Modify user space smack

- remove passing cookie by parameter. - use security_server_check_privilege_by_pid Change-Id: I12f6534efdfdea6791345de32091d45b052ce9d5
author: Wonkyu Kwon <wonkyu.kwon@samsung.com> 2013-07-22 14:31:32 +0900
committer: Wonkyu Kwon <wonkyu.kwon@samsung.com> 2013-07-24 17:56:39 +0900
commit: 905f17c79e50cd959dd36d11f3b4d3844eb80335 (patch)
tree: 0af4636278570f06aee5755de4fb449635c396d4
parent: f3d238f7318a1b33d29b6b7268b66cc256bfd586 (diff)
download: smartcard-service-905f17c79e50cd959dd36d11f3b4d3844eb80335.tar.gz
smartcard-service-905f17c79e50cd959dd36d11f3b4d3844eb80335.tar.bz2
smartcard-service-905f17c79e50cd959dd36d11f3b4d3844eb80335.zip
10 files changed, 33 insertions, 98 deletions
diff --git a/client/CMakeLists.txt b/client/CMakeLists.txt
index c2ebbd7..d78c8ab 100644
--- a/client/CMakeLists.txt
+++ b/client/CMakeLists.txt
@@ -20,7 +20,7 @@ MESSAGE("Build type: ${CMAKE_BUILD_TYPE}")
 # pkg config
 INCLUDE(FindPkgConfig)
 
-SET(PKG_MODULE glib-2.0 security-server dlog)
+SET(PKG_MODULE glib-2.0 dlog)
 IF(NOT DEFINED USE_GDBUS)
 	SET(PKG_MODULE ${PKG_MODULE} dbus-glib-1)
 ENDIF()
diff --git a/client/ClientChannel.cpp b/client/ClientChannel.cpp
index 96f7ee8..9639c43 100644
--- a/client/ClientChannel.cpp
+++ b/client/ClientChannel.cpp
@@ -196,7 +196,6 @@ namespace smartcard_service_api
 
 				if (smartcard_service_channel_call_close_channel_sync(
 					(SmartcardServiceChannel *)proxy,
-					ClientGDBus::getCookie(),
 					GPOINTER_TO_UINT(context),
 					GPOINTER_TO_UINT(handle),
 					&ret, NULL, &error) == true) {
@@ -272,7 +271,6 @@ namespace smartcard_service_api
 
 				smartcard_service_channel_call_close_channel(
 					(SmartcardServiceChannel *)proxy,
-					ClientGDBus::getCookie(),
 					GPOINTER_TO_UINT(context),
 					GPOINTER_TO_UINT(handle), NULL,
 					&ClientChannel::channel_close_cb, param);
@@ -321,7 +319,6 @@ namespace smartcard_service_api
 
 			if (smartcard_service_channel_call_transmit_sync(
 				(SmartcardServiceChannel *)proxy,
-				ClientGDBus::getCookie(),
 				GPOINTER_TO_UINT(context),
 				GPOINTER_TO_UINT(handle),
 				var_command, &rv, &var_response,
@@ -406,7 +403,6 @@ namespace smartcard_service_api
 
 			smartcard_service_channel_call_transmit(
 				(SmartcardServiceChannel *)proxy,
-				ClientGDBus::getCookie(),
 				GPOINTER_TO_UINT(context),
 				GPOINTER_TO_UINT(handle),
 				var_command, NULL,
diff --git a/client/ClientGDBus.cpp b/client/ClientGDBus.cpp
index 2eee1c5..799917f 100644
--- a/client/ClientGDBus.cpp
+++ b/client/ClientGDBus.cpp
@@ -19,9 +19,6 @@
 #include <glib.h>
 
 /* SLP library header */
-#ifdef USER_SPACE_SMACK
-#include "security-server.h"
-#endif
 
 /* local header */
 #include "smartcard-types.h"
@@ -33,39 +30,5 @@ using namespace std;
 
 namespace smartcard_service_api
 {
-	ByteArray ClientGDBus::cookie = ByteArray::EMPTY;
-
-	GVariant *ClientGDBus::getCookie()
-	{
-		GVariant *result;
-#ifdef USER_SPACE_SMACK
-		if (cookie.isEmpty()) {
-			uint8_t *buffer;
-			int len;
-
-			len = security_server_get_cookie_size();
-			if (len > 0) {
-				buffer = new uint8_t[len];
-				if (buffer != NULL) {
-					if (security_server_request_cookie(
-						(char *)buffer, len) == 0) {
-						cookie.assign(buffer, len);
-					} else {
-						_ERR("security_server_request_cookie failed");
-					}
-
-					delete[] buffer;
-				} else {
-					_ERR("alloc failed");
-				}
-			} else {
-				_ERR("security_server_get_cookie_size failed");
-			}
-		}
-#endif
-		result = GDBusHelper::convertByteArrayToVariant(cookie);
-
-		return result;
-	}
 } /* namespace smartcard_service_api */
 #endif
diff --git a/client/Reader.cpp b/client/Reader.cpp
index 1ba8c12..38e3077 100644
--- a/client/Reader.cpp
+++ b/client/Reader.cpp
@@ -27,7 +27,6 @@
 #include "Session.h"
 #ifdef USE_GDBUS
 #include "ClientGDBus.h"
-#include "smartcard-service-gdbus.h"
 #else
 #include "Message.h"
 #include "ClientIPC.h"
@@ -120,7 +119,6 @@ namespace smartcard_service_api
 
 			if (smartcard_service_reader_call_open_session_sync(
 				(SmartcardServiceReader *)proxy,
-				ClientGDBus::getCookie(),
 				GPOINTER_TO_UINT(context),
 				GPOINTER_TO_UINT(handle),
 				&result, &session_id, NULL, &error) == true) {
@@ -264,7 +262,6 @@ namespace smartcard_service_api
 
 			smartcard_service_reader_call_open_session(
 				(SmartcardServiceReader *)proxy,
-				ClientGDBus::getCookie(),
 				GPOINTER_TO_UINT(context),
 				GPOINTER_TO_UINT(handle),
 				NULL, &Reader::reader_open_session_cb, param);
diff --git a/client/SEService.cpp b/client/SEService.cpp
index 9d467a0..c54dd4c 100644
--- a/client/SEService.cpp
+++ b/client/SEService.cpp
@@ -237,7 +237,6 @@ namespace smartcard_service_api
 #ifdef USE_GDBUS
 			smartcard_service_se_service_call_shutdown(
 				(SmartcardServiceSeService *)proxy,
-				ClientGDBus::getCookie(),
 				handle,
 				NULL,
 				&SEService::se_service_shutdown_cb,
@@ -275,7 +274,6 @@ namespace smartcard_service_api
 
 			if (smartcard_service_se_service_call_shutdown_sync(
 				(SmartcardServiceSeService *)proxy,
-				ClientGDBus::getCookie(),
 				handle,
 				&result,
 				NULL,
@@ -366,7 +364,6 @@ namespace smartcard_service_api
 		/* request reader */
 		smartcard_service_se_service_call_se_service(
 			(SmartcardServiceSeService *)proxy,
-			ClientGDBus::getCookie(),
 			NULL,
 			&SEService::se_service_cb,
 			this);
diff --git a/client/Session.cpp b/client/Session.cpp
index 18b2275..61aa5a2 100644
--- a/client/Session.cpp
+++ b/client/Session.cpp
@@ -269,7 +269,6 @@ namespace smartcard_service_api
 
 				if (smartcard_service_session_call_get_atr_sync(
 					(SmartcardServiceSession *)proxy,
-					ClientGDBus::getCookie(),
 					GPOINTER_TO_UINT(context),
 					GPOINTER_TO_UINT(handle),
 					&ret, &var_atr, NULL, &error) == true) {
@@ -352,7 +351,6 @@ namespace smartcard_service_api
 
 				smartcard_service_session_call_get_atr(
 					(SmartcardServiceSession *)proxy,
-					ClientGDBus::getCookie(),
 					GPOINTER_TO_UINT(context),
 					GPOINTER_TO_UINT(handle), NULL,
 					&Session::session_get_atr_cb, param);
@@ -412,7 +410,6 @@ namespace smartcard_service_api
 
 			if (smartcard_service_session_call_close_session_sync(
 				(SmartcardServiceSession *)proxy,
-				ClientGDBus::getCookie(),
 				GPOINTER_TO_UINT(context),
 				GPOINTER_TO_UINT(handle),
 				&ret, NULL, &error) == true) {
@@ -485,7 +482,6 @@ namespace smartcard_service_api
 
 			smartcard_service_session_call_close_session(
 				(SmartcardServiceSession *)proxy,
-				ClientGDBus::getCookie(),
 				GPOINTER_TO_UINT(context),
 				GPOINTER_TO_UINT(handle), NULL,
 				&Session::session_close_cb, param);
@@ -621,7 +617,6 @@ namespace smartcard_service_api
 
 			if (smartcard_service_session_call_open_channel_sync(
 				(SmartcardServiceSession *)proxy,
-				ClientGDBus::getCookie(),
 				GPOINTER_TO_UINT(context),
 				GPOINTER_TO_UINT(handle),
 				(guint)id, var_aid, &ret, &channel_id,
@@ -725,7 +720,6 @@ namespace smartcard_service_api
 
 			smartcard_service_session_call_open_channel(
 				(SmartcardServiceSession *)proxy,
-				ClientGDBus::getCookie(),
 				GPOINTER_TO_UINT(context),
 				GPOINTER_TO_UINT(handle),
 				(guint)id, var_aid, NULL,
diff --git a/client/include/ClientGDBus.h b/client/include/ClientGDBus.h
index 1909382..5f71d61 100644
--- a/client/include/ClientGDBus.h
+++ b/client/include/ClientGDBus.h
@@ -31,11 +31,6 @@ namespace smartcard_service_api
 {
 	class ClientGDBus
 	{
-	public :
-		static GVariant *getCookie();
-
-	private :
-		static ByteArray cookie;
 	};
 } /* namespace smartcard_service_api */
 #endif
diff --git a/common/smartcard-service-gdbus.xml b/common/smartcard-service-gdbus.xml
index da14b88..cc8b21a 100755
--- a/common/smartcard-service-gdbus.xml
+++ b/common/smartcard-service-gdbus.xml
@@ -8,7 +8,6 @@
       SeService
     -->
     <method name="SeService">
-      <arg type="a(y)" name="privilege" direction="in" />
       <arg type="i" name="result" direction="out" />
       <arg type="u" name="handle" direction="out" />
       <arg type="a(us)" name="readers" direction="out" />
@@ -18,7 +17,6 @@
       shutdown
     -->
     <method name="shutdown">
-      <arg type="a(y)" name="privilege" direction="in" />
       <arg type="u" name="service_id" direction="in" />
       <arg type="i" name="result" direction="out" />
     </method>
@@ -45,7 +43,6 @@
       openSession
     -->
     <method name="openSession">
-      <arg type="a(y)" name="privilege" direction="in" />
       <arg type="u" name="service_id" direction="in" />
       <arg type="u" name="reader_id" direction="in" />
       <arg type="i" name="result" direction="out" />
@@ -58,7 +55,6 @@
       getATR
     -->
     <method name="getATR">
-      <arg type="a(y)" name="privilege" direction="in" />
       <arg type="u" name="service_id" direction="in" />
       <arg type="u" name="session_id" direction="in" />
       <arg type="i" name="result" direction="out" />
@@ -68,7 +64,6 @@
       openChannel
     -->
     <method name="openChannel">
-      <arg type="a(y)" name="privilege" direction="in" />
       <arg type="u" name="service_id" direction="in" />
       <arg type="u" name="session_id" direction="in" />
       <arg type="u" name="type" direction="in" />
@@ -81,7 +76,6 @@
       closeSession
     -->
     <method name="closeSession">
-      <arg type="a(y)" name="privilege" direction="in" />
       <arg type="u" name="service_id" direction="in" />
       <arg type="u" name="session_id" direction="in" />
       <arg type="i" name="result" direction="out" />
@@ -93,7 +87,6 @@
       transmit
     -->
     <method name="transmit">
-      <arg type="a(y)" name="privilege" direction="in" />
       <arg type="u" name="service_id" direction="in" />
       <arg type="u" name="channel_id" direction="in" />
       <arg type="a(y)" name="command" direction="in" />
@@ -104,7 +97,6 @@
       closeChannel
     -->
     <method name="closeChannel">
-      <arg type="a(y)" name="privilege" direction="in" />
       <arg type="u" name="service_id" direction="in" />
       <arg type="u" name="channel_id" direction="in" />
       <arg type="i" name="result" direction="out" />
diff --git a/server/ServerGDBus.cpp b/server/ServerGDBus.cpp
index 1c1ae5e..d075cdc 100644
--- a/server/ServerGDBus.cpp
+++ b/server/ServerGDBus.cpp
@@ -24,7 +24,9 @@
 #include <sys/socket.h>
 
 /* SLP library header */
+#ifdef USER_SPACE_SMACK
 #include "security-server.h"
+#endif
 
 /* local header */
 #include "smartcard-types.h"
@@ -283,18 +285,26 @@ namespace smartcard_service_api
 		return pid;
 	}
 
-	static bool _is_authorized_request(GVariant *privilege,
+	static bool _is_authorized_request(GDBusMethodInvocation *invocation,
 		const char *rights)
 	{
 		bool result = true;
 #ifdef USER_SPACE_SMACK
-		ByteArray temp;
+		pid_t pid;
+		const char *name;
+		ClientInstance *instance;
 
-		/* apply user space smack */
-		GDBusHelper::convertVariantToByteArray(privilege, temp);
+		name = g_dbus_method_invocation_get_sender(invocation);
 
-		result = (security_server_check_privilege_by_cookie(
-			(char *)temp.getBuffer(),
+		instance = ServerResource::getInstance().getClient(name);
+		if (instance != NULL) {
+			pid = instance->getPID();
+		} else {
+			pid = ServerGDBus::getInstance().getPID(name);
+		}
+
+		result = (security_server_check_privilege_by_pid(
+			pid,
 			"smartcard-service",
 			rights) == SECURITY_SERVER_API_SUCCESS);
 #endif
@@ -325,26 +335,25 @@ namespace smartcard_service_api
 		GDBusMethodInvocation *invocation,
 		void *user_data)
 	{
-		_INFO("[MSG_REQUEST_READERS]");
-
 		gint result = SCARD_ERROR_OK;
 		GVariant *readers = NULL;
 		vector<pair<unsigned int, string> > list;
 		unsigned int handle = IntegerHandle::INVALID_HANDLE;
 		const char *name;
+		pid_t pid;
+
+		_INFO("[MSG_REQUEST_READERS]");
 
 		ServerResource &resource = ServerResource::getInstance();
 
 		name = g_dbus_method_invocation_get_sender(invocation);
 
-		pid_t pid;
-
 		/* load secure elements */
 		resource.loadSecureElements();
 
 		pid = ServerGDBus::getInstance().getPID(name);
 
-		_INFO("service requested, pid [%d]", pid);
+		_DBG("service requested, pid [%d]", pid);
 
 		if (pid > 0) {
 			ClientInstance *instance;
@@ -423,13 +432,12 @@ namespace smartcard_service_api
 
 	static gboolean _handle_se_service(SmartcardServiceSeService *object,
 		GDBusMethodInvocation *invocation,
-		GVariant *privilege,
 		void *user_data)
 	{
 		vector<void *> params;
 
 		/* apply user space smack */
-		if (_is_authorized_request(privilege, "r") == true) {
+		if (_is_authorized_request(invocation, "r") == true) {
 			g_object_ref(object);
 			params.push_back((void *)object);
 
@@ -463,10 +471,10 @@ namespace smartcard_service_api
 
 		_INFO("[MSG_REQUEST_SHUTDOWN]");
 
-		name = g_dbus_method_invocation_get_sender(invocation);
-
 		ServerResource &resource = ServerResource::getInstance();
 
+		name = g_dbus_method_invocation_get_sender(invocation);
+
 		resource.removeService(name, handle);
 
 		/* response to client */
@@ -509,14 +517,13 @@ namespace smartcard_service_api
 
 	static gboolean _handle_shutdown(SmartcardServiceSeService *object,
 		GDBusMethodInvocation *invocation,
-		GVariant *privilege,
 		guint handle,
 		void *user_data)
 	{
 		vector<void *> params;
 
 		/* apply user space smack */
-		if (_is_authorized_request(privilege, "r") == true) {
+		if (_is_authorized_request(invocation, "r") == true) {
 			g_object_ref(object);
 			params.push_back((void *)object);
 
@@ -671,14 +678,13 @@ namespace smartcard_service_api
 
 	static gboolean _handle_open_session(SmartcardServiceReader *object,
 		GDBusMethodInvocation *invocation,
-		GVariant *privilege,
 		guint service_id,
 		guint reader_id, void *user_data)
 	{
 		vector<void *> params;
 
 		/* apply user space smack */
-		if (_is_authorized_request(privilege, "r") == true) {
+		if (_is_authorized_request(invocation, "r") == true) {
 			g_object_ref(object);
 			params.push_back((void *)object);
 
@@ -800,14 +806,13 @@ namespace smartcard_service_api
 
 	static gboolean _handle_close_session(SmartcardServiceSession *object,
 		GDBusMethodInvocation *invocation,
-		GVariant *privilege,
 		guint service_id,
 		guint session_id, void *user_data)
 	{
 		vector<void *> params;
 
 		/* apply user space smack */
-		if (_is_authorized_request(privilege, "r") == true) {
+		if (_is_authorized_request(invocation, "r") == true) {
 			g_object_ref(object);
 			params.push_back((void *)object);
 
@@ -838,6 +843,7 @@ namespace smartcard_service_api
 		ByteArray resp;
 		GVariant *atr = NULL;
 		const char *name;
+		ServiceInstance *client = NULL;
 
 		_INFO("[MSG_REQUEST_GET_ATR]");
 
@@ -845,8 +851,6 @@ namespace smartcard_service_api
 
 		name = g_dbus_method_invocation_get_sender(invocation);
 
-		ServiceInstance *client = NULL;
-
 		client = resource.getService(name, service_id);
 		if (client != NULL) {
 			Terminal *terminal;
@@ -911,14 +915,13 @@ namespace smartcard_service_api
 
 	static gboolean _handle_get_atr(SmartcardServiceSession *object,
 		GDBusMethodInvocation *invocation,
-		GVariant *privilege,
 		guint service_id,
 		guint session_id, void *user_data)
 	{
 		vector<void *> params;
 
 		/* apply user space smack */
-		if (_is_authorized_request(privilege, "r") == true) {
+		if (_is_authorized_request(invocation, "r") == true) {
 			g_object_ref(object);
 			params.push_back((void *)object);
 
@@ -1036,14 +1039,13 @@ namespace smartcard_service_api
 
 	static gboolean _handle_open_channel(SmartcardServiceSession *object,
 		GDBusMethodInvocation *invocation,
-		GVariant *privilege,
 		guint service_id,
 		guint session_id, guint type, GVariant *aid, void *user_data)
 	{
 		vector<void *> params;
 
 		/* apply user space smack */
-		if (_is_authorized_request(privilege, "rw") == true) {
+		if (_is_authorized_request(invocation, "rw") == true) {
 			g_object_ref(object);
 			params.push_back((void *)object);
 
@@ -1179,13 +1181,12 @@ namespace smartcard_service_api
 
 	static gboolean _handle_close_channel(SmartcardServiceChannel *object,
 		GDBusMethodInvocation *invocation,
-		GVariant *privilege,
 		guint service_id, guint channel_id, void *user_data)
 	{
 		vector<void *> params;
 
 		/* apply user space smack */
-		if (_is_authorized_request(privilege, "r") == true) {
+		if (_is_authorized_request(invocation, "r") == true) {
 			g_object_ref(object);
 			params.push_back((void *)object);
 
@@ -1291,7 +1292,6 @@ namespace smartcard_service_api
 
 	static gboolean _handle_transmit(SmartcardServiceChannel *object,
 		GDBusMethodInvocation *invocation,
-		GVariant *privilege,
 		guint service_id,
 		guint channel_id,
 		GVariant *command,
@@ -1300,7 +1300,7 @@ namespace smartcard_service_api
 		vector<void *> params;
 
 		/* apply user space smack */
-		if (_is_authorized_request(privilege, "r") == true) {
+		if (_is_authorized_request(invocation, "r") == true) {
 			/* enqueue message */
 			g_object_ref(object);
 			params.push_back((void *)object);
diff --git a/server/include/ServerGDBus.h b/server/include/ServerGDBus.h
index 1af3aff..8ede3c6 100644
--- a/server/include/ServerGDBus.h
+++ b/server/include/ServerGDBus.h
@@ -26,6 +26,7 @@
 
 /* local header */
 #include "Synchronous.h"
+#include "GDBusHelper.h"
 #include "smartcard-service-gdbus.h"
 
 using namespace std;
author	Wonkyu Kwon <wonkyu.kwon@samsung.com>	2013-07-22 14:31:32 +0900
committer	Wonkyu Kwon <wonkyu.kwon@samsung.com>	2013-07-24 17:56:39 +0900
commit	905f17c79e50cd959dd36d11f3b4d3844eb80335 (patch)
tree	0af4636278570f06aee5755de4fb449635c396d4
parent	f3d238f7318a1b33d29b6b7268b66cc256bfd586 (diff)
download	smartcard-service-905f17c79e50cd959dd36d11f3b4d3844eb80335.tar.gz smartcard-service-905f17c79e50cd959dd36d11f3b4d3844eb80335.tar.bz2 smartcard-service-905f17c79e50cd959dd36d11f3b4d3844eb80335.zip