bool Cynara::check(const std::string &label, const std::string &privilege, const std::string &user, const std::string &session) { return checkCynaraError( cynara_check(m_Cynara, label.c_str(), session.c_str(), user.c_str(), privilege.c_str()), "Cannot check permission with Cynara."); }
static int _icd_cynara_check(GDBusMethodInvocation *invocation, const char **privileges) { #ifdef TZ_VER_3 FN_CALL; int i = 0; int ret; pid_t pid; char *user = NULL; char *client = NULL; char *session = NULL; const char *sender = NULL; GDBusConnection *conn = NULL; RETV_IF(NULL == _cynara, IOTCON_ERROR_SYSTEM); RETV_IF(NULL == invocation, IOTCON_ERROR_INVALID_PARAMETER); RETV_IF(NULL == privileges, IOTCON_ERROR_INVALID_PARAMETER); conn = g_dbus_method_invocation_get_connection(invocation); if (NULL == conn) { ERR("g_dbus_method_invocation_get_connection() return NULL"); return IOTCON_ERROR_SYSTEM; } sender = g_dbus_method_invocation_get_sender(invocation); if (NULL == sender) { ERR("g_dbus_method_invocation_get_sender() return NULL"); return IOTCON_ERROR_SYSTEM; } ret = cynara_creds_gdbus_get_client(conn, sender, CLIENT_METHOD_SMACK, &client); if (CYNARA_API_SUCCESS != ret) { ERR("cynara_creds_dbus_get_client() Fail(%d)", ret); return IOTCON_ERROR_SYSTEM; } ret = cynara_creds_gdbus_get_user(conn, sender, USER_METHOD_UID, &user); if (CYNARA_API_SUCCESS != ret) { ERR("cynara_creds_dbus_get_user() Fail(%d)", ret); free(client); return IOTCON_ERROR_SYSTEM; } ret = cynara_creds_gdbus_get_pid(conn, sender, &pid); if (CYNARA_API_SUCCESS != ret) { ERR("cynara_creds_gdbus_get_pid() Fail(%d)", ret); free(user); free(client); return IOTCON_ERROR_SYSTEM; } session = cynara_session_from_pid(pid); if (NULL == session) { ERR("cynara_session_from_pid() return NULL"); free(user); free(client); return IOTCON_ERROR_SYSTEM; } while (privileges[i]) { SECURE_DBG("privileges[%d]: %s, user: %s, client: %s", i, privileges[i], user, client); ret = cynara_check(_cynara, client, session, user, privileges[i]); if (CYNARA_API_ACCESS_DENIED == ret) { ERR("Denied (%s)", privileges[i]); free(session); free(user); free(client); return IOTCON_ERROR_PERMISSION_DENIED; } else if (CYNARA_API_ACCESS_ALLOWED != ret) { ERR("cynara_check(%s) Fail(%d)", privileges[i], ret); free(session); free(user); free(client); return IOTCON_ERROR_SYSTEM; } i++; } free(session); free(user); free(client); #endif return IOTCON_ERROR_NONE; }