr="device-cap" func="equal" match="time.read" />
+ <resource-match attr="device-cap" func="equal" match="time.write" />
+ </condition>
+ </rule>
+
+ <!-- access to lbs -->
+ <rule effect="permit">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="lbs" />
+ </condition>
+ </rule>
+
+ <!-- access to map -->
+ <rule effect="permit">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="map" />
+ </condition>
+ </rule>
+
+ <!-- access to poi -->
+ <rule effect="permit">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="poi" />
+ <resource-match attr="device-cap" func="equal" match="poi.read" />
+ <resource-match attr="device-cap" func="equal" match="poi.write" />
+ </condition>
+ </rule>
+
+ <!-- access to route -->
+ <rule effect="permit">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="route" />
+ </condition>
+ </rule>
+
+ <!-- access to external network -->
+ <!-- XMLHttpRequestTizen and externalNetworkAccessTizen defined for Tizen Webapp -->
+ <!-- Function of two capabilities are same to XMLHttpRequest and externalNetworkAccess of WAC -->
+ <rule effect="permit">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="XMLHttpRequest" />
+ <resource-match attr="device-cap" func="equal" match="externalNetworkAccess" />
+ </condition>
+ </rule>
+
+ <!-- access to external network on roaming status -->
+ <rule effect="permit">
+ <condition combine="and">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="XMLHttpRequest" />
+ <resource-match attr="device-cap" func="equal" match="externalNetworkAccess" />
+ </condition>
+ <environment-match attr="roaming" match="true" />
+ </condition>
+ </rule>
+
+ <!-- access to power feature -->
+ <rule effect="permit">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="power" />
+ </condition>
+ </rule>
+
+ <!-- access to download feature -->
+ <rule effect="permit">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="download" />
+ </condition>
+ </rule>
+
+ <!-- access to notification feature -->
+ <rule effect="permit">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="notification" />
+ </condition>
+ </rule>
+ <rule effect="permit">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="systemsetting.read" />
+ <resource-match attr="device-cap" func="equal" match="systemsetting.write" />
+ </condition>
+ </rule>
+
+ <rule effect="deny" />
+ </policy>
+ <policy id="Tizen-Policy-Trusted" description="Tizen's policy for trusted domain" combine="permit-overrides">
<!-- This is finger-print of certificate for TIZEN SDK (tizen.root.preproduction.cert.pem) -->
<target>
<subject>
<condition combine="or">
<resource-match attr="device-cap" func="equal" match="mediacontent" />
<resource-match attr="device-cap" func="equal" match="mediacontent.read" />
- <resource-match attr="device-cap" func="equal" match="mediacontent.write" />
+ <resource-match attr="device-cap" func="equal" match="mediacontent.write" />
</condition>
</rule>
}
}
-void AceDAO::setWidgetType(WidgetHandle handle, AppTypes widgetType)
-{
- Try {
- ScopedTransaction transaction(&AceDaoUtilities::m_databaseInterface);
- ACE_DB_INSERT(insert, AceSubjectType, &AceDaoUtilities::m_databaseInterface);
- AceSubjectType::Row row;
- row.Set_app_id(handle);
- row.Set_app_type(appTypeToInt(widgetType));
- insert->Values(row);
- insert->Execute();
- transaction.Commit();
- }
- Catch(DPL::DB::SqlConnection::Exception::Base) {
- ReThrowMsg(Exception::DatabaseError, "Failed in setWidgetType");
- }
-}
-
void AceDAO::registerWidgetInfo(WidgetHandle handle,
const WidgetRegisterInfo& info,
const WidgetCertificateDataList& dataList)
{
Try
{
+ ScopedTransaction transaction(&AceDaoUtilities::m_databaseInterface);
+
ACE_DB_INSERT(insert, WidgetInfo, &AceDaoUtilities::m_databaseInterface);
WidgetInfo::Row wi;
wi.Set_app_id(handle);
insert->Values(wcf);
insert->Execute();
}
+ transaction.Commit();
} Catch(DPL::DB::SqlConnection::Exception::Base) {
ReThrowMsg(Exception::DatabaseError, "Failed in registerWidgetInfo");
}
}
}
-bool AceDAO::isWidgetInstalled(WidgetHandle handle)
-{
- Try {
- ACE_DB_SELECT(select, WidgetInfo, &AceDaoUtilities::m_databaseInterface);
- select->Where(Equals<WidgetInfo::app_id>(handle));
- WidgetInfo::Select::RowList rows = select->GetRowList();
- return !rows.empty() ? true : false;
- } Catch(DPL::DB::SqlConnection::Exception::Base) {
- ReThrowMsg(Exception::DatabaseError, "Failed in isWidgetInstalled");
- }
-}
-
}
AppTypes AceDAOReadOnly::getWidgetType(WidgetHandle handle)
{
Try {
- ACE_DB_SELECT(select, AceSubjectType, &AceDaoUtilities::m_databaseInterface);
- select->Where(Equals<AceSubjectType::app_id>(handle));
- std::list<AceSubjectType::Row> rows = select->GetRowList();
- if (rows.empty()) {
+ ACE_DB_SELECT(select, WidgetInfo, &AceDaoUtilities::m_databaseInterface);
+ select->Where(Equals<WidgetInfo::app_id>(handle));
+ WidgetInfo::Select::RowList rows = select->GetRowList();
+ DPL::OptionalInt res;
+ if (!rows.empty()) {
+ res = rows.front().Get_widget_type();
+ AppTypes retType = (res.IsNull() ? AppTypes::Unknown : static_cast<AppTypes>(*res));
+ return retType;
+ } else {
+ LogDebug("Can not find widget type");
return AppTypes::Unknown;
}
- AceSubjectType::Row row = rows.front();
- return (static_cast<AppTypes>(row.Get_app_type()));
}
Catch(DPL::DB::SqlConnection::Exception::Base) {
ReThrowMsg(Exception::DatabaseError, "Failed to getWidgetType");
}
}
+WidgetHandleList AceDAOReadOnly::getHandleList()
+{
+ LogDebug("Getting DbWidgetHandle List");
+ Try
+ {
+ ACE_DB_SELECT(select, WidgetInfo, &AceDaoUtilities::m_databaseInterface);
+ return select->GetValueList<WidgetInfo::app_id>();
+ }
+ Catch(DPL::DB::SqlConnection::Exception::Base) {
+ ReThrowMsg(Exception::DatabaseError, "Failed to list of widget handles");
+ }
+}
+
+bool AceDAOReadOnly::isWidgetInstalled(WidgetHandle handle)
+{
+ Try {
+ ACE_DB_SELECT(select, WidgetInfo, &AceDaoUtilities::m_databaseInterface);
+ select->Where(Equals<WidgetInfo::app_id>(handle));
+ WidgetInfo::Select::RowList rows = select->GetRowList();
+ return !rows.empty() ? true : false;
+ } Catch(DPL::DB::SqlConnection::Exception::Base) {
+ ReThrowMsg(Exception::DatabaseError, "Failed in isWidgetInstalled");
+ }
+}
+
}
INSTALL(TARGETS ${TARGET_ACE_DAO_RW_LIB}
DESTINATION lib)
-INSTALL(FILES
- ${PROJECT_SOURCE_DIR}/ace/include/ace-dao-ro/PromptModel.h
- ${PROJECT_SOURCE_DIR}/ace/include/ace-dao-ro/PreferenceTypes.h
- ${PROJECT_SOURCE_DIR}/ace/include/ace-dao-ro/BaseAttribute.h
- ${PROJECT_SOURCE_DIR}/ace/include/ace-dao-ro/BasePermission.h
- ${PROJECT_SOURCE_DIR}/ace/include/ace-dao-ro/VerdictTypes.h
- ${PROJECT_SOURCE_DIR}/ace/include/ace-dao-ro/TimedVerdict.h
- ${PROJECT_SOURCE_DIR}/ace/include/ace-dao-ro/IRequest.h
- ${PROJECT_SOURCE_DIR}/ace/include/ace-dao-ro/ValidityTypes.h
- ${PROJECT_SOURCE_DIR}/ace/include/ace-dao-ro/AceDAOReadOnly.h
- ${PROJECT_SOURCE_DIR}/ace/include/ace-dao-ro/AceDatabase.h
- ${PROJECT_SOURCE_DIR}/ace/include/ace-dao-ro/common_dao_types.h
- ${PROJECT_SOURCE_DIR}/ace/include/ace-dao-ro/AceDAOConversions.h
- ${PROJECT_SOURCE_DIR}/ace/include/ace-dao-ro/AppTypes.h
- DESTINATION include/ace-dao-ro
-)
-
-INSTALL(FILES
- ${PROJECT_SOURCE_DIR}/ace/include/ace-dao-rw/AceDAO.h
- DESTINATION include/ace-dao-rw
-)
#include <ace/ConfigurationManager.h>
#include <dpl/log/log.h>
-#include <dpl/wrt-dao-ro/widget_dao_read_only.h>
-#include <dpl/wrt-dao-ro/WrtDatabase.h>
#include <dpl/assert.h>
#include <dpl/foreach.h>
#include <ace/Attribute.h>
#include <ace-dao-ro/BaseAttribute.h>
+#include <ace-dao-ro/AceDAOReadOnly.h>
using namespace AceDB;
resourceInformation(resource),
operationSystem(system)
{
- WrtDB::WrtDatabase::attachToThreadRO();
+ AceDB::AceDAOReadOnly::attachToThreadRO();
}
PolicyInformationPoint::~PolicyInformationPoint()
{
- WrtDB::WrtDatabase::detachFromThread();
+ AceDB::AceDAOReadOnly::detachFromThread();
}
/* gather attributes values from adequate interfaces */
LogDebug("Widget type attribute found");
// Extracting widget type
- WrtDB::WidgetDAOReadOnly widgetDao(request->getWidgetHandle());
std::list<std::string> attrValue;
Try {
- WrtDB::AppType appType = widgetDao.getWidgetType().appType;
+ AceDB::AppTypes appType =
+ AceDB::AceDAOReadOnly::getWidgetType(
+ request->getWidgetHandle());
switch (appType) {
- case WrtDB::AppType::APP_TYPE_TIZENWEBAPP : {
+ case AceDB::AppTypes::Tizen : {
attrValue.push_back(POLICY_NAME_TIZEN);
LogDebug("==== Using Tizen policy in PIP ====");
break;}
- case WrtDB::AppType::APP_TYPE_WAC20 : {
+ case AceDB::AppTypes::WAC20 : {
attrValue.push_back(POLICY_NAME_WAC2_0);
LogDebug("==== Using WAC policy in PIP ====");
break;}
LogError("Invalid widget type");
}
}
- } Catch (WrtDB::WidgetDAOReadOnly::Exception::WidgetNotExist)
+ } Catch (AceDB::AceDAOReadOnly::Exception::DatabaseError)
{
LogError("Couldn't find widget for handle "
<< request->getWidgetHandle());
WidgetHandle widgetHandle,
FeatureNameVector *featureVector);
+ static WidgetHandleList getHandleList();
+
static AppTypes getWidgetType(WidgetHandle handle);
static std::string getVersion(WidgetHandle widgetHandle);
static std::string getAuthorName(WidgetHandle widgetHandle);
WidgetCertificateData::Type type);
static std::string getShareHref(WidgetHandle widgetHandle);
+ static bool isWidgetInstalled(WidgetHandle handle);
protected:
static int promptDecisionToInt(PromptDecision decision);
static PromptDecision intToPromptDecision(int decision);
static int appTypeToInt(AppTypes app_type);
static AppTypes intToAppType(int app_type);
-} __attribute__ ((deprecated));
+};
}
};
typedef int DbPluginHandle;
+enum CertificateSource {
+ SIGNATURE_DISTRIBUTOR = 0,
+ SIGNATURE_AUTHOR = 1
+};
+
struct WidgetRegisterInfo {
AppTypes type;
DPL::OptionalString widget_id;
typedef std::list<std::string> CertificateChainList;
class IWacSecurity {
public:
- virtual ~IWacSecurity();
+ virtual ~IWacSecurity() {}
virtual const WidgetCertificateDataList& getCertificateList() const = 0;
virtual bool isRecognized() const = 0;
virtual bool isDistributorSigned() const = 0;
// utilities
static void addAttributes(const BaseAttributeSet &attributes);
- // setting widget type
- static void setWidgetType(WidgetHandle handle, AppTypes widgetType);
-
// Setter for device capabilities that are requested in widgets config.
//
// Additional boolean flag means whether widget will always get
const WidgetRegisterInfo& info,
const WidgetCertificateDataList& dataList);
static void unregisterWidgetInfo(WidgetHandle handle);
- static bool isWidgetInstalled(WidgetHandle handle);
-} __attribute__ ((deprecated));
+};
}
#endif /* ACEDAO_H_ */
CM_REMOVE_ERROR = -3,
CM_REMOVE_CURRENT = -4,
CM_REMOVE_NOT_EXISTING = -5
- } __attribute__ ((deprecated));
+ };
// !! DEPRECATED !!
- std::string getCurrentPolicyFile(void) const __attribute__ ((deprecated));
- std::string getFullPathToCurrentPolicyFile(void) const __attribute__ ((deprecated));
- std::string getFullPathToCurrentPolicyXMLSchema(void) const __attribute__ ((deprecated));
- int addPolicyFile(const std::string & filePath) __attribute__ ((deprecated));
- int removePolicyFile(const std::string& fileName) __attribute__ ((deprecated));
- int changeCurrentPolicyFile(const std::string& filePath) __attribute__ ((deprecated));
- std::string extractFilename(const std::string& path) const __attribute__ ((deprecated));
+ std::string getCurrentPolicyFile(void) const;
+ std::string getFullPathToCurrentPolicyFile(void) const;
+ std::string getFullPathToCurrentPolicyXMLSchema(void) const;
+ int addPolicyFile(const std::string & filePath);
+ int removePolicyFile(const std::string& fileName);
+ int changeCurrentPolicyFile(const std::string& filePath);
+ std::string extractFilename(const std::string& path) const;
/**
* ACE policy file path getter
protected:
// !! DEPRECATED !!
- int parse(const std::string&) __attribute__ ((deprecated));
- bool copyFile(FILE*, FILE*, int lenght = 1024) const __attribute__ ((deprecated));
- bool checkIfFileExistst(const std::string&) const __attribute__ ((deprecated));
- const std::list<std::string> & getPolicyFiles() const __attribute__ ((deprecated));
- const std::string & getConfigFile() const __attribute__ ((deprecated));
+ int parse(const std::string&);
+ bool copyFile(FILE*, FILE*, int lenght = 1024) const;
+ bool checkIfFileExistst(const std::string&) const;
+ const std::list<std::string> & getPolicyFiles() const;
+ const std::string & getConfigFile() const;
ConfigurationManager()
{
private:
static ConfigurationManager * instance;
-} __attribute__ ((deprecated));
+};
#endif
IOperationSystem *operation);
void terminate();
- void updatePolicy(const std::string &policy) __attribute__ ((deprecated));
+ void updatePolicy(const std::string &policy);
void updatePolicy();
PolicyEvaluator *getPdp() const { return this->m_pdp; }
IOperationSystem *m_sys;
PolicyEvaluator *m_pdp;
PolicyInformationPoint *m_pip;
-} __attribute__ ((deprecated));
+};
#endif // POLICY_ENFORCEMENT_POINT_H
POLICY_FILE_ERROR = 1,
PARSER_CREATION_ERROR,
POLICY_PARSING_ERROR
- } __attribute__ ((deprecated));
+ };
private:
AttributeSet m_attributeSet;
bool fromCacheOnly);
bool fillAttributeWithPolicy();
- // !! DEPRECATED !!
- virtual int updatePolicy(const char *) __attribute__ ((deprecated));
+ virtual int updatePolicy(const char *);
// This function updates policy from well known locations
virtual void updatePolicy();
- // !! DEPRECATED !!
- std::string getCurrentPolicy() __attribute__ ((deprecated));
-} __attribute__ ((deprecated));
+ std::string getCurrentPolicy();
+};
#endif //_POLICYEVALUATOR_H
{
return wrtInterface;
}
-} __attribute__ ((deprecated));
+};
#endif //_POLICY_INFORMATION_POINT_H
{
}
-} __attribute__ ((deprecated));
+};
#endif /* WRT_SRC_ACCESS_CONTROL_LOGIC_SETTINGS_LOGIC_H_ */
#include <map>
#include <string>
-#include <ace-dao-ro/common_dao_types.h>
+typedef int WidgetHandle;
class Request;
TABLE_CONSTRAINTS(unique(app_id,feature))
CREATE_TABLE_END()
-CREATE_TABLE(AceSubjectType)
- COLUMN_NOT_NULL(app_id, INTEGER, not null)
- COLUMN_NOT_NULL(app_type, INTEGER, not null)
- TABLE_CONSTRAINTS(unique(app_id))
-CREATE_TABLE_END()
-
CREATE_TABLE(WidgetInfo)
COLUMN_NOT_NULL(app_id, INTEGER, PRIMARY KEY)
COLUMN(widget_type, INT, DEFAULT 1)
#include <dpl/exception.h>
#include <ace-client/ace_client_types.h>
+class WebRuntimeImpl;
+class ResourceInformationImpl;
+class OperationSystemImpl;
+
namespace AceClient {
class AceThinClientImpl;
AceThinClientImpl* m_impl;
friend class DPL::Singleton<AceThinClient>;
-} __attribute__ ((deprecated));
+ WebRuntimeImpl* m_wrt;
+ ResourceInformationImpl* m_res;
+ OperationSystemImpl* m_sys;
+};
-typedef DPL::Singleton<AceThinClient> AceThinClientSingleton
- __attribute__ ((deprecated));
+typedef DPL::Singleton<AceThinClient> AceThinClientSingleton;
} // namespace AceClient
-
#endif // WRT_ACE_CLIENT_H
include(FindPkgConfig)
PKG_CHECK_MODULES(ACE_CLIENT_DEPS
- dpl-wrt-dao-ro
dpl-efl
dpl-event-efl
dpl-dbus-efl
${ACE_CLIENT_DEPS_INCLUDE_DIRS}
${ACE_CLIENT_INCLUDE_DIR}
${PROJECT_SOURCE_DIR}/ace_common/include
- ${PROJECT_SOURCE_DIR}/src/services/ace/dbus/api
+ ${PROJECT_SOURCE_DIR}/src/services/ace
+ ${PROJECT_SOURCE_DIR}/src/services/ace/dbus/api
${PROJECT_SOURCE_DIR}/src/services/ace/logic
- ${PROJECT_SOURCE_DIR}/src/services/popup/dbus/api
- ${PROJECT_SOURCE_DIR}/src/daemon/dbus
+ ${PROJECT_SOURCE_DIR}/src/services/popup
+ ${PROJECT_SOURCE_DIR}/src/daemon/dbus
${PROJECT_SOURCE_DIR}/popup_process
${PROJECT_SOURCE_DIR}/ace/include
)
TARGET_LINK_LIBRARIES(${TARGET_ACE_CLIENT_LIB}
${ACE_CLIENT_DEPS_LIBRARIES}
${TARGET_ACE_DAO_RO_LIB}
- ${TARGET_ACE_LIB}
+ ${TARGET_ACE_LIB}
)
INSTALL(TARGETS ${TARGET_ACE_CLIENT_LIB}
DESTINATION lib)
INSTALL(FILES
- ${ACE_CLIENT_INCLUDE_DIR}/ace-client/ace_client.h
- ${ACE_CLIENT_INCLUDE_DIR}/ace-client/ace_client_types.h
+# ${ACE_CLIENT_INCLUDE_DIR}/ace-client/ace_client.h
+# ${ACE_CLIENT_INCLUDE_DIR}/ace-client/ace_client_types.h
${ACE_CLIENT_INCLUDE_DIR}/ace_api_client.h
DESTINATION include/ace-client
)
#include <ace_popup_handler.h>
-#include "ace_server_api.h"
+#include "ace_server_dbus_api.h"
#include "popup_response_server_api.h"
#include "security_daemon_dbus_config.h"
#include "ace-client/ace_client_helper.h"
#include <attribute_facade.h>
#include <ace/Request.h>
-#include <dpl/wrt-dao-ro/wrt_db_types.h>
-#include <dpl/wrt-dao-ro/widget_dao_read_only.h>
-#include <dpl/wrt-dao-ro/WrtDatabase.h>
// ACE tests need to use mock implementations
#ifdef ACE_CLIENT_TESTS
bool containsNetworkDevCap(const AceRequest &ace_request);
bool checkFeatureList(const AceRequest& ace_request);
private:
+ WebRuntimeImpl* m_wrt;
+ ResourceInformationImpl* m_res;
+ OperationSystemImpl* m_sys;
DPL::DBus::Client *m_dbusClient, *m_dbusPopupValidationClient;
AceSubject getSubjectForHandle(AceWidgetHandle handle) const;
AceThinClientImpl::AceThinClientImpl()
: m_dbusClient(NULL),
m_dbusPopupValidationClient(NULL),
- m_pip(new WebRuntimeImpl(),
- new ResourceInformationImpl(),
- new OperationSystemImpl())
+ m_wrt(new WebRuntimeImpl()),
+ m_res(new ResourceInformationImpl()),
+ m_sys(new OperationSystemImpl()),
+ m_pip(m_wrt, m_res, m_sys)
{
AceDB::AceDAOReadOnly::attachToThreadRO();
- WrtDB::WrtDatabase::attachToThreadRO();
Try {
m_dbusClient = new DPL::DBus::Client(
WrtSecurity::SecurityDaemonConfig::OBJECT_PATH(),
&response);
LogInfo("Security daemon response from echo: " << response);
} Catch (DPL::DBus::Client::Exception::DBusClientException) {
+ if(m_dbusClient) delete m_dbusClient;
+ if(m_dbusPopupValidationClient) delete m_dbusPopupValidationClient;
+ delete m_wrt;
+ delete m_res;
+ delete m_sys;
ReThrowMsg(AceThinClient::Exception::AceThinClientException,
"Failed to call security daemon");
}
Assert(NULL != m_dbusPopupValidationClient);
delete m_dbusClient;
delete m_dbusPopupValidationClient;
+ delete m_wrt;
+ delete m_res;
+ delete m_sys;
m_dbusClient = NULL;
m_dbusPopupValidationClient = NULL;
- WrtDB::WrtDatabase::detachFromThread();
AceDB::AceDAOReadOnly::detachFromThread();
+
}
bool AceThinClientImpl::isInitialized() const
AceSubject AceThinClientImpl::getSubjectForHandle(AceWidgetHandle handle) const
{
- // TODO remove subject use in AceRequest
- // remove dependency AceThinClient and WrtDaoRo from CMakeLists.txt
- WrtDB::WidgetDAOReadOnly w_dao(handle);
- try {
- DPL::OptionalString widgetGUID = w_dao.getGUID();
- return !widgetGUID ? "" : DPL::ToUTF8String(*widgetGUID);
+ try
+ {
+ return AceDB::AceDAOReadOnly::getGUID(handle);
}
- catch (WrtDB::WidgetDAOReadOnly::Exception::WidgetNotExist& /*ex*/)
+ catch (AceDB::AceDAOReadOnly::Exception::DatabaseError& /*ex*/)
{
LogError("Couldn't find GIUD for handle " << handle);
return "";
ace_return_t ace_is_widget_installed(ace_widget_handle_t handle, bool *installed);
/*
- * Sets widget type. Use in installer to determine which policy will be used
- * by ACE for this widget.
- * Returns error or ACE_OK
- */
-ace_return_t ace_set_widget_type(ace_widget_handle_t handle,
- ace_widget_type_t type);
-
-/*
* Gets widget type in 'type'. Use in installer to determine which policy will be used
* by ACE for this widget.
* Returns error or ACE_OK
${ACE_INSTALL_INCLUDE_DIR}
${PROJECT_SOURCE_DIR}/ace_common/include
${PROJECT_SOURCE_DIR}/ace/include
- ${PROJECT_SOURCE_DIR}/src/services/ace/dbus/api
+ ${PROJECT_SOURCE_DIR}/src/services/ace
+ ${PROJECT_SOURCE_DIR}/src/services/ace/dbus/api
${PROJECT_SOURCE_DIR}/src/daemon/dbus
)
#include <dpl/string.h>
#include <dpl/dbus/dbus_client.h>
#include <ace-dao-rw/AceDAO.h>
-#include "ace_server_api.h"
+#include "ace_server_dbus_api.h"
#include "security_daemon_dbus_config.h"
#include "ace_api_install.h"
ace_certificate_data* cert_data[])
{
LogDebug("enter");
+
+ if (NULL == info || AceDB::AceDAOReadOnly::isWidgetInstalled(handle))
+ return ACE_INVALID_ARGUMENTS;
+
AceDB::WidgetRegisterInfo wri;
wri.type = to_db_app_type(info->type);
- //TODO: type should be only in WidgetInfo database table
- ace_set_widget_type(handle, info->type);
-
if (info->id)
wri.widget_id = DPL::FromUTF8String(info->id);
if (info->version)
wri.shareHref = DPL::FromUTF8String(info->shareHerf);
AceDB::WidgetCertificateDataList dataList;
- AceDB::WidgetCertificateData wcd;
- ace_certificate_data* cd;
- int i = 0;
- while (cert_data[i] != NULL)
- {
- cd = cert_data[i++]; //increment
- switch(cd->type) {
- case ROOT:
- wcd.type = AceDB::WidgetCertificateData::Type::ROOT;
- break;
- case ENDENTITY:
- wcd.type = AceDB::WidgetCertificateData::Type::ENDENTITY;
- break;
+ if (NULL != cert_data) {
+ AceDB::WidgetCertificateData wcd;
+ ace_certificate_data* cd;
+ int i = 0;
+ while (cert_data[i] != NULL)
+ {
+ cd = cert_data[i++]; //increment
+ switch(cd->type) {
+ case ROOT:
+ wcd.type = AceDB::WidgetCertificateData::Type::ROOT;
+ break;
+ case ENDENTITY:
+ wcd.type = AceDB::WidgetCertificateData::Type::ENDENTITY;
+ break;
+ }
+ switch(cd->owner) {
+ case AUTHOR:
+ wcd.owner = AceDB::WidgetCertificateData::Owner::AUTHOR;
+ break;
+ case DISTRIBUTOR:
+ wcd.owner = AceDB::WidgetCertificateData::Owner::DISTRIBUTOR;
+ break;
+ case UNKNOWN: default:
+ wcd.owner = AceDB::WidgetCertificateData::Owner::UNKNOWN;
+ break;
+ }
+ wcd.chainId = cd->chain_id;
+ if (cd->md5_fp)
+ wcd.strMD5Fingerprint = cd->md5_fp;
+ if (cd->sha1_fp)
+ wcd.strSHA1Fingerprint = cd->sha1_fp;
+ if (cd->common_name)
+ wcd.strCommonName = DPL::FromUTF8String(cd->common_name);
+ dataList.push_back(wcd);
}
- switch(cd->owner) {
- case AUTHOR:
- wcd.owner = AceDB::WidgetCertificateData::Owner::AUTHOR;
- break;
- case DISTRIBUTOR:
- wcd.owner = AceDB::WidgetCertificateData::Owner::DISTRIBUTOR;
- break;
- case UNKNOWN: default:
- wcd.owner = AceDB::WidgetCertificateData::Owner::UNKNOWN;
- break;
- }
- wcd.chainId = cd->chain_id;
- if (cd->md5_fp)
- wcd.strMD5Fingerprint = cd->md5_fp;
- if (cd->sha1_fp)
- wcd.strSHA1Fingerprint = cd->sha1_fp;
- if (cd->common_name)
- wcd.strCommonName = DPL::FromUTF8String(cd->common_name);
- dataList.push_back(wcd);
+ LogDebug("All data set. Inserting into database.");
}
- LogDebug("All data set. Inserting into database.");
Try {
AceDB::AceDAO::registerWidgetInfo((WidgetHandle)(handle), wri, dataList);
return ACE_OK;
}
-ace_return_t ace_set_widget_type(ace_widget_handle_t handle,
- ace_widget_type_t type)
-{
- Try {
- AceDB::AceDAO::setWidgetType(
- handle, to_db_app_type(type));
- } Catch(AceDB::AceDAOReadOnly::Exception::DatabaseError) {
- return ACE_INTERNAL_ERROR;
- }
- return ACE_OK;
-}
-
ace_return_t ace_get_widget_type(ace_widget_handle_t handle,
ace_widget_type_t* type)
{
${PROJECT_SOURCE_DIR}/ace_common/include
${PROJECT_SOURCE_DIR}/ace/include
${PROJECT_SOURCE_DIR}/src/services/ace/dbus/api
- ${PROJECT_SOURCE_DIR}/src/services/popup/dbus/api
+ ${PROJECT_SOURCE_DIR}/src/services/popup/
${PROJECT_SOURCE_DIR}/src/daemon/dbus
)
LogError("Can't connect to daemon");
return ACE_INTERNAL_ERROR;
}
+
+ return ACE_OK;
}
ace_return_t ace_popup_validation_shutdown(void)
}
delete dbusClient;
dbusClient = NULL;
+
+ return ACE_OK;
}
ace_return_t ace_validate_answer(ace_bool_t answer,
*/
ace_return_t ace_reset_global_resource_settings(void);
+/*
+ * After execution, is_privacy_api is ACE_TRUE if resource_name is the name
+ * of Privacy API
+ */
+ace_return_t ace_is_private_api(const ace_resource_t resource_name,
+ ace_bool_t* is_private_api);
+
#ifdef __cplusplus
}
#endif
}
return ACE_OK;
}
+
+ace_return_t ace_is_private_api(const ace_resource_t resource_name, ace_bool_t* is_private_api)
+{
+ static const char * const private_api[] = {
+ "bluetooth.admin",
+ "bluetooth.gap",
+ "bluetooth.spp",
+ "calendar.read",
+ "calendar.write",
+ "callhistory.read",
+ "callhistory.write",
+ "contact.read",
+ "contact.write",
+ "nfc.admin",
+ "nfc.common",
+ "nfc.cardemulation",
+ "nfc.p2p",
+ "nfc.tag",
+ NULL
+ };
+
+ *is_private_api = ACE_TRUE;
+ for (int i=0; private_api[i]; ++i)
+ if (!strcmp(resource_name, private_api[i]))
+ return ACE_OK;
+
+ *is_private_api = ACE_FALSE;
+ return ACE_OK;
+}
+
*
*/
+/*
+ * This class hides implementation of specific communication types
+ * and enables switching between them by #defined macros.
+ *
+ * supported types : DBUS_CONNECTION
+ *
+ * IMPORTANT : Exactly ONE type MUST be defined.
+ *
+ */
+
#ifndef SECURITYCOMMUNICATIONCLIENT_H_
#define SECURITYCOMMUNICATIONCLIENT_H_
#include <dpl/dbus/dbus_client.h>
#include <dpl/log/log.h>
#include <dpl/scoped_ptr.h>
+#include "SecuritySocketClient.h"
#include <string>
#include <memory>
+#define DBUS_CONNECTION
+
+
namespace WrtSecurity {
namespace Communication {
class Client
{
public:
- class Exception
- {
- public:
- DECLARE_EXCEPTION_TYPE(DPL::Exception, Base)
- DECLARE_EXCEPTION_TYPE(Base, SecurityCommunicationClientException)
- };
-
- explicit Client(const std::string &intefaceName);
-
- void connect();
-
- template<typename ... Args>
- void call(const char* methodName, const Args& ... args)
- {
- //#ifdef DBUS_CONNECTION
- Try{
- m_dbusClient->call(methodName, args...);
- } Catch (DPL::DBus::Client::Exception::DBusClientException){
- LogError("Error getting response");
- ReThrowMsg(Exception::SecurityCommunicationClientException,
- "Error getting response");
- }
- //#endif
- LogInfo("Call served");
- }
+ class Exception
+ {
+ public:
+ DECLARE_EXCEPTION_TYPE(DPL::Exception, Base)
+ DECLARE_EXCEPTION_TYPE(Base, SecurityCommunicationClientException)
+ };
- template<typename ...Args>
- void call(std::string methodName, const Args&... args)
- {
- call(methodName.c_str(), args...);
+ explicit Client(const std::string &intefaceName);
+
+
+
+ template<typename ... Args>
+ void call(const char* methodName, const Args& ... args)
+ {
+
+ connect();
+ Try{
+ #ifdef DBUS_CONNECTION
+ m_dbusClient->call(methodName, args...);
+ } Catch (DPL::DBus::Client::Exception::DBusClientException){
+ #endif
+ #ifdef SOCKET_CONNECTION
+ m_socketClient->call(methodName, args...);
+ } Catch (SecuritySocketClient::Exception::SecuritySocketClientException){
+ #endif
+ LogError("Error getting response");
+ disconnect();
+ ReThrowMsg(Exception::SecurityCommunicationClientException,
+ "Error getting response");
+ }
+ LogInfo("Call served");
+ disconnect();
}
- void disconnect();
+ template<typename ...Args>
+ void call(std::string methodName, const Args&... args)
+ {
+ call(methodName.c_str(), args...);
+ }
+
+
private:
- std::string m_interfaceName;
- //#ifdef DBUS_CONNECTION
- std::unique_ptr<DPL::DBus::Client> m_dbusClient;
- //#endif
+ void connect();
+ void disconnect();
+
+ std::string m_interfaceName;
+ #ifdef DBUS_CONNECTION
+ std::unique_ptr<DPL::DBus::Client> m_dbusClient;
+ #endif
+
+ #ifdef SOCKET_CONNECTION
+ std::unique_ptr<SecuritySocketClient> m_socketClient;
+ #endif
};
} // namespace Communication
} // namespace WrtSecurity
REQUIRED
)
-SET(COMMUNICATION_CLIENT_DIR
- ${PROJECT_SOURCE_DIR}/communication_client
- )
-
-SET(COMMUNICATION_CLIENT_SRC_DIR
- ${COMMUNICATION_CLIENT_DIR}/src
- )
-
-SET(COMMUNICATION_CLIENT_INCLUDE_DIR
- ${COMMUNICATION_CLIENT_DIR}/include
- )
-
-SET(COMMUNICATION_CLIENT_SOURCES
- ${COMMUNICATION_CLIENT_SRC_DIR}/SecurityCommunicationClient.cpp
- )
-
-SET(COMMUNICATION_CLIENT_INCLUDES
- ${COMMUNICATION_CLIENT_DEPS_INCLUDE_DIRS}
- ${COMMUNICATION_CLIENT_INCLUDE_DIR}
- ${PROJECT_SOURCE_DIR}/src/daemon/dbus
- )
ADD_DEFINITIONS(${COMMUNICATION_CLIENT_DEPS_CFLAGS})
ADD_DEFINITIONS(${COMMUNICATION_CLIENT_CFLAGS_OTHER})
*/
-
#include "SecurityCommunicationClient.h"
//#ifdef DBUS_CONNECTION
namespace Communication{
Client::Client(const std::string& interfaceName){
- //#ifdef DBUS_CONNECTION
+ #ifdef DBUS_CONNECTION
Try {
m_dbusClient.reset(new DPL::DBus::Client(WrtSecurity::SecurityDaemonConfig::OBJECT_PATH(),
- WrtSecurity::SecurityDaemonConfig::SERVICE_NAME(),
- interfaceName));
+ WrtSecurity::SecurityDaemonConfig::SERVICE_NAME(),
+ interfaceName));
} Catch (DPL::DBus::Client::Exception::DBusClientException) {
LogError("Error getting connection");
ReThrowMsg(Exception::SecurityCommunicationClientException,
"Error getting connection");
}
- if(m_dbusClient.get() == NULL){
+ if(NULL == m_dbusClient.get()){
LogError("Couldn't get client");
ThrowMsg(Exception::SecurityCommunicationClientException,
"Error getting client");
}
+ #endif //DBUS_CONNECTION
+ #ifdef SOCKET_CONNECTION
+ m_socketClient.reset(new SecuritySocketClient(interfaceName));
+ if(NULL == m_sockeClient.get()){
+ LogError("Couldn't get client");
+ ThrowMsg(Exception::SecurityCommunicationClientException,
+ "Error getting client");
+ }
+ #endif //SOCKET_CONNECTION
LogInfo("Created communication client");
- //#endif
}
void Client::connect(){
- LogInfo("Connected");
+ #ifdef SOCKET_CONNECTION
+ m_socketClient->connect();
+ #endif //SOCKET_CONNECTION
+ LogInfo("Connected");
}
void Client::disconnect(){
+
+ #ifdef SOCKET_CONNECTION
+ m_socketClient->disconnect();
+ #endif //SOCKET_CONNECTION
LogInfo("Disconnected");
}
+security-server (0.0.47) unstable; urgency=low
+
+ * separation of ACE and WRT DB phase 1 - added new ACE DB entries and API to setup these data
+
+ * Git: framework/security/security-server
+ * Tag: security-server_0.0.47
+
+ -- Tomasz Swierczek <t.swierczek@samsung.com> Tue, 30 Oct 2012 14:20:00 +0100
+
security-server (0.0.45) unstable; urgency=low
* added orange certificates
--- /dev/null
+-----BEGIN CERTIFICATE-----
+MIICVTCCAb6gAwIBAgIETdzAMDANBgkqhkiG9w0BAQUFADBvMQswCQYDVQQGEwJHQjERMA8GA1UE
+CBMITm9ybWFuZHkxDTALBgNVBAcTBENBRU4xDzANBgNVBAoTBk9yYW5nZTETMBEGA1UECxMKT3Jh
+bmdlTGFiczEYMBYGA1UEAxMPT3JhbmdlTGFicyBDQUVOMB4XDTExMDUyNTA4MzkxMloXDTM2MDUx
+ODA4MzkxMlowbzELMAkGA1UEBhMCR0IxETAPBgNVBAgTCE5vcm1hbmR5MQ0wCwYDVQQHEwRDQUVO
+MQ8wDQYDVQQKEwZPcmFuZ2UxEzARBgNVBAsTCk9yYW5nZUxhYnMxGDAWBgNVBAMTD09yYW5nZUxh
+YnMgQ0FFTjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAj9130ZtpXp/679/2pmFldFgjz5tN
+CjLT6CEWC9yketyKgyV1c0DBMcy4PNLdOb0VxhfcNXNYoBylCp6mPj3mWRM5VSet03XA8k6/L0T4
+dYicYGaIojowhzBBfaIXnBDvMQD5kanC5CDd6HtFzQbBkN73NIdGrR/aFqNtC/wopFECAwEAATAN
+BgkqhkiG9w0BAQUFAAOBgQCIjZYXTdsMCpIYENX6UyD/EM+SZBkVvoB2R8ghRZbKHOcr58ZyGvdH
+i/Y0hp5zNN7bUQurEMWtIxF+s3oaYH0x9xwXCd5UEV9Y+dmD1/qlK7lfSlC7mwynHs3bhMEGOJF2
+TlDzZyVYBIT3LQjfq6G18bGHkwU3uTsxZMSgtz5LgQ==
+-----END CERTIFICATE-----
<FingerprintSHA1>67:37:DE:B7:B9:9D:D2:DB:A5:2C:42:DE:CB:2F:2C:3E:33:97:E1:85</FingerprintSHA1><!-- tizen-distributor-root-ca-partner.pem -->
<FingerprintSHA1>04:C5:A6:1D:75:BB:F5:5C:0F:A2:66:F6:09:4D:9B:2B:5F:3B:44:AE</FingerprintSHA1><!-- tizen-distributor-root-ca-public.pem -->
<FingerprintSHA1>AD:A1:44:89:6A:35:6D:17:01:E9:6F:46:C6:00:7B:78:BE:2E:D9:4E</FingerprintSHA1><!-- tizen.root.preproduction.cert.pem for internal test of SDK -->
+ <FingerprintSHA1>FE:11:C7:FB:38:2E:90:3A:F4:41:80:EE:28:40:61:C2:56:7D:0B:BD</FingerprintSHA1><!-- orange.production.pem - hash from it is encoded on sim cards -->
+ </CertificateDomain>
+ <CertificateDomain name="orangelegacy">
+ <FingerprintSHA1>FE:11:C7:FB:38:2E:90:3A:F4:41:80:EE:28:40:61:C2:56:7D:0B:BD</FingerprintSHA1><!-- orange.production.pem - This certificate requires special treatment during verification process -->
</CertificateDomain>
</CertificateSet>
#sbs-git:slp/pkgs/s/security-server security-server 0.0.37
Name: security-server
Summary: Security server and utilities
-Version: 0.0.48
+Version: 0.0.54
Release: 1
Group: TO_BE/FILLED_IN
License: Apache License, Version 2.0
BuildRequires: pkgconfig(dbus-1)
BuildRequires: pkgconfig(dpl-efl)
BuildRequires: pkgconfig(dpl-utils-efl)
-BuildRequires: pkgconfig(dpl-wrt-dao-rw)
BuildRequires: pkgconfig(dpl-dbus-efl)
BuildRequires: pkgconfig(libpcrecpp)
BuildRequires: pkgconfig(icu-i18n)
cmake . -DCMAKE_INSTALL_PREFIX=%{_prefix} \
-DDPL_LOG="ON" \
- -DVERSION=%{version}
+ -DVERSION=%{version} \
+ -DCMAKE_BUILD_TYPE=%{?build_type:%build_type}
make %{?jobs:-j%jobs}
mkdir -p /etc/rc.d/rc5.d
ln -s /etc/rc.d/init.d/security-serverd /etc/rc.d/rc3.d/S10security-server
ln -s /etc/rc.d/init.d/security-serverd /etc/rc.d/rc5.d/S10security-server
-ln -s -f /opt/dbspace/.cert_svc_vcore.db-journal /opt/dbspace/.vcore.db-journal
-ln -s -f /opt/dbspace/.cert_svc_vcore.db /opt/dbspace/.vcore.db
if [ -z ${2} ]; then
echo "This is new install of wrt-security"
/usr/lib/pkgconfig/security-server.pc
%{_includedir}/wrt-security/*
%{_includedir}/ace/*
-%{_includedir}/ace-dao-ro/*
-%{_includedir}/ace-dao-rw/*
%{_includedir}/ace-client/*
%{_includedir}/ace-settings/*
%{_includedir}/ace-install/*
%{_includedir}/ace-popup-validation/*
%{_includedir}/wrt-ocsp/*
%{_libdir}/pkgconfig/*.pc
-
WrtPopup::WrtPopup(int argc, char **argv) :
Application(argc, argv, "wrt-popup", false),
- m_pipesOpened(false),
- m_popup(NULL)
+ m_pipesOpened(false)
{
Touch();
DPL::Popup::PopupControllerSingleton::Instance().Touch();
--- /dev/null
+/*
+ * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/**
+ * @file SecuritySocketClient.cpp
+ * @author Zofia Abramowska (z.abramowska@samsung.com)
+ * @version 1.0
+ * @brief Implemtation of socket client class.
+ */
+
+#include <sys/socket.h>
+#include <string.h>
+#include <fcntl.h>
+#include <sys/types.h>
+#include <sys/un.h>
+#include <errno.h>
+
+#include "SecuritySocketClient.h"
+#include "security_daemon_socket_config.h"
+
+void SecuritySocketClient::throwWithErrnoMessage(const std::string& specificInfo){
+ LogError(specificInfo << " : " << strerror(errno));
+ ThrowMsg(Exception::SecuritySocketClientException, specificInfo << " : " << strerror(errno));
+}
+
+SecuritySocketClient::SecuritySocketClient(const std::string& interfaceName) {
+ m_interfaceName = interfaceName;
+ m_serverAddress = WrtSecurity::SecurityDaemonSocketConfig::SERVER_ADDRESS();
+ LogInfo("Client created");
+}
+
+void SecuritySocketClient::connect(){
+ struct sockaddr_un remote;
+ if(-1 == (m_socketFd = socket(AF_UNIX, SOCK_STREAM,0))){
+ throwWithErrnoMessage("socket()");
+ }
+
+ //socket needs to be nonblocking, because read can block after select
+ int flags;
+ if (-1 == (flags = fcntl(m_socketFd, F_GETFL, 0)))
+ flags = 0;
+ if(-1 == (fcntl(m_socketFd, F_SETFL, flags | O_NONBLOCK))){
+ throwWithErrnoMessage("fcntl");
+ }
+
+ bzero(&remote, sizeof(remote));
+ remote.sun_family = AF_UNIX;
+ strcpy(remote.sun_path, m_serverAddress.c_str());
+ if(-1 == ::connect(m_socketFd, (struct sockaddr *)&remote, SUN_LEN(&remote))){
+ throwWithErrnoMessage("connect()");
+ }
+
+ m_socketConnector.reset(new SocketConnection(m_socketFd));
+
+ LogInfo("Client connected");
+}
+
+void SecuritySocketClient::disconnect(){
+ //Socket should be already closed by server side,
+ //even though we should close it in case of any errors
+ close(m_socketFd);
+ LogInfo("Client disconnected");
+}
--- /dev/null
+/*
+ * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/**
+ * @file SecuritySocketClient.h
+ * @author Zofia Abramowska (z.abramowska@samsung.com)
+ * @version 1.0
+ * @brief Header of socket client class.
+ */
+
+#ifndef SECURITYSOCKETCLIENT_H_
+#define SECURITYSOCKETCLIENT_H_
+
+#include <memory>
+#include <string>
+#include <dpl/log/log.h>
+#include "SocketConnection.h"
+
+/* IMPORTANT:
+ * Methods connect(), call() and disconnected() should be called one by one.
+ * Between connect() and disconnect() you can use call() only once.
+ * It is because of timeout on call, e.g. to avoid waiting for corrupted data.
+ */
+
+/* USAGE:
+ * Class should be used according to this scheme:
+ * SecuritySocketClient client("Interface Name");
+ * (...)
+ * client.connect();
+ * client.call("Method name", in_arg1, in_arg2, ..., in_argN,
+ * out_arg1, out_arg2, ..., out_argM);
+ * client.disconnect();
+ * (...)
+ *
+ * input parameters of the call are passed with reference,
+ * output ones are passed as pointers - parameters MUST be passed this way.
+ *
+ * Currently client supports serialization and deserialization of simple types
+ * (int, char, float, unsigned), strings (std::string and char*) and
+ * some STL containers (std::vector, std::list, std::map, std::pair).
+ * Structures and classes are not (yet) supported.
+ */
+
+class SecuritySocketClient {
+public:
+ class Exception
+ {
+ public:
+ DECLARE_EXCEPTION_TYPE(DPL::Exception, Base)
+ DECLARE_EXCEPTION_TYPE(Base, SecuritySocketClientException)
+ };
+
+ SecuritySocketClient(const std::string &interfaceName);
+ void connect();
+ void disconnect();
+
+ template<typename ...Args>
+ void call(std::string methodName, const Args&... args){
+ make_call(m_interfaceName);
+ make_call(methodName);
+ make_call(args...);
+ }
+
+private:
+ template<typename T, typename ...Args>
+ void make_call(const T& invalue, const Args&... args){
+ make_call(invalue);
+ make_call(args...);
+ }
+
+ template<typename T>
+ void make_call(const T& invalue){
+ Try {
+ m_socketConnector->write(invalue);
+ }
+ Catch (SocketConnection::Exception::SocketConnectionException){
+ LogError("Socket connection write error");
+ ReThrowMsg(Exception::SecuritySocketClientException,"Socket connection write error");
+ }
+ }
+
+ template<typename T, typename ...Args>
+ void make_call(const T* invalue, const Args&... args){
+ make_call(invalue);
+ make_call(args...);
+ }
+
+ template<typename T>
+ void make_call(const T* invalue){
+ Try {
+ m_socketConnector->write(invalue);
+ }
+ Catch (SocketConnection::Exception::SocketConnectionException){
+ LogError("Socket connection write error");
+ ReThrowMsg(Exception::SecuritySocketClientException,"Socket connection write error");
+ }
+ }
+
+ template<typename T, typename ...Args>
+ void make_call(T * outvalue, const Args&... args){
+ make_call(outvalue);
+ make_call(args...);
+ }
+
+ template<typename T>
+ void make_call(T* outvalue){
+ Try {
+ m_socketConnector->read(outvalue);
+ }
+ Catch (SocketConnection::Exception::SocketConnectionException){
+ LogError("Socket connection read error");
+ ReThrowMsg(Exception::SecuritySocketClientException,"Socket connection read error");
+ }
+ }
+
+
+private:
+ void throwWithErrnoMessage(const std::string& specificInfo);
+ std::string m_serverAddress;
+ std::string m_interfaceName;
+ std::unique_ptr<SocketConnection> m_socketConnector;
+ int m_socketFd;
+};
+
+#endif /* SECURITYSOCKETCLIENT_H_ */
--- /dev/null
+/*
+ * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file SocketConnection.cpp
+ * @author Zofia Abramowska (z.abramowska@samsung.com)
+ * @version 1.0
+ */
+
+#include "SocketConnection.h"
+
+//
+// Note:
+//
+// The file here is left blank to enable precompilation
+// of templates in corresponding header file.
+// Do not remove this file.
+//
--- /dev/null
+/*
+ * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file SocketConnection.h
+ * @author Zofia Abramowska (z.abramowska@samsung.com)
+ * @version 1.0
+ * @brief This file is a header of Socket Connection class with implemented templates
+ */
+
+#ifndef SOCKETCONNECTION_H_
+#define SOCKETCONNECTION_H_
+
+#include <dpl/serialization.h>
+#include <dpl/log/log.h>
+#include <new>
+#include "SocketStream.h"
+
+/*
+ * This class implements interface for generic read and write from given socket.
+ * It does not maintain socket descriptor, so any connecting and disconnecting should be
+ * done above calls to this class.
+ */
+
+/*
+ * Throws SocketConnectionException when read/write will not succeed or if any bad allocation
+ * exception occurs during read.
+ */
+
+class SocketConnection {
+
+public:
+
+ class Exception
+ {
+ public:
+ DECLARE_EXCEPTION_TYPE(DPL::Exception, Base)
+ DECLARE_EXCEPTION_TYPE(Base, SocketConnectionException)
+ };
+
+ explicit SocketConnection(int socket_fd) : m_socketStream(socket_fd){
+ LogInfo("Created");
+ }
+
+ template<typename T, typename ...Args>
+ void read(T* out, const Args&... args ){
+ read(out);
+ read(args...);
+ }
+
+ template<typename T>
+ void read(T* out){
+ Try {
+ DPL::Deserialization::Deserialize(m_socketStream, *out);
+ }
+
+ Catch (std::bad_alloc){
+ LogError("Bad allocation error");
+ ThrowMsg(Exception::SocketConnectionException, "Bad allocation error");
+ }
+
+ Catch (SocketStream::Exception::SocketStreamException) {
+ LogError("Socket stream error");
+ ReThrowMsg(Exception::SocketConnectionException, "Socket stream error");
+ }
+ }
+
+ template<typename T, typename ...Args>
+ void write(const T& in, const Args&... args){
+ write(in);
+ write(args...);
+ }
+
+ template<typename T>
+ void write(const T& in){
+ Try {
+ DPL::Serialization::Serialize(m_socketStream, in);
+ } Catch (SocketStream::Exception::SocketStreamException) {
+ LogError("Socket stream error");
+ ReThrowMsg(Exception::SocketConnectionException, "Socket stream error");
+ }
+ }
+
+ template<typename T, typename ...Args>
+ void write(const T* in, const Args&... args){
+ write(in);
+ write(args...);
+ }
+
+ template<typename T>
+ void write(const T* in){
+ Try {
+ DPL::Serialization::Serialize(m_socketStream, in);
+ } Catch (SocketStream::Exception::SocketStreamException) {
+ LogError("Socket stream error");
+ ReThrowMsg(Exception::SocketConnectionException, "Socket stream error");
+ }
+ }
+
+private:
+ SocketStream m_socketStream;
+};
+
+#endif /* SOCKETCONNECTION_H_ */
--- /dev/null
+/*
+ * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/**
+ * @file SocketStream.cpp
+ * @author Zofia Abramowska (z.abramowska@samsung.com)
+ * @version 1.0
+ * @brief Implementation of socket stream class
+ */
+
+
+#include <sys/socket.h>
+#include <sys/select.h>
+#include <errno.h>
+#include <cstring>
+#include <dpl/log/log.h>
+#include "SocketStream.h"
+
+#define READ_TIEMOUT_SEC 1
+#define READ_TIMEUOT_NSEC 0
+#define WRITE_TIMEOUT_SEC 0
+#define WRITE_TIMEOUT_NSEC 100000000
+#define MAX_BUFFER 10240
+
+void SocketStream::throwWithErrnoMessage(std::string function_name){
+ LogError(function_name << " : " << strerror(errno));
+ ThrowMsg(Exception::SocketStreamException, function_name << " : " << strerror(errno));
+}
+
+void SocketStream::Read(size_t num, void * bytes){
+
+ if(NULL == bytes){
+ LogError("Null pointer to buffer");
+ ThrowMsg(Exception::SocketStreamException, "Null pointer to buffer");
+ }
+
+ m_bytesRead += num;
+
+ if(m_bytesRead > MAX_BUFFER){
+ LogError("Too big buffer requested!");
+ ThrowMsg(Exception::SocketStreamException, "Too big buffer requested!");
+ }
+
+ char part_buffer[MAX_BUFFER];
+ std::string whole_buffer;
+
+ fd_set rset, allset;
+ int max_fd;
+ ssize_t bytes_read = 0, bytes_to_read = (ssize_t) num;
+
+ timespec timeout;
+
+ max_fd = m_socketFd;
+ ++max_fd;
+
+ FD_ZERO(&allset);
+ FD_SET(m_socketFd, &allset);
+
+ int returned_value;
+
+ while(bytes_to_read != 0){
+ timeout.tv_sec = READ_TIEMOUT_SEC;
+ timeout.tv_nsec = READ_TIMEUOT_NSEC;
+ rset = allset;
+
+ if(-1 == (returned_value = pselect(max_fd, &rset, NULL, NULL, &timeout, NULL))){
+ if(errno == EINTR) continue;
+ throwWithErrnoMessage("pselect()");
+ }
+ if(0 == returned_value){
+ //This means pselect got timedout
+ //This is not a proper behavior in reading data from UDS
+ //And could mean we got corrupted connection
+ LogError("Couldn't read whole data");
+ ThrowMsg(Exception::SocketStreamException, "Couldn't read whole data");
+ }
+ if(FD_ISSET(m_socketFd, &rset)){
+ bytes_read = read(m_socketFd, part_buffer, num);
+ if(bytes_read <= 0){
+ if(errno == ECONNRESET || errno == ENOTCONN || errno == ETIMEDOUT){
+ LogInfo("Connection closed : " << strerror(errno));
+ ThrowMsg(Exception::SocketStreamException,
+ "Connection closed : " << strerror(errno) << ". Couldn't read whole data");
+ }else if (errno != EAGAIN && errno != EWOULDBLOCK){
+ throwWithErrnoMessage("read()");
+ }
+ }
+
+ whole_buffer.append(part_buffer, bytes_read);
+ bytes_to_read-=bytes_read;
+ bytes_read = 0;
+ continue;
+ }
+
+ }
+ memcpy(bytes, whole_buffer.c_str(), num);
+ LogInfo("Message read");
+}
+
+void SocketStream::Write(size_t num, const void * bytes){
+
+ if(NULL == bytes){
+ LogError("Null pointer to buffer");
+ ThrowMsg(Exception::SocketStreamException, "Null pointer to buffer");
+ }
+
+ m_bytesWrote += num;
+
+ if(m_bytesWrote > MAX_BUFFER){
+ LogError("Too big buffer requested!");
+ ThrowMsg(Exception::SocketStreamException, "Too big buffer requested!");
+ }
+
+ fd_set wset, allset;
+ int max_fd;
+
+ timespec timeout;
+
+ max_fd = m_socketFd;
+ ++max_fd;
+
+ FD_ZERO(&allset);
+ FD_SET(m_socketFd, &allset);
+
+ int returned_value;
+
+ int write_res, bytes_to_write = num;
+ unsigned int current_offset = 0;
+
+ while(current_offset != num){
+ timeout.tv_sec = WRITE_TIMEOUT_SEC;
+ timeout.tv_nsec = WRITE_TIMEOUT_NSEC;
+ wset = allset;
+
+ if(-1 == (returned_value = pselect(max_fd, NULL, &wset, NULL, &timeout, NULL))){
+ if(errno == EINTR) continue;
+ throwWithErrnoMessage("pselect()");
+ }
+
+ if(FD_ISSET(m_socketFd, &wset)){
+ if(-1 == (write_res = write(m_socketFd, reinterpret_cast<const char *>(bytes) + current_offset, bytes_to_write))){
+ if(errno == ECONNRESET){
+ LogInfo("Connection closed : " << strerror(errno));
+ ThrowMsg(Exception::SocketStreamException,
+ "Connection closed : " << strerror(errno) << ". Couldn't write whole data");
+
+ }else if(errno != EAGAIN && errno != EWOULDBLOCK){
+ throwWithErrnoMessage("write()");
+ }
+ }
+ current_offset += write_res;
+ bytes_to_write -= write_res;
+ }
+ }
+ LogInfo("Message wrote");
+}
--- /dev/null
+/*
+ * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/**
+ * @file SocketStream.h
+ * @author Zofia Abramowska (z.abramowska@samsung.com)
+ * @version 1.0
+ * @brief Header of socket stream class.
+ */
+
+#ifndef SOCKETSTREAM_H_
+#define SOCKETSTREAM_H_
+
+#include <string>
+#include <sys/socket.h>
+#include <sys/select.h>
+#include <dpl/serialization.h>
+#include <dpl/log/log.h>
+
+/*
+ * This class implements binary read/write from socket used for DPL serialization and deserialization
+ * It can read or write buffers of max *total* size 10kB.
+ * I does not maintain socket descriptor.
+ */
+
+/*
+ * Throws SocketStreamException when buffer is null or its size exceeds max size or when
+ * there is an error during read or write.
+ */
+
+
+
+class SocketStream : public DPL::IStream {
+public:
+ class Exception
+ {
+ public:
+ DECLARE_EXCEPTION_TYPE(DPL::Exception, Base)
+ DECLARE_EXCEPTION_TYPE(Base, SocketStreamException)
+ };
+
+ explicit SocketStream(int socket_fd) : m_socketFd(socket_fd),
+ m_bytesRead(0),
+ m_bytesWrote(0)
+ {
+ LogInfo("Created");
+ }
+ void Read(size_t num, void * bytes);
+ void Write(size_t num, const void * bytes);
+private:
+ void throwWithErrnoMessage(std::string specificInfo);
+ int m_socketFd;
+ int m_bytesRead;
+ int m_bytesWrote;
+};
+
+#endif /* SOCKETSTREAM_H_ */
SET(DAEMON_BASIC_DEP
dpl-efl
- dpl-wrt-dao-rw
dpl-dbus-efl
dpl-utils-efl
libsoup-2.4
SET(DAEMON_SOURCES_PATH ${PROJECT_SOURCE_DIR}/src)
SET(DAEMON_SOURCES
+ #socket connection
+ ${PROJECT_SOURCE_DIR}/socket_connection/connection/SocketConnection.cpp
+ ${PROJECT_SOURCE_DIR}/socket_connection/connection/SocketStream.cpp
+ #daemon
${DAEMON_SOURCES_PATH}/daemon/dbus/security_dbus_service.cpp
+ ${DAEMON_SOURCES_PATH}/daemon/sockets/security_socket_service.cpp
${DAEMON_SOURCES_PATH}/daemon/security_daemon.cpp
${DAEMON_SOURCES_PATH}/main.cpp
#ocsp
${DAEMON_SOURCES_PATH}/services/ocsp/dbus/ocsp_server_dbus_interface.cpp
+ ${DAEMON_SOURCES_PATH}/services/ocsp/socket/ocsp_service_callbacks.cpp
${DAEMON_SOURCES_PATH}/services/ocsp/ocsp_service.cpp
#ace
${DAEMON_SOURCES_PATH}/services/ace/dbus/ace_server_dbus_interface.cpp
+ ${DAEMON_SOURCES_PATH}/services/ace/socket/ace_service_callbacks.cpp
${DAEMON_SOURCES_PATH}/services/ace/ace_service.cpp
${DAEMON_SOURCES_PATH}/services/ace/logic/security_controller.cpp
${DAEMON_SOURCES_PATH}/services/ace/logic/attribute_facade.cpp
${DAEMON_SOURCES_PATH}/services/ace/logic/simple_roaming_agent.cpp
#popup
${DAEMON_SOURCES_PATH}/services/popup/dbus/popup_response_dbus_interface.cpp
+ ${DAEMON_SOURCES_PATH}/services/popup/socket/popup_service_callbacks.cpp
)
SET_SOURCE_FILES_PROPERTIES(${DAEMON_SOURCES} PROPERTIES COMPILE_FLAGS "-std=c++0x")
############################# Lets start compilation process ##################
#ace library
INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/ace/include)
+#socket connection library
+INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/socket_connection/connection)
#daemon
INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src)
INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/daemon)
INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/daemon/dbus)
+INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/daemon/sockets/api)
+INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/daemon/sockets)
#ace
+INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/services/ace)
INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/services/ace/dbus)
+INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/services/ace/socket)
+INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/services/ace/socket/api)
INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/services/ace/logic)
#ocsp
+INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/services/ocsp)
INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/services/ocsp/dbus)
+INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/services/ocsp/socket)
+INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/services/ocsp/socket/api)
INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/services/ocsp/logic)
#popup
+INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/services/popup)
INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/services/popup/dbus)
+INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/services/popup/socket)
+INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/services/popup/socket/api)
INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/services/popup/logic)
+INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/ace/include)
INCLUDE_DIRECTORIES(${DAEMON_DEP_INCLUDE_DIRS})
#security-server
INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/security-srv/include)
${DAEMON_SOURCES})
TARGET_LINK_LIBRARIES(${TARGET_DAEMON}
- ${DAEMON_DEP_LIBRARIES}
+ ${DAEMON_DEP_LIBRARIES}
${TARGET_ACE_LIB}
${TARGET_ACE_DAO_RW_LIB})
)
INSTALL(FILES
- ${PROJECT_SOURCE_DIR}/src/services/ace/dbus/api/ace_server_api.h
- ${PROJECT_SOURCE_DIR}/src/services/ocsp/dbus/api/ocsp_server_api.h
- ${PROJECT_SOURCE_DIR}/src/services/popup/dbus/api/popup_response_server_api.h
- ${PROJECT_SOURCE_DIR}/src/services/popup/dbus/api/popup_ace_data_types.h
+ ${PROJECT_SOURCE_DIR}/src/services/ace/ace_server_api.h
+ ${PROJECT_SOURCE_DIR}/src/services/ocsp/ocsp_server_api.h
+ ${PROJECT_SOURCE_DIR}/src/services/popup/popup_response_server_api.h
+ ${PROJECT_SOURCE_DIR}/src/services/popup/popup_ace_data_types.h
${PROJECT_SOURCE_DIR}/src/daemon/dbus/security_daemon_dbus_config.h
DESTINATION /usr/include/wrt-security
)
#include <dpl/singleton_impl.h>
IMPLEMENT_SINGLETON(SecurityDaemon::SecurityDaemon)
-#include <dpl/wrt-dao-ro/WrtDatabase.h>
#include <ace-dao-rw/AceDAO.h>
namespace SecurityDaemon {
{
LogDebug("Ace/Wrt database services initializing...");
AceDB::AceDAO::attachToThreadRW();
- WrtDB::WrtDatabase::attachToThreadRW();
}
void deinitialize(void)
{
LogDebug("Ace/Wrt database services deinitializing...");
AceDB::AceDAO::detachFromThread();
- WrtDB::WrtDatabase::detachFromThread();
}
} //namespace DatabaseService
--- /dev/null
+/*
+ * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file callback_api.h
+ * @author Zofia Abramowska (z.abramowska@samsung.com)
+ * @version 1.0
+ * @brief This header provides types and exceptions required for security service callbacks
+ */
+
+#ifndef CALLBACK_API_H_
+#define CALLBACK_API_H_
+
+#include <dpl/exception.h>
+
+typedef void (*socketServerCallback) (SocketConnection * connector);
+
+typedef bool (*securityCheck) (int socketfd);
+
+namespace ServiceCallbackApi{
+
+ class Exception{
+ public:
+ DECLARE_EXCEPTION_TYPE(DPL::Exception, Base)
+ DECLARE_EXCEPTION_TYPE(Base, ServiceCallbackException)
+ };
+
+}
+
+#endif /* CALLBACK_API_H_ */
--- /dev/null
+/*
+ * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/**
+ * @file security_daemon_socket_config.h
+ * @author Zofia Abramowska (z.abramowska@samsung.com)
+ * @version 1.0
+ * @brief
+ */
+
+#ifndef SECURITY_DAEMON_SOCKET_CONFIG_H_
+#define SECURITY_DAEMON_SOCKET_CONFIG_H_
+
+#include <string>
+#include <signal.h>
+
+namespace WrtSecurity {
+
+struct SecurityDaemonSocketConfig {
+ static const std::string SERVER_ADDRESS()
+ {
+ return "/tmp/server";
+ }
+};
+
+} // namespace WrtSecurity
+#endif /* SECURITY_DAEMON_SOCKET_CONFIG_H_ */
--- /dev/null
+/*
+ * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/**
+ * @file security_socket_service.cpp
+ * @author Zofia Abramowska (z.abramowska@samsung.com)
+ * @version 1.0
+ * @brief Implementation of socket server
+ */
+#include <errno.h>
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <sys/un.h>
+#include <sys/signalfd.h>
+#include <sys/select.h>
+#include <signal.h>
+#include <fcntl.h>
+#include <cstring>
+#include <dpl/log/log.h>
+#include "ace_service_callbacks_api.h"
+#include "ocsp_service_callbacks_api.h"
+#include "popup_service_callbacks_api.h"
+#include "security_daemon_socket_config.h"
+#include "security_socket_service.h"
+
+#define TIMEOUT_SEC 0
+#define TIMEOUT_NSEC 100000000
+#define MAX_LISTEN 5
+#define SIGNAL_TO_CLOSE SIGUSR1
+
+void SecuritySocketService::throwWithErrnoMessage(const std::string& specificInfo){
+ LogError(specificInfo << " : " << strerror(errno));
+ ThrowMsg(DPL::Exception, specificInfo << " : " << strerror(errno));
+}
+
+void SecuritySocketService::registerServiceCallback(const std::string &interfaceName,
+ const std::string &methodName,
+ socketServerCallback callbackMethod,
+ securityCheck securityMethod){
+ if(NULL == callbackMethod){
+ LogError("Null callback");
+ ThrowMsg(DPL::Exception, "Null callback");
+ }
+ if(interfaceName.empty() || methodName.empty()){
+ LogError("Interface and method name cannot be empty");
+ ThrowMsg(DPL::Exception, "Empty interface or method name");
+ }
+
+ auto serviceCallbackPtr = std::make_shared<ServiceCallback>(ServiceCallback(callbackMethod, securityMethod));
+ m_callbackMap[interfaceName][methodName] = serviceCallbackPtr;
+}
+
+void SecuritySocketService::addClientSocket(int clientSocket){
+ std::lock_guard<std::mutex> guard(m_clientSocketListMutex);
+ m_clientSocketList.push_back(clientSocket);
+}
+
+void SecuritySocketService::removeClientSocket(int clientSocket){
+ std::lock_guard<std::mutex> guard(m_clientSocketListMutex);
+ m_clientSocketList.remove(clientSocket);
+}
+
+bool SecuritySocketService::popClientSocket(int * clientSocket){
+ std::lock_guard<std::mutex> guard(m_clientSocketListMutex);
+ if(m_clientSocketList.empty())
+ return false;
+ *clientSocket = m_clientSocketList.front();
+ m_clientSocketList.pop_front();
+ return true;
+}
+
+void SecuritySocketService::initialize(){
+
+ LogInfo("Initializing...");
+ m_serverAddress = WrtSecurity::SecurityDaemonSocketConfig::SERVER_ADDRESS();
+ m_signalToClose = SIGNAL_TO_CLOSE;
+
+ //registering Ace callbacks
+ registerServiceCallback(WrtSecurity::AceServerApi::INTERFACE_NAME(),
+ WrtSecurity::AceServiceCallbacksApi::CHECK_ACCESS_METHOD_CALLBACK().first,
+ WrtSecurity::AceServiceCallbacksApi::CHECK_ACCESS_METHOD_CALLBACK().second);
+
+ registerServiceCallback(WrtSecurity::AceServerApi::INTERFACE_NAME(),
+ WrtSecurity::AceServiceCallbacksApi::CHECK_ACCESS_INSTALL_METHOD_CALLBACK().first,
+ WrtSecurity::AceServiceCallbacksApi::CHECK_ACCESS_INSTALL_METHOD_CALLBACK().second);
+
+ registerServiceCallback(WrtSecurity::AceServerApi::INTERFACE_NAME(),
+ WrtSecurity::AceServiceCallbacksApi::UPDATE_POLICY_METHOD_CALLBACK().first,
+ WrtSecurity::AceServiceCallbacksApi::UPDATE_POLICY_METHOD_CALLBACK().second);
+ LogInfo("Registered Ace callbacks");
+
+ //registering Ocsp callbacks
+ registerServiceCallback(WrtSecurity::OcspServerApi::INTERFACE_NAME(),
+ WrtSecurity::OcspServiceCallbacksApi::CHECK_ACCESS_METHOD_CALLBACK().first,
+ WrtSecurity::OcspServiceCallbacksApi::CHECK_ACCESS_METHOD_CALLBACK().second);
+ LogInfo("Registered Ocsp callbacks");
+
+ //registering Popup callbacks
+ registerServiceCallback(WrtSecurity::PopupServerApi::INTERFACE_NAME(),
+ WrtSecurity::PopupServiceCallbacksApi::VALIDATION_METHOD_CALLBACK().first,
+ WrtSecurity::PopupServiceCallbacksApi::VALIDATION_METHOD_CALLBACK().second);
+ LogInfo("Registered Popup callbacks");
+
+ if(-1 == (m_listenFd = socket(AF_UNIX, SOCK_STREAM, 0))){
+ throwWithErrnoMessage("socket()");
+ }
+ LogInfo("Server socket created");
+
+ //socket needs to be nonblocking, because read can block after select
+ int flags;
+ if (-1 == (flags = fcntl(m_listenFd, F_GETFL, 0)))
+ flags = 0;
+ if(-1 == (fcntl(m_listenFd, F_SETFL, flags | O_NONBLOCK))){
+ throwWithErrnoMessage("fcntl");
+ }
+
+ sockaddr_un server_address;
+ bzero(&server_address, sizeof(server_address));
+ server_address.sun_family = AF_UNIX;
+ strcpy(server_address.sun_path, m_serverAddress.c_str());
+ unlink(server_address.sun_path);
+
+ if(-1 == bind(m_listenFd, (struct sockaddr *)&server_address, SUN_LEN(&server_address))){
+ throwWithErrnoMessage("bind()");
+ }
+
+ LogInfo("Initialized");
+}
+
+void SecuritySocketService::start(){
+
+ LogInfo("Starting...");
+ if(m_serverAddress.empty()){
+ LogError("Server not initialized");
+ ThrowMsg(DPL::Exception, "Server not initialized");
+ }
+
+ sigset_t sigset;
+ sigemptyset(&sigset);
+ if(-1 == sigaddset(&sigset, m_signalToClose)){
+ throwWithErrnoMessage("sigaddset()");
+ }
+ int returned_value;
+ if ((returned_value = pthread_sigmask(SIG_BLOCK, &sigset, NULL)) < 0) {
+ errno = returned_value;
+ throwWithErrnoMessage("pthread_sigmask()");
+ }
+
+ pthread_t mainThread;
+ if((returned_value = pthread_create(&mainThread, NULL, &serverThread, this)) < 0){
+ errno = returned_value;
+ throwWithErrnoMessage("pthread_create()");
+ }
+ m_mainThread = mainThread;
+
+ LogInfo("Started");
+}
+
+void * SecuritySocketService::serverThread(void * data){
+ pthread_detach(pthread_self());
+ SecuritySocketService &t = *static_cast<SecuritySocketService *>(data);
+ LogInfo("Running server main thread");
+ Try {
+ t.mainLoop();
+ } Catch (DPL::Exception) {
+ LogError("Socket server error. Exiting...");
+ return (void *)1;
+ }
+
+ return (void *)0;
+}
+
+
+void SecuritySocketService::mainLoop(){
+
+ if(listen(m_listenFd, MAX_LISTEN) == -1){
+ throwWithErrnoMessage("listen()");
+ }
+
+ //Settings to catch closing signal in select
+ int signal_fd;
+ sigset_t sigset;
+ if(-1 == (sigemptyset(&sigset))){
+ throwWithErrnoMessage("sigemptyset()");
+ }
+ if(-1 == (sigaddset(&sigset, m_signalToClose))) {
+ throwWithErrnoMessage("sigaddset()");
+ }
+ if((signal_fd = signalfd(-1, &sigset, 0)) < 0){
+ throwWithErrnoMessage("signalfd()");
+ }
+
+ //Setting descriptors for pselect
+ fd_set allset, rset;
+ int maxfd;
+ FD_ZERO(&allset);
+ FD_SET(m_listenFd, &allset);
+ FD_SET(signal_fd, &allset);
+ timespec timeout;
+ maxfd = (m_listenFd > signal_fd) ? (m_listenFd) : (signal_fd);
+ ++maxfd;
+
+ while(1){
+ timeout.tv_sec = TIMEOUT_SEC;
+ timeout.tv_nsec = TIMEOUT_NSEC;
+ rset = allset;
+ if(-1 == pselect(maxfd, &rset, NULL, NULL, &timeout, NULL)){
+ closeConnections();
+ throwWithErrnoMessage("pselect()");
+ }
+
+ if(FD_ISSET(signal_fd, &rset)){
+ LogInfo("Got signal to close");
+ signalfd_siginfo siginfo;
+ ssize_t res;
+ res = read(signal_fd, &siginfo, sizeof(siginfo));
+ if(res <= 0){
+ closeConnections();
+ throwWithErrnoMessage("read()");
+ }
+ if((size_t)res != sizeof(siginfo)){
+ closeConnections();
+ LogError("couldn't read whole siginfo");
+ ThrowMsg(DPL::Exception, "couldn't read whole siginfo");
+ }
+ if((int)siginfo.ssi_signo == m_signalToClose){
+ LogInfo("Server thread got signal to close");
+ closeConnections();
+ return;
+ } else {
+ LogInfo("Got not handled signal");
+ }
+ }
+ if(FD_ISSET(m_listenFd, &rset)){
+ int client_fd;
+ if(-1 == (client_fd = accept(m_listenFd, NULL, NULL))){
+ closeConnections();
+ throwWithErrnoMessage("accept()");
+ }
+ LogInfo("Got incoming connection");
+ Connection_Info * connection = new Connection_Info(client_fd, (void *)this);
+ int res;
+ pthread_t client_thread;
+ if((res = pthread_create(&client_thread, NULL, &connectionThread, connection)) < 0){
+ delete connection;
+ errno = res;
+ closeConnections();
+ throwWithErrnoMessage("pthread_create()");
+ }
+ addClientSocket(client_fd);
+ }
+ }
+}
+
+void * SecuritySocketService::connectionThread(void * data){
+ pthread_detach(pthread_self());
+ std::auto_ptr<Connection_Info> c (static_cast<Connection_Info *>(data));
+ SecuritySocketService &t = *static_cast<SecuritySocketService *>(c->data);
+
+ Try {
+ t.connectionService(c->connfd);
+ } Catch (DPL::Exception){
+ LogError("Connection thread error");
+ t.removeClientSocket(c->connfd);
+ close(c->connfd);
+ return (void*)1;
+ }
+ return (void*)0;
+}
+
+void SecuritySocketService::connectionService(int fd){
+
+ SocketConnection connector = SocketConnection(fd);
+ std::string interfaceName, methodName;
+
+ Try {
+ connector.read(&interfaceName, &methodName);
+ } Catch (SocketConnection::Exception::SocketConnectionException){
+ LogError("Socket Connection read error");
+ ReThrowMsg(DPL::Exception, "Socket Connection read error");
+ }
+
+ LogDebug("Got interface : " << interfaceName);
+ LogDebug("Got method : " << methodName);
+
+ if( m_callbackMap.find(interfaceName) == m_callbackMap.end()){
+ LogError("Unknown interface : " << interfaceName);
+ ThrowMsg(DPL::Exception, "Unknown interface : " << interfaceName);
+ }
+
+ if(m_callbackMap[interfaceName].find(methodName) == m_callbackMap[interfaceName].end()){
+ LogError("Unknown method : " << methodName);
+ ThrowMsg(DPL::Exception, "Unknown method");
+ }
+
+ if(m_callbackMap[interfaceName][methodName]->securityCallback != NULL){
+ if(!m_callbackMap[interfaceName][methodName]->securityCallback(fd)){
+ LogError("Security check returned false");
+ ThrowMsg(DPL::Exception, "Security check returned false");
+ }
+ }
+
+ Try{
+ m_callbackMap[interfaceName][methodName]->serviceCallback(&connector);
+ } Catch (ServiceCallbackApi::Exception::ServiceCallbackException){
+ LogError("Service callback error");
+ ReThrowMsg(DPL::Exception, "Service callback error");
+ }
+
+ removeClientSocket(fd);
+ if(-1 == close(fd)){
+ LogError("close() : " << strerror(errno));
+ ThrowMsg(DPL::Exception, "shutdown() : " << strerror(errno));
+ }
+
+ LogInfo("Call served");
+
+}
+
+void SecuritySocketService::stop(){
+ LogInfo("Stopping");
+ if(-1 == close(m_listenFd))
+ if(errno != ENOTCONN)
+ throwWithErrnoMessage("close()");
+ int returned_value;
+ if((returned_value = pthread_kill(m_mainThread, m_signalToClose)) < 0){
+ errno = returned_value;
+ throwWithErrnoMessage("pthread_kill()");
+ }
+ pthread_join(m_mainThread, NULL);
+
+ LogInfo("Stopped");
+}
+
+void SecuritySocketService::closeConnections(){
+
+ int clientSocket;
+ LogInfo("Closing client sockets");
+ while(popClientSocket(&clientSocket)){
+ if(-1 == close(clientSocket)){
+ LogError("close() : " << strerror(errno));
+ }
+ }
+
+ LogInfo("Connections closed");
+}
+
+void SecuritySocketService::deinitialize(){
+ m_serverAddress.clear();
+
+ LogInfo("Deinitialized");
+
+}
+
+#ifdef SOCKET_CONNECTION
+DAEMON_REGISTER_SERVICE_MODULE(SecuritySocketService)
+#endif
--- /dev/null
+/*
+ * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/**
+ * @file security_socket_service.h
+ * @author Zofia Abramowska (z.abramowska@samsung.com)
+ * @version 1.0
+ * @brief Header of socket server class
+ */
+
+#ifndef SECURITY_SOCKET_SERVICE_H_
+#define SECURITY_SOCKET_SERVICE_H_
+
+#include <map>
+#include <list>
+#include <memory>
+#include <mutex>
+#include <pthread.h>
+#include <security_daemon.h>
+#include <SocketConnection.h>
+#include <callback_api.h>
+
+class SecuritySocketService : public SecurityDaemon::DaemonService {
+
+private:
+
+ virtual void initialize();
+ virtual void start();
+ virtual void stop();
+ virtual void deinitialize();
+
+
+private:
+
+ //Function for registering callback with given interface and method name and possibly security check callback
+ void registerServiceCallback(const std::string& interfaceName,
+ const std::string& methodName,
+ socketServerCallback serviceCallback,
+ securityCheck securityCallback = NULL);
+ //Thread function for server
+ static void * serverThread(void *);
+ //Main function for server
+ void mainLoop();
+ //Thread function for connection serving
+ static void * connectionThread(void *);
+ //Main function for connection serving
+ void connectionService(int fd);
+ //closing all connections
+ void closeConnections();
+ //logs an error and throws an exception with message containing errno message
+ void throwWithErrnoMessage(const std::string &specificInfo);
+
+ //concurrency safe methods for client socket list - add, remove and pop (with returned value)
+ void addClientSocket(int clientThread);
+ void removeClientSocket(int clientThread);
+ bool popClientSocket(int* clientThread);
+
+ //Address of socket server
+ std::string m_serverAddress;
+ //Signal used for informing threads to stop
+ int m_signalToClose;
+ //Socket for listening
+ int m_listenFd;
+ //Number of main thread
+ pthread_t m_mainThread;
+ //Numbers of all created threads for connections
+ std::list<int> m_clientSocketList;
+
+ //Thread list mutex
+ std::mutex m_clientSocketListMutex;
+
+ //Structure for callback maps
+ class ServiceCallback
+ {
+ public:
+ ServiceCallback(socketServerCallback ser, securityCheck sec) : serviceCallback(ser), securityCallback(sec){}
+ socketServerCallback serviceCallback;
+ securityCheck securityCallback;
+ };
+
+ typedef std::shared_ptr<ServiceCallback> ServiceCallbackPtr;
+ //Map for callback methods, key is a method name and value is a callback to method
+ typedef std::map<std::string, ServiceCallbackPtr> ServiceMethodCallbackMap;
+ //Map for interface methods, key is an interface name and value is a map of available methods with callbacks
+ std::map<std::string, ServiceMethodCallbackMap> m_callbackMap;
+
+ //Structure passed to connection thread
+ struct Connection_Info{
+ Connection_Info(int fd, void * data) : connfd(fd), data(data)
+ {}
+ int connfd;
+ void * data;
+ };
+
+};
+
+#endif /* SECURITY_SOCKET_SERVICE_H_ */
* @brief This is main routing for Security Daemon
*/
-#include <string>
-
-#include <dpl/application.h>
#include <dpl/log/log.h>
#include <dpl/single_instance.h>
-#include <dpl/wrt-dao-ro/global_config.h>
#include "security_daemon.h"
mode_t sock_mode;
/* Deleted garbage Unix domain socket file */
- remove(SECURITY_SERVER_SOCK_PATH);
+ retval = remove(SECURITY_SERVER_SOCK_PATH);
+
+ if (retval == -1 && errno != ENOENT) {
+ retval = SECURITY_SERVER_ERROR_UNKNOWN;
+ localsockfd = -1;
+ SEC_SVR_DBG("%s", "Unable to remove /tmp/.security_server.sock");
+ goto error;
+ }
/* Create Unix domain socket */
if((localsockfd = socket(AF_UNIX, SOCK_STREAM, 0)) < 0 )
if(errno != EOPNOTSUPP)
{
retval = SECURITY_SERVER_ERROR_SOCKET;
+ close(localsockfd);
localsockfd = -1;
goto error;
}
if(errno != EOPNOTSUPP)
{
retval = SECURITY_SERVER_ERROR_SOCKET;
+ close(localsockfd);
localsockfd = -1;
goto error;
}
/* Receive response */
retval = read(sockfd, hdr, sizeof(response_header));
- if(retval < sizeof(hdr) )
+ if(retval < sizeof(response_header) )
{
/* Error on socket */
SEC_SVR_DBG("Client: Receive failed %d", retval);
SEC_SVR_DBG("Client: Receive failed %d", retval);
return SECURITY_SERVER_ERROR_RECV_FAILED;
}
+
+ //if come here there were no errors
+ return SECURITY_SERVER_SUCCESS;
}
/* Authenticate client application *
/* This is not a garbage. returning */
return cookie;
}
-
- cookie = cookie->next;
}
return retval;
}
if(debug_cmdline == NULL)
{
SEC_SVR_DBG("%s", "out of memory error");
+ free(cmdline);
return NULL;
}
strncpy(debug_cmdline, current->path, current->path_len);
{
int fd, ret;
- fd = open("/dev/urandom", O_RDONLY);
- if(fd < 0)
- {
- SEC_SVR_DBG("%s", "Cannot open /dev/urandom");
- return SECURITY_SERVER_ERROR_FILE_OPERATION;
- }
- ret = read(fd, cookie, size);
- if(ret < size)
- {
- SEC_SVR_DBG("Cannot read /dev/urandom: %d", ret);
- ret = SECURITY_SERVER_ERROR_FILE_OPERATION;
- goto error;
- }
- close(fd);
- ret = SECURITY_SERVER_SUCCESS;
+ if (cookie == NULL) {
+ SEC_SVR_DBG("%s", "Null pointer passed to function");
+ return SECURITY_SERVER_ERROR_UNKNOWN;
+ }
+ fd = open("/dev/urandom", O_RDONLY);
+ if(fd < 0)
+ {
+ SEC_SVR_DBG("%s", "Cannot open /dev/urandom");
+ return SECURITY_SERVER_ERROR_FILE_OPERATION;
+ }
+ ret = read(fd, cookie, size);
+ if(ret < size)
+ {
+ SEC_SVR_DBG("Cannot read /dev/urandom: %d", ret);
+ ret = SECURITY_SERVER_ERROR_FILE_OPERATION;
+ goto error;
+ }
+ close(fd);
+ ret = SECURITY_SERVER_SUCCESS;
error:
if(fd > 0)
close(fd);
goto error;
}
- /* Change mod only allow root process to read */
- ret = fchmod(fd, 0600);
- if (ret < 0)
- {
- SEC_SVR_DBG("%s", "Cannot chmod default cookie");
- ret = SECURITY_SERVER_ERROR_FILE_OPERATION;
- goto error;
- }
close(fd);
return SECURITY_SERVER_SUCCESS;
}
goto error;
}
- if(msg_len > SECURITY_SERVER_MAX_OBJ_NAME)
+ if(msg_len >= SECURITY_SERVER_MAX_OBJ_NAME)
{
/* Too big ojbect name */
SEC_SVR_DBG("%s", "Object name is too big");
if(ret == SECURITY_SERVER_ERROR_POLL)
{
SEC_SVR_DBG("%s", "poll() error");
+ free(buf);
return SECURITY_SERVER_ERROR_SEND_FAILED;
}
if(ret == SECURITY_SERVER_ERROR_TIMEOUT)
{
SEC_SVR_DBG("%s", "poll() timeout");
+ free(buf);
return SECURITY_SERVER_ERROR_SEND_FAILED;
}
/* Send to client */
ret = write(sockfd, buf, total_size);
-
+ free(buf);
if(ret < total_size)
- return SECURITY_SERVER_ERROR_SEND_FAILED;
+ return SECURITY_SERVER_ERROR_SEND_FAILED;
return SECURITY_SERVER_SUCCESS;
}
*/
/*
* @file ace_server_api.h
- * @author Tomasz Swierczek (t.swierczek@samsung.com)
+ * @author Zofia Abramowska (z.abramowska@samsung.com)
* @version 1.0
- * @brief This file contains definitions ACE server interface & methods.
+ * @brief This file contains definitions of ACE server interface name & methods.
*/
+
#ifndef WRT_SRC_RPC_SECURITY_DAEMON_ACE_SERVER_API_H_
#define WRT_SRC_RPC_SECURITY_DAEMON_ACE_SERVER_API_H_
return "org.tizen.AceCheckAccessInterface";
}
- // RPC test function
- // IN std::string
- // OUT std::string
- inline const std::string ECHO_METHOD()
- {
- return "echo";
- }
-
// IN string subject
// IN string resource
// IN vector<string> function param names
#define WRT_SRC_RPC_SECURITY_DAEMON_ACE_SERVER_DBUS_INTERFACE_H_
#include <dpl/dbus/dbus_interface_dispatcher.h>
-#include "api/ace_server_api.h"
+#include "api/ace_server_dbus_api.h"
namespace RPC {
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file ace_server_api.h
+ * @author Tomasz Swierczek (t.swierczek@samsung.com)
+ * @version 1.0
+ * @brief This file contains definitions ACE server interface & methods specifically needed by DBUS.
+ */
+#ifndef WRT_SRC_RPC_SECURITY_DAEMON_ACE_SERVER_DBUS_API_H_
+#define WRT_SRC_RPC_SECURITY_DAEMON_ACE_SERVER_DBUS_API_H_
+
+#include "ace_server_api.h"
+#include<string>
+
+namespace WrtSecurity{
+namespace AceServerApi{
+
+
+ // RPC test function
+ // IN std::string
+ // OUT std::string
+ inline const std::string ECHO_METHOD()
+ {
+ return "echo";
+ }
+};
+};
+
+
+#endif // WRT_SRC_RPC_SECURITY_DAEMON_ACE_SERVER_DBUS_API_H_
#include <stdexcept>
#include <map>
#include <cstdlib>
-#include <dpl/wrt-dao-ro/wrt_db_types.h>
-#include <dpl/wrt-dao-rw/widget_dao.h>
-#include <dpl/wrt-dao-rw/feature_dao.h>
+#include <ace-dao-ro/AceDAOReadOnly.h>
#include <ace/WRT_INTERFACE.h>
#include <map>
#include <dpl/log/log.h>
+#include <dpl/foreach.h>
#include <attribute_facade.h>
#include <ace/Request.h>
#include <simple_roaming_agent.h>
-using namespace WrtDB;
-
namespace // anonymous
{
typedef std::list<std::string> AttributeHandlerResponse;
const WidgetHandle &widgetHandle)
{
AttributeHandlerResponse response;
- WidgetDAOReadOnly dao(widgetHandle);
-
- std::string value = dao.getShareHref();
-
- if (!value.empty()) {
+ std::string value = AceDB::AceDAOReadOnly::getShareHref(widgetHandle);
+ if(!value.empty())
response.push_back(value);
- }
-
return response;
}
const WidgetHandle &widgetHandle)
{
AttributeHandlerResponse response;
- WidgetDAOReadOnly dao(widgetHandle);
- DPL::Optional<DPL::String> value = dao.getVersion();
+ std::string value = AceDB::AceDAOReadOnly::getVersion(widgetHandle);
- if (!!value) {
- response.push_back(DPL::ToUTF8String(*value));
+ if (!value.empty()) {
+ response.push_back(value);
}
return response;
const WidgetHandle &widgetHandle)
{
AttributeHandlerResponse response;
- WidgetDAOReadOnly dao(widgetHandle);
-
- response = dao.getKeyCommonNameList(WidgetCertificateData::DISTRIBUTOR,
- WidgetCertificateData::ENDENTITY);
-
+ response = AceDB::AceDAOReadOnly::getKeyCommonNameList(widgetHandle,
+ AceDB::WidgetCertificateData::DISTRIBUTOR, AceDB::WidgetCertificateData::ENDENTITY);
return response;
}
const WidgetHandle &widgetHandle)
{
AttributeHandlerResponse response;
- WidgetDAOReadOnly dao(widgetHandle);
-
- response = dao.getKeyFingerprints(WidgetCertificateData::DISTRIBUTOR,
- WidgetCertificateData::ENDENTITY);
-
+ response = AceDB::AceDAOReadOnly::getKeyFingerprints(widgetHandle,
+ AceDB::WidgetCertificateData::DISTRIBUTOR, AceDB::WidgetCertificateData::ENDENTITY);
return response;
}
const WidgetHandle &widgetHandle)
{
AttributeHandlerResponse response;
- WidgetDAOReadOnly dao(widgetHandle);
-
- response = dao.getKeyCommonNameList(WidgetCertificateData::DISTRIBUTOR,
- WidgetCertificateData::ROOT);
-
+ response = AceDB::AceDAOReadOnly::getKeyCommonNameList(widgetHandle,
+ AceDB::WidgetCertificateData::DISTRIBUTOR, AceDB::WidgetCertificateData::ROOT);
return response;
}
const WidgetHandle &widgetHandle)
{
AttributeHandlerResponse response;
- WidgetDAOReadOnly dao(widgetHandle);
-
- response = dao.getKeyFingerprints(WidgetCertificateData::DISTRIBUTOR,
- WidgetCertificateData::ROOT);
-
+ response = AceDB::AceDAOReadOnly::getKeyFingerprints(widgetHandle,
+ AceDB::WidgetCertificateData::DISTRIBUTOR, AceDB::WidgetCertificateData::ROOT);
return response;
}
const WidgetHandle &widgetHandle)
{
AttributeHandlerResponse response;
- WidgetDAOReadOnly dao(widgetHandle);
-
- response = dao.getKeyCommonNameList(WidgetCertificateData::AUTHOR,
- WidgetCertificateData::ENDENTITY);
-
+ response = AceDB::AceDAOReadOnly::getKeyCommonNameList(widgetHandle,
+ AceDB::WidgetCertificateData::AUTHOR, AceDB::WidgetCertificateData::ENDENTITY);
return response;
}
const WidgetHandle &widgetHandle)
{
AttributeHandlerResponse response;
- WidgetDAOReadOnly dao(widgetHandle);
-
- response = dao.getKeyFingerprints(WidgetCertificateData::AUTHOR,
- WidgetCertificateData::ENDENTITY);
-
+ response = AceDB::AceDAOReadOnly::getKeyFingerprints(widgetHandle,
+ AceDB::WidgetCertificateData::AUTHOR, AceDB::WidgetCertificateData::ENDENTITY);
return response;
}
const WidgetHandle &widgetHandle)
{
AttributeHandlerResponse response;
- WidgetDAOReadOnly dao(widgetHandle);
-
- response = dao.getKeyCommonNameList(WidgetCertificateData::AUTHOR,
- WidgetCertificateData::ROOT);
-
+ response = AceDB::AceDAOReadOnly::getKeyCommonNameList(widgetHandle,
+ AceDB::WidgetCertificateData::AUTHOR, AceDB::WidgetCertificateData::ROOT);
return response;
}
const WidgetHandle &widgetHandle)
{
AttributeHandlerResponse response;
- WidgetDAOReadOnly dao(widgetHandle);
-
- response = dao.getKeyFingerprints(WidgetCertificateData::AUTHOR,
- WidgetCertificateData::ROOT);
-
+ response = AceDB::AceDAOReadOnly::getKeyFingerprints(widgetHandle,
+ AceDB::WidgetCertificateData::AUTHOR, AceDB::WidgetCertificateData::ROOT);
return response;
}
const WidgetHandle &widgetHandle)
{
AttributeHandlerResponse response;
- WidgetDAOReadOnly dao(widgetHandle);
- WidgetGUID wGUID = dao.getGUID();
- if (!!wGUID) {
- response.push_back(DPL::ToUTF8String(*wGUID));
+ std::string wGUID = AceDB::AceDAOReadOnly::getGUID(widgetHandle);
+
+ if (!wGUID.empty()) {
+ response.push_back(wGUID);
}
return response;
}
-//AttributeHandlerResponse AttributeNameHandler(const WidgetExecutionPhase & /*phase*/,
-// const WidgetHandle &widgetHandle)
-//{
-// AttributeHandlerResponse response;
-//
-// WidgetLocalizedInfo info =
-// W3CFileLocalization::getLocalizedInfo(widgetHandle);
-//
-// DPL::Optional<DPL::String> val = info.name;
-// std::string value = !!val ? DPL::ToUTF8String(*val) : "";
-//
-// response.push_back(value);
-// return response;
-//}
-//
-//AttributeHandlerResponse AttributeWidgetAttrNameHandler(
-// const WidgetExecutionPhase & /*phase*/,
-// const WidgetHandle &widgetHandle)
-//{
-// AttributeHandlerResponse response;
-//
-// WidgetLocalizedInfo info =
-// W3CFileLocalization::getLocalizedInfo(widgetHandle);
-//
-// DPL::Optional<DPL::String> value = info.name;
-//
-// if (!!value) {
-// response.push_back(DPL::ToUTF8String(*value));
-// }
-//
-// return response;
-//}
-
AttributeHandlerResponse AttributeAuthorNameHandler(
const WidgetExecutionPhase & /*phase*/,
const WidgetHandle &widgetHandle)
{
AttributeHandlerResponse response;
- WidgetDAOReadOnly dao(widgetHandle);
- DPL::Optional<DPL::String> value = dao.getAuthorName();
+ std::string value = AceDB::AceDAOReadOnly::getAuthorName(widgetHandle);
- if (!!value) {
- response.push_back(DPL::ToUTF8String(*value));
+ if (!value.empty()) {
+ response.push_back(value);
}
return response;
}
};
-class lambdaWidgetPrefixEquality :
- public std::binary_function<WidgetFeature, std::string, bool>
-{
- public:
- bool operator()(const WidgetFeature& wFeature,
- const std::string& prefix) const
- {
- return wFeature.name.find(DPL::FromUTF8String(prefix)) !=
- DPL::String::npos;
- }
-};
-
-class lambdaWidgetNameEquality :
- public std::binary_function<WidgetFeature, std::string, bool>
-{
- public:
- bool operator()(const WidgetFeature& wFeature,
- const std::string& prefix) const
- {
- return wFeature.name == DPL::FromUTF8String(prefix);
- }
-};
-
-FeatureHandleList getFeatureHandleList(const WidgetHandle& widgetHandle,
- const std::string& resourceId)
-{
- FeatureHandleList featureHandleList;
- WidgetDAOReadOnly widgetDAO(widgetHandle);
- WidgetFeatureSet wFeatureSet = widgetDAO.getFeaturesList();
- WidgetFeatureSet::iterator foundFeatures =
- std::find_if(wFeatureSet.begin(),
- wFeatureSet.end(),
- std::bind2nd(lambdaWidgetPrefixEquality(), resourceId));
-
- if (foundFeatures != wFeatureSet.end()) {
- FeatureDAOReadOnly featureDAO(resourceId);
- featureHandleList.push_back(featureDAO.GetFeatureHandle());
- }
- return featureHandleList;
-}
-
AttributeHandlerResponse AttributeDeviceCapHandler(const WidgetExecutionPhase & /*phase*/,
const WidgetHandle & /*widgetHandle*/,
const Request &request)
lambdaCollectionPusher<std::string>(response));
return response;
+}
- // We should return list of device-caps required by resourceId.
- // AttributeHandlerResponse response;
- //
- // FeatureHandleList fHandleList =
- // getFeatureHandleList(widgetHandle, resourceId);
- // if( !fHandleList.empty() )
- // {
- // FeatureDAO feature( resourceId );
- // std::set<std::string> deviceCapLast =
- // feature.GetDeviceCapabilities();
- // std::for_each(
- // deviceCapList.begin(),
- // deviceCapList.end(),
- // lambdaCollectionPusher<DeviceCapList::value_type>(
- // response) );
- // }
- // return response;
-}
-
-class lambdaFeatureEquality :
- public std::binary_function<FeatureHandle, int, bool>
-{
- public:
- bool operator()(const FeatureHandle& wFeature,
- const int& resurceId) const
- {
- return wFeature == resurceId;
- }
-};
-
-class lambdaPushFeatureName :
- public std::binary_function<WidgetFeature, AttributeHandlerResponse, void>
-{
- void operator()(const WidgetFeature& wFeature,
- AttributeHandlerResponse& response) const
- {
- response.push_back(DPL::ToUTF8String(wFeature.name));
- }
-};
+//class lambdaFeatureEquality :
+// public std::binary_function<FeatureHandle, int, bool>
+//{
+// public:
+// bool operator()(const FeatureHandle& wFeature,
+// const int& resurceId) const
+// {
+// return wFeature == resurceId;
+// }
+//};
+//
+//class lambdaPushFeatureName :
+// public std::binary_function<WidgetFeature, AttributeHandlerResponse, void>
+//{
+// void operator()(const WidgetFeature& wFeature,
+// AttributeHandlerResponse& response) const
+// {
+// response.push_back(DPL::ToUTF8String(wFeature.name));
+// }
+//};
AttributeHandlerResponse AttributeApiFeatureHandler(
const WidgetExecutionPhase & /* phase */,
LogDebug("WAC 2.0 does not support api-feature and resource-id in policy.");
AttributeHandlerResponse response;
return response;
- // Wrt shouldn't ask about resource which is not listed in
- // (widget) config.xml file
- //
- // AttributeHandlerResponse response;
- // WidgetDAOReadOnly widgetDAO(widgetHandle);
- // WidgetFeatureSet wFeatureSet = widgetDAO.GetFeaturesList();
- // std::string featureName = resourceId;
- // WidgetFeatureSet::iterator foundFeatures =
- // std::find_if(wFeatureSet.begin(),
- // wFeatureSet.end(),
- // std::bind2nd(lambdaWidgetPrefixEquality(),
- // featureName));
- //
- // while( foundFeatures != wFeatureSet.end() )
- // {
- // response.push_back( foundFeatures->name );
- // LogDebug("Found feature: " << foundFeatures->name );
- // foundFeatures++;
- // }
- //
- // return response;
-}
-
-typedef std::string (FeatureDAOReadOnly::*FNMETHOD)() const;
-
-AttributeHandlerResponse GetFeatureAttributeGroup(const WidgetExecutionPhase & /*phase*/,
- const WidgetHandle &widgetHandle,
- const std::string& resourceId,
- FNMETHOD function)
-{
- AttributeHandlerResponse response;
- FeatureHandleList fHandleList =
- getFeatureHandleList(widgetHandle, resourceId);
- if (!fHandleList.empty()) {
- FeatureDAOReadOnly featureDAO(fHandleList.front());
- std::string attribute = (featureDAO.*function)();
- response.push_back(attribute);
- }
- return response;
}
AttributeHandlerResponse AttributeFeatureInstallUriHandler(
}
return 0;
}
-
#include <string>
#include <dpl/event/inter_context_delegate.h>
-#include <dpl/wrt-dao-ro/wrt_db_types.h>
-
namespace Jobs {
class Job;
}
#include <ace/PromptDecision.h>
#include <dpl/log/log.h>
-#include <dpl/wrt-dao-ro/widget_dao_read_only.h>
-#include <dpl/wrt-dao-ro/WrtDatabase.h>
-
namespace {
Request::ApplicationType getAppType(const Request *request) {
- WrtDB::WidgetDAOReadOnly widgetDao(request->getWidgetHandle());
- WrtDB::AppType appType = widgetDao.getWidgetType().appType;
+ AceDB::AppTypes appType =
+ AceDB::AceDAOReadOnly::getWidgetType(request->getWidgetHandle());
switch (appType) {
- case WrtDB::AppType::APP_TYPE_TIZENWEBAPP:
+ case AceDB::AppTypes::Tizen:
LogDebug("==== Found Tizen application. ====");
return Request::APP_TYPE_TIZEN;
- case WrtDB::AppType::APP_TYPE_WAC20:
+ case AceDB::AppTypes::WAC20:
LogDebug("==== Found Wac20 application. ====");
return Request::APP_TYPE_WAC20;
default:
} // anonymous namespace
void SecurityLogic::initialize() {
- WrtDB::WrtDatabase::attachToThreadRO();
+ AceDB::AceDAO::attachToThreadRW();
m_policyEnforcementPoint.initialize(new WebRuntimeImpl(),
new ResourceInformationImpl(),
new OperationSystemImpl());
void SecurityLogic::terminate() {
m_policyEnforcementPoint.terminate();
- WrtDB::WrtDatabase::detachFromThread();
+ AceDB::AceDAO::detachFromThread();
}
LogDebug("=== Check widget existance ===");
Try {
request->setAppType(getAppType(request));
- } Catch (WrtDB::WidgetDAOReadOnly::Exception::WidgetNotExist) {
+ } Catch (AceDB::AceDAOReadOnly::Exception::DatabaseError) {
LogError("==== Couldn't find widget for handle: " <<
request->getWidgetHandle() << ". Access denied. ====");
return PolicyEffect::DENY;
LogDebug("=== Check existance of widget === ");
Try {
request->setAppType(getAppType(request));
- } Catch (WrtDB::WidgetDAOReadOnly::Exception::WidgetNotExist) {
+ } Catch (AceDB::AceDAOReadOnly::Exception::DatabaseError) {
LogError("==== Couldn't find widget for handle: " <<
request->getWidgetHandle() << ". Access denied. ====");
return PolicyEffect::DENY;
LogDebug("Check widget existance");
Try {
request->setAppType(getAppType(request));
- } Catch (WrtDB::WidgetDAOReadOnly::Exception::WidgetNotExist) {
+ } Catch (AceDB::AceDAOReadOnly::Exception::DatabaseError) {
LogError("==== Couldn't find widget for handle: " <<
request->getWidgetHandle() << ". Access denied. ====");
retValue = false;
LogDebug("Recheck: " << *it);
// 1) check if per-widget settings permit
AceDB::PreferenceTypes wgtPref =
- AceDB::AceDAO::getWidgetDevCapSetting(
+ AceDB::AceDAOReadOnly::getWidgetDevCapSetting(
resourceId,
request->getWidgetHandle());
if (AceDB::PreferenceTypes::PREFERENCE_DENY == wgtPref) {
}
// 2) check if per-dev-cap settings permit
AceDB::PreferenceTypes resPerf =
- AceDB::AceDAO::getDevCapSetting(resourceId);
+ AceDB::AceDAOReadOnly::getDevCapSetting(resourceId);
if (AceDB::PreferenceTypes::PREFERENCE_DENY == resPerf) {
LogDebug("returning " << *retValue);
return;
// 3) check for stored propmt answer - should not be there
// TODO - is this check necessary?
AceDB::BaseAttributeSet attributes;
- AceDB::AceDAO::getAttributes(&attributes);
+ AceDB::AceDAOReadOnly::getAttributes(&attributes);
Request req(request->getWidgetHandle(),
request->getExecutionPhase());
req.addDeviceCapability(resourceId);
--- /dev/null
+/*
+ * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file ace_service_callbacks.cpp
+ * @author Zofia Abramowska (z.abramowska@samsung.com)
+ * @version 1.0
+ * @brief Implementation of Ace Service callbacks
+ */
+#include <string>
+#include <vector>
+#include <dpl/log/log.h>
+#include "ace_service_callbacks.h"
+#include <callback_api.h>
+#include <ace/Request.h>
+#include <ace/PolicyResult.h>
+#include <security_controller.h>
+#include <attribute_facade.h>
+
+namespace RPC {
+
+void AceServiceCallbacks::checkAccess(SocketConnection * connector){
+
+ int widgetHandle = 0;
+ std::string subject, resource, sessionId;
+ std::vector<std::string> paramNames, paramValues;
+ Try {
+ connector->read(&widgetHandle,
+ &subject,
+ &resource,
+ ¶mNames,
+ ¶mValues,
+ &sessionId);
+ } Catch (SocketConnection::Exception::SocketConnectionException){
+ LogError("Socket Connection read error");
+ ReThrowMsg(ServiceCallbackApi::Exception::ServiceCallbackException,
+ "Socket Connection read error");
+ }
+
+ if (paramNames.size() != paramValues.size()) {
+ ThrowMsg(ServiceCallbackApi::Exception::ServiceCallbackException, "Varying sizes of parameter names and parameter values");
+ }
+ LogDebug("We got subject: " << subject);
+ LogDebug("We got resource: " << resource);
+
+ FunctionParamImpl params;
+ for (size_t i = 0; i < paramNames.size(); ++i) {
+ params.addAttribute(paramNames[i], paramValues[i]);
+ }
+
+ Request request(widgetHandle,
+ WidgetExecutionPhase_Invoke,
+ ¶ms);
+ request.addDeviceCapability(resource);
+
+ PolicyResult result(PolicyEffect::DENY);
+ CONTROLLER_POST_SYNC_EVENT(
+ SecurityController,
+ SecurityControllerEvents::CheckRuntimeCallSyncEvent(
+ &result,
+ &request,
+ sessionId));
+
+ int response = PolicyResult::serialize(result);
+
+ Try{
+ connector->write(response);
+ } Catch (SocketConnection::Exception::SocketConnectionException){
+ LogError("Socket Connection write error");
+ ReThrowMsg(ServiceCallbackApi::Exception::ServiceCallbackException,
+ "Socket Connection write error");
+ }
+}
+
+void AceServiceCallbacks::checkAccessInstall(SocketConnection * connector){
+
+ int widgetHandle;
+ std::string resource;
+
+ Try {
+ connector->read(&widgetHandle,
+ &resource);
+ } Catch (SocketConnection::Exception::SocketConnectionException){
+ LogError("Socket Connection read error");
+ ReThrowMsg(ServiceCallbackApi::Exception::ServiceCallbackException,
+ "Socket Connection read error");
+ }
+
+ LogDebug("We got handle: " << widgetHandle);
+ LogDebug("We got resource: " << resource);
+
+ Request request(widgetHandle,
+ WidgetExecutionPhase_WidgetInstall);
+ request.addDeviceCapability(resource);
+
+ PolicyResult result(PolicyEffect::DENY);
+ CONTROLLER_POST_SYNC_EVENT(
+ SecurityController,
+ SecurityControllerEvents::CheckFunctionCallSyncEvent(
+ &result,
+ &request));
+
+ int response = PolicyResult::serialize(result);
+
+ Try{
+ connector->write(response);
+ } Catch (SocketConnection::Exception::SocketConnectionException){
+ LogError("Socket Connection write error");
+ ReThrowMsg(ServiceCallbackApi::Exception::ServiceCallbackException,
+ "Socket Connection write error");
+ }
+}
+
+void AceServiceCallbacks::updatePolicy(SocketConnection * /*connector*/){
+
+
+ LogDebug("Policy update socket message received");
+ CONTROLLER_POST_SYNC_EVENT(
+ SecurityController,
+ SecurityControllerEvents::UpdatePolicySyncEvent());
+}
+
+} //namespace RPC
--- /dev/null
+/*
+ * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file ace_service_callbacks.h
+ * @author Zofia Abramowska (z.abramowska@samsung.com)
+ * @version 1.0
+ * @brief Header of Ace Service callbacks
+ */
+
+#ifndef ACE_SERVICE_CALLBACKS_H_
+#define ACE_SERVICE_CALLBACKS_H_
+
+#include <memory>
+#include <SocketConnection.h>
+#include <dpl/log/log.h>
+
+namespace RPC {
+
+namespace AceServiceCallbacks {
+
+ // IN string subject
+ // IN string resource
+ // IN vector<string> function param names
+ // IN vector<string> function param values
+ // OUT int allow, deny, popup type
+ void checkAccess(SocketConnection * connector);
+
+ // IN string subject
+ // IN string resource
+ // OUT int allow, deny, popup type
+ void checkAccessInstall(SocketConnection * connector);
+
+ // Policy update trigger
+ void updatePolicy(SocketConnection * connector);
+
+};
+
+} //namespace RPC
+
+#endif /* ACE_SERVICE_CALLBACKS_H_ */
--- /dev/null
+/*
+ * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file ace_service_callbacks_api.h
+ * @author Zofia Abramowska (z.abramowska@samsung.com)
+ * @version 1.0
+ * @brief Header with api of implemented Ace Service callbacks
+ */
+#ifndef ACE_SERVICE_CALLBACKS_API_H_
+#define ACE_SERVICE_CALLBACKS_API_H_
+
+#include <string>
+#include <utility>
+#include "ace_server_api.h"
+#include "ace_service_callbacks.h"
+#include "callback_api.h"
+
+namespace WrtSecurity{
+namespace AceServiceCallbacksApi{
+
+inline const std::pair<std::string, socketServerCallback> CHECK_ACCESS_METHOD_CALLBACK() {
+ return std::make_pair(WrtSecurity::AceServerApi::CHECK_ACCESS_METHOD(),
+ RPC::AceServiceCallbacks::checkAccess);
+}
+
+inline const std::pair<std::string, socketServerCallback> CHECK_ACCESS_INSTALL_METHOD_CALLBACK() {
+ return std::make_pair(WrtSecurity::AceServerApi::CHECK_ACCESS_INSTALL_METHOD(),
+ RPC::AceServiceCallbacks::checkAccessInstall);
+}
+
+inline const std::pair<std::string, socketServerCallback> UPDATE_POLICY_METHOD_CALLBACK() {
+ return std::make_pair(WrtSecurity::AceServerApi::UPDATE_POLICY_METHOD(),
+ RPC::AceServiceCallbacks::updatePolicy);
+}
+
+} // namespace AceServiceCallbacksApi
+} // namespace WrtSecurity
+
+
+#endif // ACE_SERVICE_CALLBACKS_API_H_
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file ocsp_server_api.h
+ * @author
+ * @version 1.0
+ * @brief This file contains definitions OCSP server interface & methods specifically needed by DBus.
+ */
+#ifndef WRT_SRC_RPC_SECURITY_DAEMON_OCSP_SERVER_DBUS_API_H_
+#define WRT_SRC_RPC_SECURITY_DAEMON_OCSP_SERVER_DBUS_API_H_
+
+#include "ocsp_server_api.h"
+#include<string>
+
+namespace WrtSecurity{
+namespace OcspServerApi{
+
+
+// RPC test function
+// IN std::string
+// OUT std::string
+inline const std::string ECHO_METHOD()
+{
+ return "echo";
+}
+
+
+
+}
+};
+
+#endif // WRT_SRC_RPC_SECURITY_DAEMON_OCSP_SERVER_DBUS_API_H_
* @brief Implementation of OCSP server API.
*/
#include "ocsp_server_dbus_interface.h"
-#include <dpl/foreach.h>
-#include <dpl/wrt-dao-ro/global_config.h>
-#include <dpl/wrt-dao-ro/widget_dao_read_only.h>
-#include <ace-dao-ro/common_dao_types.h>
namespace RPC {
} else if (OcspServerApi::CHECK_ACCESS_METHOD() == argMethodName) {
gint32 value;
g_variant_get(argParameters, "(i)", &value);
- WrtDB::DbWidgetHandle handle = static_cast<WrtDB::DbWidgetHandle>(
- value);
// TODO: this is making OCSP service a stub! this HAS to be moved
// with proper implementation to cert-svc daemon
#include <list>
#include <dpl/dbus/dbus_interface_dispatcher.h>
-#include "api/ocsp_server_api.h"
+#include "api/ocsp_server_dbus_api.h"
namespace RPC {
#ifndef WRT_SRC_RPC_SECURITY_DAEMON_OCSP_SERVER_API_H_
#define WRT_SRC_RPC_SECURITY_DAEMON_OCSP_SERVER_API_H_
+#include "ocsp_server_api.h"
#include<string>
namespace WrtSecurity{
return "org.tizen.OcspCheck";
}
-// RPC test function
-// IN std::string
-// OUT std::string
-inline const std::string ECHO_METHOD()
-{
- return "echo";
-}
-
// Function checks WidgetStatus for installed widget.
// https://106.116.37.24/wiki/WebRuntime/Security/Widget_Signatures
// IN WidgetHandle Widget ID in Database
* @brief This is implementation file of Ocsp service
*/
-
-#include <string>
-#include <list>
-#include <memory>
-
-#include <dpl/log/log.h>
-#include <dpl/single_instance.h>
-#include <dpl/event/controller.h>
-#include <dpl/thread.h>
-#include <dpl/wrt-dao-ro/WrtDatabase.h>
-#include <dpl/wrt-dao-ro/global_config.h>
#include "security_daemon.h"
-#include "security_dbus_service.h"
-#include "ocsp_server_dbus_interface.h"
namespace OcspService {
--- /dev/null
+/*
+ * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file ocsp_service_callbacks_api.h
+ * @author Zofia Abramowska (z.abramowska@samsung.com)
+ * @version 1.0
+ * @brief Header with api of implemented Ocsp Service callbacks
+ */
+
+#ifndef OCSP_SERVICE_CALLBACKS_API_H_
+#define OCSP_SERVICE_CALLBACKS_API_H_
+
+#include <string>
+#include <utility>
+#include "SocketConnection.h"
+#include "ocsp_server_api.h"
+#include "ocsp_service_callbacks.h"
+#include "callback_api.h"
+
+namespace WrtSecurity{
+namespace OcspServiceCallbacksApi{
+
+inline const std::pair<std::string, socketServerCallback> CHECK_ACCESS_METHOD_CALLBACK(){
+ return std::make_pair(WrtSecurity::OcspServerApi::CHECK_ACCESS_METHOD(),
+ RPC::OcspServiceCallbacks::checkAccess);
+}
+
+} // namespace OcspServiceCallbacksApi
+} // namespace WrtSecurity
+
+#endif // OCSP_SERVICE_CALLBACKS_API_H_
--- /dev/null
+/*
+ * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file ocsp_service_callbacks.cpp
+ * @author Zofia Abramowska (z.abramowska@samsung.com)
+ * @version 1.0
+ * @brief Implementation of Ocsp Service callbacks
+ */
+
+#include "ocsp_service_callbacks.h"
+#include <callback_api.h>
+
+namespace RPC {
+
+void OcspServiceCallbacks::checkAccess(SocketConnection * connector){
+ int response = 0;
+ Try {
+ connector->write(response);
+ } Catch (SocketConnection::Exception::SocketConnectionException){
+ LogError("Socket Connection write error");
+ ReThrowMsg(ServiceCallbackApi::Exception::ServiceCallbackException,
+ "Socket Connection write error");
+ }
+}
+
+} // namespace RPC
--- /dev/null
+/*
+ * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file ocsp_service_callbacks.h
+ * @author Zofia Abramowska (z.abramowska@samsung.com)
+ * @version 1.0
+ * @brief Header of Ocsp Service callbacks class
+ */
+
+#ifndef OCSP_SERVICE_CALLBACKS_H_
+#define OCSP_SERVICE_CALLBACKS_H_
+
+#include <SocketConnection.h>
+
+namespace RPC {
+
+namespace OcspServiceCallbacks {
+ void checkAccess(SocketConnection * connector);
+};
+
+} // namespace RPC
+#endif /* OCSP_SERVICE_CALLBACKS_H_ */
#include "popup_response_dbus_interface.h"
#include <vector>
#include <string>
-#include <api/popup_response_server_api.h>
#include <dpl/dbus/dbus_server_deserialization.h>
#include <dpl/dbus/dbus_server_serialization.h>
#include <ace/Request.h>
#include <ace-dao-ro/PromptModel.h>
-#include "api/popup_ace_data_types.h"
+#include "popup_ace_data_types.h"
//#include "access-control/engine/PromptModel.h"
#include "attribute_facade.h"
//#include "Request.h"
#define WRT_SRC_RPC_DAEMON_POPUP_RESPONSE_DBUS_INTERFACE_H
#include <dpl/dbus/dbus_interface_dispatcher.h>
-#include "api/popup_response_server_api.h"
+#include "popup_response_server_api.h"
namespace RPC {
#include <vector>
#include <string>
-#include <dpl/wrt-dao-ro/wrt_db_types.h>
// additional data needed by PolicyEvaluaor to recognize Popup Response
struct AceUserdata
// I do not want to include that file here...
AceUserdata(): handle(-1) {}
- WidgetHandle handle;
+ int handle;
std::string subject;
std::string resource;
std::vector<std::string> paramKeys;
}
#endif // WRT_SRC_RPC_SECURITY_DAEMON_API_POPUP_RESPONSE_SERVER_API_H
+
--- /dev/null
+/*
+ * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file popup_service_callbacks_api.h
+ * @author Zofia Abramowska (z.abramowska@samsung.com)
+ * @version 1.0
+ * @brief Header with api of Popup Service callbacks
+ */
+
+#ifndef POPUP_SERVICE_CALLBACKS_API_H_
+#define POPUP_SERVICE_CALLBACKS_API_H_
+
+#include <string>
+#include <utility>
+#include "SocketConnection.h"
+#include "popup_response_server_api.h"
+#include "popup_service_callbacks.h"
+#include <callback_api.h>
+
+namespace WrtSecurity{
+namespace PopupServiceCallbacksApi{
+
+inline std::pair<std::string, socketServerCallback> VALIDATION_METHOD_CALLBACK(){
+ return std::make_pair(WrtSecurity::PopupServerApi::INTERFACE_NAME(), RPC::PopupServiceCallbacks::validate);
+}
+
+} // namespace PopupServiceCallbacksApi
+} // namespace WrtSecurity
+
+#endif /* POPUP_SERVICE_CALLBACKS_API_H_ */
--- /dev/null
+/*
+ * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file popup_service_callbacks.cpp
+ * @author Zofia Abramowska (z.abramowska@samsung.com)
+ * @version 1.0
+ * @brief Implementation of Popup Service callbacks
+ */
+
+#include "popup_service_callbacks.h"
+#include <callback_api.h>
+#include <ace/Request.h>
+#include <ace-dao-ro/PromptModel.h>
+#include <dpl/log/log.h>
+#include "attribute_facade.h"
+#include "popup_ace_data_types.h"
+#include "security_controller.h"
+
+namespace RPC {
+
+void PopupServiceCallbacks::validate(SocketConnection * connector){
+
+ bool allowed = false;
+ int serializedValidity = 0;
+
+ AceUserdata acedata;
+
+ Try {
+ connector->read(&allowed,
+ &serializedValidity,
+ &(acedata.handle),
+ &(acedata.subject),
+ &(acedata.resource),
+ &(acedata.paramKeys),
+ &(acedata.paramValues),
+ &(acedata.sessionId));
+ } Catch (SocketConnection::Exception::SocketConnectionException){
+ LogError("Socket connection read error");
+ ReThrowMsg(ServiceCallbackApi::Exception::ServiceCallbackException,
+ "Socket connection read error");
+ }
+
+ if (acedata.paramKeys.size() != acedata.paramValues.size()) {
+ ThrowMsg(ServiceCallbackApi::Exception::ServiceCallbackException,
+ "Varying sizes of parameter names vector and parameter values vector");
+ }
+ FunctionParamImpl params;
+ for (size_t i = 0; i < acedata.paramKeys.size(); ++i) {
+ params.addAttribute(acedata.paramKeys[i], acedata.paramValues[i]);
+ }
+ Request request(acedata.handle,
+ WidgetExecutionPhase_Invoke,
+ ¶ms);
+ request.addDeviceCapability(acedata.resource);
+
+ Prompt::Validity validity = static_cast<Prompt::Validity>(serializedValidity);
+
+ bool response = false;
+ SecurityControllerEvents::ValidatePopupResponseEvent ev(
+ &request,
+ allowed,
+ validity,
+ acedata.sessionId,
+ &response);
+ CONTROLLER_POST_SYNC_EVENT(SecurityController, ev);
+
+ Try {
+ connector->write(response);
+ } Catch (SocketConnection::Exception::SocketConnectionException){
+ LogError("Socket connection write error");
+ ReThrowMsg(ServiceCallbackApi::Exception::ServiceCallbackException,
+ "Socket connection write error");
+ }
+}
+
+} // namespace RPC
+
--- /dev/null
+/*
+ * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file popup_service_callbacks.h
+ * @author Zofia Abramowska (z.abramowska@samsung.com)
+ * @version 1.0
+ * @brief Header of Popup Service callbacks
+ */
+
+#ifndef POPUP_SERVICE_CALLBACKS_H_
+#define POPUP_SERVICE_CALLBACKS_H_
+
+#include <memory>
+#include <SocketConnection.h>
+
+namespace RPC {
+
+namespace PopupServiceCallbacks {
+ void validate(SocketConnection * connector);
+};
+
+} // namespace RPC
+#endif /* POPUP_SERVICE_CALLBACKS_H_ */
SET(WRT_OCSP_INCLUDES
${WRT_OCSP_DEPS_INCLUDE_DIRS}
${WRT_OCSP_INCLUDE_DIR}
+ ${PROJECT_SOURCE_DIR}/src/services/ocsp
${PROJECT_SOURCE_DIR}/src/services/ocsp/dbus/api
${PROJECT_SOURCE_DIR}/src/daemon/dbus
)
#include <dpl/log/log.h>
#include <dpl/dbus/dbus_client.h>
-#include "ocsp_server_api.h"
+#include "ocsp_server_dbus_api.h"
#include "security_daemon_dbus_config.h"
#include "wrt_ocsp_api.h"