static int Checker_check_int(Checker *self, PyObject *object, PyObject *name) { PyObject *permission=NULL; int operator; /* permission = self._permission_func(name) */ if (self->getperms) permission = PyDict_GetItem(self->getperms, name); /* if permission is not None: */ if (permission != NULL) { /* if permission is CheckerPublic: */ /* return # Public */ if (permission == CheckerPublic) return 0; if (checkPermission(permission, object, name) < 0) return -1; return 0; } operator = (PyString_Check(name) && PyString_AS_STRING(name)[0] == '_' && PyString_AS_STRING(name)[1] == '_'); if (operator) { /* elif name in _available_by_default: */ /* return */ int ic = PySequence_Contains(_available_by_default, name); if (ic < 0) return -1; if (ic) return 0; /* if name != '__iter__' or hasattr(object, name): */ /* __traceback_supplement__ = (TracebackSupplement, object) */ /* raise ForbiddenAttribute, (name, object) */ if (strcmp("__iter__", PyString_AS_STRING(name)) == 0 && ! PyObject_HasAttr(object, name)) /* We want an attr error if we're asked for __iter__ and we don't have it. We'll get one by allowing the access. */ return 0; } { PyObject *args; args = Py_BuildValue("OO", name, object); if (args != NULL) { PyErr_SetObject(ForbiddenAttribute, args); Py_DECREF(args); } return -1; } }
bool NotificationPresenterImpl::show(Notification* notification) { ASSERT(notification); ASSERT(notification->scriptExecutionContext()); RefPtr<Notification> n = notification; if (m_notifications.contains(n)) return false; if (checkPermission(notification->scriptExecutionContext()) != NotificationPresenter::PermissionAllowed) return false; String uuid = createCanonicalUUIDString(); m_notifications.add(n, uuid); String message; if (n->isHTML()) { // FIXME: Load and display HTML content. message = n->url().string(); } else { // FIXME: Strip the content into one line. message = n->contents().title() + ": " + n->contents().body(); } m_platformPresenter->show(std::string(uuid.utf8().data()), std::string(message.utf8().data())); return true; }
/* def check_setattr(self, object, name): */ static PyObject * Checker_check_setattr(Checker *self, PyObject *args) { PyObject *object, *name, *permission=NULL; if (!PyArg_ParseTuple(args, "OO", &object, &name)) return NULL; /* permission = self._permission_func(name) */ if (self->setperms) permission = PyDict_GetItem(self->setperms, name); /* if permission is not None: */ if (permission != NULL) { /* if permission is CheckerPublic: */ /* return # Public */ if (permission != CheckerPublic && checkPermission(permission, object, name) < 0) return NULL; Py_INCREF(Py_None); return Py_None; } /* __traceback_supplement__ = (TracebackSupplement, object) */ /* raise ForbiddenAttribute, (name, object) */ args = Py_BuildValue("OO", name, object); if (args != NULL) { PyErr_SetObject(ForbiddenAttribute, args); Py_DECREF(args); } return NULL; }
MojErr MojDbKind::update(MojObject* newObj, const MojObject* oldObj, MojDbOp op, MojDbReq& req, bool checkSchema) { MojLogTrace(s_log); MojErr err = checkPermission(op, req); MojErrCheck(err); err = req.curKind(this); MojErrCheck(err); #if defined(TESTDBKIND) MojString s; MojErr e2; if (oldObj) { e2 = oldObj->toJson(s); MojLogInfo(s_log, _T("Kind_Update_OldObj: %s ;\n"), s.data()); } if (newObj) { e2 = newObj->toJson(s); MojLogInfo(s_log, _T("Kind_Update_NewObj: %s ;\n"), s.data()); } #endif if (newObj) { // add the _backup property if not set if (m_backup && !newObj->contains(MojDb::SyncKey)) { err = newObj->putBool(MojDb::SyncKey, true); MojErrCheck(err); } // TEMPORARY!!! This should be done in pre-update to also check parent kinds // warning message comes from preUpdate if(checkSchema) { MojSchema::Result res; err = m_schema.validate(*newObj, res); MojErrCheck(err); if (!res.valid()) { MojErrThrowMsg(MojErrSchemaValidation, _T("schema validation failed for kind '%s': %s"), m_id.data(), res.msg().data()); } } } // update revSets and validate schema err = preUpdate(newObj, oldObj, req); MojErrCheck(err); // update indexes MojVector<MojDbKind*> kindVec; MojInt32 idxcount = 0; err = updateIndexes(newObj, oldObj, req, op, kindVec, idxcount); MojLogInfo(s_log, _T("Kind_UpdateIndexes_End: %s; supers = %zu; indexcount = %zu; updated = %d \n"), this->id().data(), m_supers.size(), m_indexes.size(), idxcount); MojErrCheck(err); return MojErrNone; }
void NotificationPresenterClientQt::requestPermission(ScriptExecutionContext* context, PassRefPtr<NotificationPermissionCallback> callback) { if (dumpNotification) printf("DESKTOP NOTIFICATION PERMISSION REQUESTED: %s\n", QString(context->securityOrigin()->toString()).toUtf8().constData()); NotificationClient::Permission permission = checkPermission(context); if (permission != NotificationClient::PermissionNotAllowed) { if (callback) callback->handleEvent(Notification::permissionString(permission)); return; } QHash<ScriptExecutionContext*, CallbacksInfo >::iterator iter = m_pendingPermissionRequests.find(context); if (iter != m_pendingPermissionRequests.end()) iter.value().m_callbacks.append(callback); else { RefPtr<NotificationPermissionCallback> cb = callback; CallbacksInfo info; info.m_frame = toFrame(context); info.m_callbacks.append(cb); if (toPage(context) && toFrame(context)) { m_pendingPermissionRequests.insert(context, info); toPage(context)->notificationsPermissionRequested(toFrame(context)); } } }
bool HostFolder::remove(const std::string &name) { auto hostPath = mPath.join(name); auto winPath = platform::toWinApiString(hostPath.path()); auto child = findChild(name); if (!child) { // File / Directory does not exist, nothing to do return true; } if (!checkPermission(Permissions::Write)) { return false; } auto removed = false; if (child->type() == NodeType::FileNode) { removed = !!DeleteFileW(winPath.c_str()); } else if (child->type() == NodeType::FolderNode) { removed = !!RemoveDirectoryW(winPath.c_str()); } if (removed) { mVirtual.deleteChild(child); } return removed; }
Node * HostFolder::addFolder(const std::string &name) { auto hostPath = mPath.join(name); auto winPath = platform::toWinApiString(hostPath.path()); auto child = findChild(name); if (child) { if (child->type() == NodeType::FolderNode) { return child; } return nullptr; } if (!checkPermission(Permissions::Write)) { return nullptr; } if (_wmkdir(winPath.c_str())) { return nullptr; } return registerFolder(hostPath, name); }
bool checkCallingPermission(const String16& permission, int32_t* outPid, int32_t* outUid) { IPCThreadState* ipcState = IPCThreadState::self(); pid_t pid = ipcState->getCallingPid(); uid_t uid = ipcState->getCallingUid(); if (outPid) *outPid = pid; if (outUid) *outUid = uid; return checkPermission(permission, pid, uid); }
AudioSystem::device_connection_state AudioPolicyService::getDeviceConnectionState(AudioSystem::audio_devices device, const char *device_address) { if (mpPolicyManager == NULL) { return AudioSystem::DEVICE_STATE_UNAVAILABLE; } if (!checkPermission()) { return AudioSystem::DEVICE_STATE_UNAVAILABLE; } return mpPolicyManager->getDeviceConnectionState(device, device_address); }
status_t AudioPolicyService::setRingerMode(uint32_t mode, uint32_t mask) { if (mpPolicyManager == NULL) { return NO_INIT; } if (!checkPermission()) { return PERMISSION_DENIED; } mpPolicyManager->setRingerMode(mode, mask); return NO_ERROR; }
status_t MediaRecorderClient::setAudioSource(int as) { LOGV("setAudioSource(%d)", as); if (!checkPermission(recordAudioPermission)) { return PERMISSION_DENIED; } Mutex::Autolock lock(mLock); if (mRecorder == NULL) { LOGE("recorder is not initialized"); return NO_INIT; } return mRecorder->setAudioSource((audio_source_t)as); }
status_t AudioPolicyService::getStreamVolumeIndex(AudioSystem::stream_type stream, int *index) { if (mpPolicyManager == NULL) { return NO_INIT; } if (!checkPermission()) { return PERMISSION_DENIED; } if (stream < 0 || stream >= AudioSystem::NUM_STREAM_TYPES) { return BAD_VALUE; } return mpPolicyManager->getStreamVolumeIndex(stream, index); }
AudioSystem::forced_config AudioPolicyService::getForceUse(AudioSystem::force_use usage) { if (mpPolicyManager == NULL) { return AudioSystem::FORCE_NONE; } if (!checkPermission()) { return AudioSystem::FORCE_NONE; } if (usage < 0 || usage >= AudioSystem::NUM_FORCE_USE) { return AudioSystem::FORCE_NONE; } return mpPolicyManager->getForceUse(usage); }
status_t MediaRecorderClient::setVideoSource(int vs) { LOGV("setVideoSource(%d)", vs); if (!checkPermission(cameraPermission)) { return PERMISSION_DENIED; } Mutex::Autolock lock(mLock); if (mRecorder == NULL) { LOGE("recorder is not initialized"); return NO_INIT; } return mRecorder->setVideoSource((video_source)vs); }
status_t AudioPolicyService::initStreamVolume(AudioSystem::stream_type stream, int indexMin, int indexMax) { if (mpPolicyManager == NULL) { return NO_INIT; } if (!checkPermission()) { return PERMISSION_DENIED; } if (stream < 0 || stream >= AudioSystem::NUM_STREAM_TYPES) { return BAD_VALUE; } mpPolicyManager->initStreamVolume(stream, indexMin, indexMax); return NO_ERROR; }
MojErr MojDbKind::find(MojDbCursor& cursor, MojDbWatcher* watcher, MojDbReq& req, MojDbOp op) { MojLogTrace(s_log); MojErr err = checkPermission(op, req); MojErrCheck(err); const MojDbQuery& query = cursor.query(); MojDbIndex* index = indexForQuery(query); if (index == NULL) MojErrThrow(MojErrDbNoIndexForQuery); cursor.m_dbIndex = index; MojLogInfo(s_log, _T("Dbkind_find: Kind: %s, UsingIndex: %s, order: %s, limit: %d \n"), m_id.data(), index->name().data(), query.order().data(), (int)query.limit()); err = index->find(cursor, watcher, req); MojErrCheck(err); return MojErrNone; }
status_t AudioPolicyService::setForceUse(AudioSystem::force_use usage, AudioSystem::forced_config config) { if (mpPolicyManager == NULL) { return NO_INIT; } if (!checkPermission()) { return PERMISSION_DENIED; } if (usage < 0 || usage >= AudioSystem::NUM_FORCE_USE) { return BAD_VALUE; } if (config < 0 || config >= AudioSystem::NUM_FORCE_CONFIG) { return BAD_VALUE; } LOGV("setForceUse() tid %d", gettid()); Mutex::Autolock _l(mLock); mpPolicyManager->setForceUse(usage, config); return NO_ERROR; }
void BaseMainPage::navigatorPageAt(int index, bool force) { if(index < 0 || index >=4) return; if(!checkPermission() && !force) return; changeNavigator(index); QList<int> navigatorPageIndex; navigatorPageIndex.append(RUNPAGE_INDEX); navigatorPageIndex.append(RUNPARAMPAGE_INDEX); navigatorPageIndex.append(SETUPPAGE_INDEX); navigatorPageIndex.append(DEBUGPRESS_INDEX); ui.bottomWidget->changeNavigatorDisp(index);//改变导航栏显示; changePage(navigatorPageIndex.at(index)); }
status_t BnPermissionController::onTransact( uint32_t code, const Parcel& data, Parcel* reply, uint32_t flags) { //printf("PermissionController received: "); data.print(); switch(code) { case CHECK_PERMISSION_TRANSACTION: { CHECK_INTERFACE(IPermissionController, data, reply); String16 permission = data.readString16(); int32_t pid = data.readInt32(); int32_t uid = data.readInt32(); bool res = checkPermission(permission, pid, uid); // write exception reply->writeInt32(0); reply->writeInt32(res ? 1 : 0); return NO_ERROR; } break; default: return BBinder::onTransact(code, data, reply, flags); } }
status_t AudioPolicyService::setPhoneState(int state) { if (mpPolicyManager == NULL) { return NO_INIT; } if (!checkPermission()) { return PERMISSION_DENIED; } if (state < 0 || state >= AudioSystem::NUM_MODES) { return BAD_VALUE; } LOGV("setPhoneState() tid %d", gettid()); // TODO: check if it is more appropriate to do it in platform specific policy manager AudioSystem::setMode(state); Mutex::Autolock _l(mLock); mpPolicyManager->setPhoneState(state); return NO_ERROR; }
bool Permission::doCheckPermission(pid_t pid, uid_t uid) const { if ((uid == 0) || (pid == mPid)) { // root and ourselves is always okay return true; } else { // see if we already granted this permission for this uid Mutex::Autolock _l(mLock); if (mGranted.indexOf(uid) >= 0) return true; } bool granted = checkPermission(mPermissionName, pid, uid); if (granted) { Mutex::Autolock _l(mLock); // no need to check again, the old item will be replaced if it is // already there. mGranted.add(uid); } return granted; }
status_t AudioPolicyService::setDeviceConnectionState(AudioSystem::audio_devices device, AudioSystem::device_connection_state state, const char *device_address) { if (mpPolicyManager == NULL) { return NO_INIT; } if (!checkPermission()) { return PERMISSION_DENIED; } if (!AudioSystem::isOutputDevice(device) && !AudioSystem::isInputDevice(device)) { return BAD_VALUE; } if (state != AudioSystem::DEVICE_STATE_AVAILABLE && state != AudioSystem::DEVICE_STATE_UNAVAILABLE) { return BAD_VALUE; } LOGV("setDeviceConnectionState() tid %d", gettid()); Mutex::Autolock _l(mLock); return mpPolicyManager->setDeviceConnectionState(device, state, device_address); }
bool NotificationPresenterImpl::show(Notification* n) { if (NotificationPresenter::PermissionAllowed != checkPermission(n->scriptExecutionContext())) return false; RefPtr<Notification> notification = n; if (m_notifications.contains(notification)) return false; String uuid = createCanonicalUUIDString(); m_notifications.add(notification, uuid); String message; if (notification->isHTML()) // FIXME: load and display HTML content message = notification->url().string(); else message = notification->contents().title() + ": " + notification->contents().body(); // FIXME: strip to one line m_platformPresenter->show(std::string(uuid.utf8().data()), std::string(message.utf8().data())); return true; }
bool HostFolder::remove(const std::string &name) { auto hostPath = mPath.join(name); auto child = findChild(name); if (!child) { // File / Directory does not exist, nothing to do return true; } if (!checkPermission(Permissions::Write)) { return false; } if (remove(hostPath.path().c_str())) { return false; } mVirtual.deleteChild(child); return true; }
MojErr MojDbKind::drop(MojDbReq& req) { MojLogTrace(s_log); MojErr err = checkPermission(OpKindUpdate, req); MojErrCheck(err); err = req.curKind(this); MojErrCheck(err); // drop indexes MojErr errAcc = MojErrNone; for (IndexVec::ConstIterator i = m_indexes.begin(); i != m_indexes.end(); ++i) { errAcc = dropIndex(i->get(), req); MojErrAccumulate(err, errAcc); } m_indexes.clear(); // remove self from super/sub kinds errAcc = close(); MojErrAccumulate(err, errAcc); return err; }
void NotificationManager::addNotification(const Compositor::NotificationData& data) { ILOG_TRACE_F(ILX_NOTIFICATIONMAN); // check if origin is allowed to push notifications. if (!checkPermission(data)) return; // create a new notification. Notification* notification = new Notification(data, _compositor); Size s = notification->preferredSize(); notification->setGeometry(_compositor->width() - 400, 10, 400, s.height()); _compositor->addWidget(notification); notification->bringToFront(); if (replacePending(notification) || replaceActive(notification)) return; pthread_mutex_lock(&_pendingMutex); _pending.push_back(notification); pthread_mutex_unlock(&_pendingMutex); // arrangeNotifications(s.height()); }
String Notification::permission(ExecutionContext* context) { return permissionString(checkPermission(context)); }
status_t BnFingerprintDaemon::onTransact(uint32_t code, const Parcel& data, Parcel* reply, uint32_t flags) { switch(code) { case AUTHENTICATE: { CHECK_INTERFACE(IFingerprintDaemon, data, reply); if (!checkPermission(HAL_FINGERPRINT_PERMISSION)) { return PERMISSION_DENIED; } const uint64_t sessionId = data.readInt64(); const uint32_t groupId = data.readInt32(); const int32_t ret = authenticate(sessionId, groupId); reply->writeNoException(); reply->writeInt32(ret); return NO_ERROR; }; case CANCEL_AUTHENTICATION: { CHECK_INTERFACE(IFingerprintDaemon, data, reply); if (!checkPermission(HAL_FINGERPRINT_PERMISSION)) { return PERMISSION_DENIED; } const int32_t ret = stopAuthentication(); reply->writeNoException(); reply->writeInt32(ret); return NO_ERROR; } case ENROLL: { CHECK_INTERFACE(IFingerprintDaemon, data, reply); if (!checkPermission(HAL_FINGERPRINT_PERMISSION)) { return PERMISSION_DENIED; } const ssize_t tokenSize = data.readInt32(); const uint8_t* token = static_cast<const uint8_t *>(data.readInplace(tokenSize)); const int32_t groupId = data.readInt32(); const int32_t timeout = data.readInt32(); const int32_t ret = enroll(token, tokenSize, groupId, timeout); reply->writeNoException(); reply->writeInt32(ret); return NO_ERROR; } case CANCEL_ENROLLMENT: { CHECK_INTERFACE(IFingerprintDaemon, data, reply); if (!checkPermission(HAL_FINGERPRINT_PERMISSION)) { return PERMISSION_DENIED; } const int32_t ret = stopEnrollment(); reply->writeNoException(); reply->writeInt32(ret); return NO_ERROR; } case PRE_ENROLL: { CHECK_INTERFACE(IFingerprintDaemon, data, reply); if (!checkPermission(HAL_FINGERPRINT_PERMISSION)) { return PERMISSION_DENIED; } const uint64_t ret = preEnroll(); reply->writeNoException(); reply->writeInt64(ret); return NO_ERROR; } case POST_ENROLL: { CHECK_INTERFACE(IFingerprintDaemon, data, reply); if (!checkPermission(HAL_FINGERPRINT_PERMISSION)) { return PERMISSION_DENIED; } const int32_t ret = postEnroll(); reply->writeNoException(); reply->writeInt32(ret); return NO_ERROR; } case REMOVE: { CHECK_INTERFACE(IFingerprintDaemon, data, reply); if (!checkPermission(HAL_FINGERPRINT_PERMISSION)) { return PERMISSION_DENIED; } const int32_t fingerId = data.readInt32(); const int32_t groupId = data.readInt32(); const int32_t ret = remove(fingerId, groupId); reply->writeNoException(); reply->writeInt32(ret); return NO_ERROR; } case ENUMERATE: { CHECK_INTERFACE(IFingerprintDaemon, data, reply); if (!checkPermission(HAL_FINGERPRINT_PERMISSION)) { return PERMISSION_DENIED; } const int32_t ret = enumerate(); reply->writeNoException(); reply->writeInt32(ret); return NO_ERROR; } case GET_AUTHENTICATOR_ID: { CHECK_INTERFACE(IFingerprintDaemon, data, reply); if (!checkPermission(HAL_FINGERPRINT_PERMISSION)) { return PERMISSION_DENIED; } const uint64_t ret = getAuthenticatorId(); reply->writeNoException(); reply->writeInt64(ret); return NO_ERROR; } case SET_ACTIVE_GROUP: { CHECK_INTERFACE(IFingerprintDaemon, data, reply); if (!checkPermission(HAL_FINGERPRINT_PERMISSION)) { return PERMISSION_DENIED; } const int32_t group = data.readInt32(); const ssize_t pathSize = data.readInt32(); const uint8_t* path = static_cast<const uint8_t *>(data.readInplace(pathSize)); const int32_t ret = setActiveGroup(group, path, pathSize); reply->writeNoException(); reply->writeInt32(ret); return NO_ERROR; } case OPEN_HAL: { CHECK_INTERFACE(IFingerprintDaemon, data, reply); if (!checkPermission(HAL_FINGERPRINT_PERMISSION)) { return PERMISSION_DENIED; } const int64_t ret = openHal(); reply->writeNoException(); reply->writeInt64(ret); return NO_ERROR; } case CLOSE_HAL: { CHECK_INTERFACE(IFingerprintDaemon, data, reply); if (!checkPermission(HAL_FINGERPRINT_PERMISSION)) { return PERMISSION_DENIED; } const int32_t ret = closeHal(); reply->writeNoException(); reply->writeInt32(ret); return NO_ERROR; } case INIT: { CHECK_INTERFACE(IFingerprintDaemon, data, reply); if (!checkPermission(HAL_FINGERPRINT_PERMISSION)) { return PERMISSION_DENIED; } sp<IFingerprintDaemonCallback> callback = interface_cast<IFingerprintDaemonCallback>(data.readStrongBinder()); init(callback); reply->writeNoException(); return NO_ERROR; } default: return BBinder::onTransact(code, data, reply, flags); } };
status_t BnPermissionController::onTransact( uint32_t code, const Parcel& data, Parcel* reply, uint32_t flags) { switch(code) { case CHECK_PERMISSION_TRANSACTION: { CHECK_INTERFACE(IPermissionController, data, reply); String16 permission = data.readString16(); int32_t pid = data.readInt32(); int32_t uid = data.readInt32(); bool res = checkPermission(permission, pid, uid); reply->writeNoException(); reply->writeInt32(res ? 1 : 0); return NO_ERROR; } break; case NOTE_OP_TRANSACTION: { CHECK_INTERFACE(IPermissionController, data, reply); String16 op = data.readString16(); int32_t uid = data.readInt32(); String16 packageName = data.readString16(); int32_t res = noteOp(op, uid, packageName); reply->writeNoException(); reply->writeInt32(res); return NO_ERROR; } break; case GET_PACKAGES_FOR_UID_TRANSACTION: { CHECK_INTERFACE(IPermissionController, data, reply); int32_t uid = data.readInt32(); Vector<String16> packages; getPackagesForUid(uid, packages); reply->writeNoException(); size_t size = packages.size(); reply->writeInt32(size); for (size_t i = 0; i < size; i++) { reply->writeString16(packages[i]); } return NO_ERROR; } break; case IS_RUNTIME_PERMISSION_TRANSACTION: { CHECK_INTERFACE(IPermissionController, data, reply); String16 permission = data.readString16(); const bool res = isRuntimePermission(permission); reply->writeNoException(); reply->writeInt32(res ? 1 : 0); return NO_ERROR; } break; case GET_PACKAGE_UID_TRANSACTION: { CHECK_INTERFACE(IPermissionController, data, reply); String16 package = data.readString16(); int flags = data.readInt32(); const int uid = getPackageUid(package, flags); reply->writeNoException(); reply->writeInt32(uid); return NO_ERROR; } break; default: return BBinder::onTransact(code, data, reply, flags); } }
PermissionManager::Result PermissionManager::checkPermission(const Character* character, std::string permission) { return checkPermission(character->getAccountLevel(), permission); }