diff options
author | Inkyun Kil <inkyun.kil@samsung.com> | 2018-05-16 11:31:08 +0900 |
---|---|---|
committer | Inkyun Kil <inkyun.kil@samsung.com> | 2018-05-16 13:28:11 +0900 |
commit | 02b50dc3b3e6c1360238b019358ab3076e0d7bff (patch) | |
tree | 50e725cc43b1d878f33149612202470350b0f201 | |
parent | f57d2e91445529ccb2e50cfb9136fe09567018b7 (diff) | |
download | alarm-manager-02b50dc3b3e6c1360238b019358ab3076e0d7bff.tar.gz alarm-manager-02b50dc3b3e6c1360238b019358ab3076e0d7bff.tar.bz2 alarm-manager-02b50dc3b3e6c1360238b019358ab3076e0d7bff.zip |
Add cynara check for notification privilege
It is impossible to check multiple privilege checks using dbus-policy.
So, changed it to check at the code
Change-Id: Ib5798d42be3a1630db1f9ff303f9a341d23a6547
Signed-off-by: Inkyun Kil <inkyun.kil@samsung.com>
-rw-r--r-- | CMakeLists.txt | 2 | ||||
-rw-r--r-- | alarm-manager.c | 79 | ||||
-rw-r--r-- | alarm-service.conf.in | 1 | ||||
-rwxr-xr-x | packaging/alarm-manager.spec | 3 |
4 files changed, 83 insertions, 2 deletions
diff --git a/CMakeLists.txt b/CMakeLists.txt index 8ca52c3..733dcf3 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -6,7 +6,7 @@ INCLUDE_DIRECTORIES( include ) -SET(DEPS_PKGS "glib-2.0 dlog aul bundle appsvc pkgmgr-info pkgmgr vconf gio-2.0 gio-unix-2.0 capi-system-device libtzplatform-config libsystemd-login eventsystem notification capi-system-info sqlite3 cert-svc-vcore") +SET(DEPS_PKGS "glib-2.0 dlog aul bundle appsvc pkgmgr-info pkgmgr vconf gio-2.0 gio-unix-2.0 capi-system-device libtzplatform-config libsystemd-login eventsystem notification capi-system-info sqlite3 cert-svc-vcore cynara-session cynara-client cynara-creds-gdbus") IF(_APPFW_FEATURE_ALARM_MANAGER_MODULE_LOG) ADD_DEFINITIONS("-D_APPFW_FEATURE_ALARM_MANAGER_MODULE_LOG") diff --git a/alarm-manager.c b/alarm-manager.c index ed652df..f640ced 100644 --- a/alarm-manager.c +++ b/alarm-manager.c @@ -50,6 +50,9 @@ #include <sqlite3.h> #include <cert-svc/ccert.h> #include <cert-svc/cinstance.h> +#include <cynara-session.h> +#include <cynara-client.h> +#include <cynara-creds-gdbus.h> #include <glib.h> #if !GLIB_CHECK_VERSION(2, 31, 0) @@ -2697,6 +2700,70 @@ void __reschedule_alarms_with_newtime(int cur_time, int new_time, double diff_ti return; } +static int __cynara_check(GDBusMethodInvocation *invocation, pid_t pid) +{ + int ret = 0; + char *user = NULL; + char *client = NULL; + char *client_session = NULL; + cynara *p_cynara = NULL; + const char *sender_unique_name; + GDBusConnection *connection; + const char *notitification_priv = "http://tizen.org/privilege/notification"; + + connection = g_dbus_method_invocation_get_connection(invocation); + sender_unique_name = g_dbus_method_invocation_get_sender(invocation); + + ret = cynara_initialize(&p_cynara, NULL); + if (ret != CYNARA_API_SUCCESS) { + ALARM_MGR_EXCEPTION_PRINT("cynara_initialize() failed"); + goto cynara_out; + } + + ret = cynara_creds_gdbus_get_user(connection, sender_unique_name, + USER_METHOD_DEFAULT, &user); + if (ret != CYNARA_API_SUCCESS) { + ALARM_MGR_EXCEPTION_PRINT("cynara_creds_gdbus_get_user() failed"); + goto cynara_out; + } + + ret = cynara_creds_gdbus_get_client(connection, sender_unique_name, + CLIENT_METHOD_DEFAULT, &client); + if (ret != CYNARA_API_SUCCESS) { + ALARM_MGR_EXCEPTION_PRINT("cynara_creds_gdbus_get_client() failed"); + goto cynara_out; + } + + ALARM_MGR_LOG_PRINT("user :%s , client :%s ,unique_name : %s, pid() : %d", + user, client, sender_unique_name, pid); + + client_session = cynara_session_from_pid(pid); + if (!client_session) { + ALARM_MGR_EXCEPTION_PRINT("cynara_session_from_pid() failed"); + ret = CYNARA_API_INVALID_PARAM; + goto cynara_out; + } + + ret = cynara_check(p_cynara, client, client_session, user, + notitification_priv); + if (ret == CYNARA_API_ACCESS_ALLOWED) + ALARM_MGR_LOG_PRINT("CYNARA_ACCESS_ALLOWED"); + else + ALARM_MGR_LOG_PRINT("CYNARA_NOT_ALLOWED [%d]", ret); + +cynara_out: + if (client_session) + g_free(client_session); + if (client) + g_free(client); + if (user) + g_free(user); + if (p_cynara) + cynara_finish(p_cynara); + + return ret; +} + gboolean alarm_manager_alarm_set_rtc_time(AlarmManager *pObj, GDBusMethodInvocation *invoc, int year, int mon, int day, int hour, int min, int sec, @@ -3069,6 +3136,7 @@ gboolean alarm_manager_alarm_create_noti(AlarmManager *pObject, GDBusMethodInvoc gpointer user_data) { alarm_info_t alarm_info; + int ret; int return_code = ALARMMGR_RESULT_SUCCESS; int alarm_id = 0; #ifdef _APPFW_FEATURE_ALARM_MANAGER_MODULE_LOG @@ -3087,6 +3155,17 @@ gboolean alarm_manager_alarm_create_noti(AlarmManager *pObject, GDBusMethodInvoc return true; } + ret = __cynara_check(invoc, pid); + if (ret != CYNARA_API_ACCESS_ALLOWED) { + if (ret == CYNARA_API_ACCESS_DENIED) + return_code = ERR_ALARM_NOT_PERMITTED_APP; + else + return_code = ERR_ALARM_SYSTEM_FAIL; + + g_dbus_method_invocation_return_value(invoc, g_variant_new("(ii)", alarm_id, return_code)); + return true; + } + alarm_info.start.year = start_year; alarm_info.start.month = start_month; alarm_info.start.day = start_day; diff --git a/alarm-service.conf.in b/alarm-service.conf.in index d271742..7d1e5da 100644 --- a/alarm-service.conf.in +++ b/alarm-service.conf.in @@ -18,7 +18,6 @@ <check send_destination="org.tizen.alarm.manager" send_interface="org.tizen.alarm.manager" send_member="alarm_set_rtc_time" privilege="http://tizen.org/privilege/alarm.set"/> <check send_destination="org.tizen.alarm.manager" send_interface="org.tizen.alarm.manager" send_member="alarm_create" privilege="http://tizen.org/privilege/alarm.set"/> <check send_destination="org.tizen.alarm.manager" send_interface="org.tizen.alarm.manager" send_member="alarm_create_noti" privilege="http://tizen.org/privilege/alarm.set"/> - <check send_destination="org.tizen.alarm.manager" send_interface="org.tizen.alarm.manager" send_member="alarm_create_noti" privilege="http://tizen.org/privilege/notification"/> <check send_destination="org.tizen.alarm.manager" send_interface="org.tizen.alarm.manager" send_member="alarm_create_appsvc" privilege="http://tizen.org/privilege/alarm.set"/> <check send_destination="org.tizen.alarm.manager" send_interface="org.tizen.alarm.manager" send_member="alarm_delete" privilege="http://tizen.org/privilege/alarm.set"/> <check send_destination="org.tizen.alarm.manager" send_interface="org.tizen.alarm.manager" send_member="alarm_delete_all" privilege="http://tizen.org/privilege/alarm.set"/> diff --git a/packaging/alarm-manager.spec b/packaging/alarm-manager.spec index e611da2..d7bcf93 100755 --- a/packaging/alarm-manager.spec +++ b/packaging/alarm-manager.spec @@ -33,6 +33,9 @@ BuildRequires: pkgconfig(notification) BuildRequires: python-xml BuildRequires: pkgconfig(capi-system-info) BuildRequires: pkgconfig(cert-svc-vcore) +BuildRequires: pkgconfig(cynara-client) +BuildRequires: pkgconfig(cynara-session) +BuildRequires: pkgconfig(cynara-creds-gdbus) %description Alarm Server and devel libraries |