Music Hub  ..
A session-wide music playback service
lomiri.h
Go to the documentation of this file.
1 /*
2  * Copyright © 2014 Canonical Ltd.
3  * Copyright © 2022 UBports Foundation.
4  *
5  * Contact: Alberto Mardegan <mardy@users.sourceforge.net>
6  *
7  * This program is free software: you can redistribute it and/or modify it
8  * under the terms of the GNU Lesser General Public License version 3,
9  * as published by the Free Software Foundation.
10  *
11  * This program is distributed in the hope that it will be useful,
12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14  * GNU Lesser General Public License for more details.
15  *
16  * You should have received a copy of the GNU Lesser General Public License
17  * along with this program. If not, see <http://www.gnu.org/licenses/>.
18  *
19  * Authored by: Thomas Voß <thomas.voss@canonical.com>
20  */
21 #ifndef LOMIRI_MEDIAHUBSERVICE_APPARMOR_LOMIRI_H
22 #define LOMIRI_MEDIAHUBSERVICE_APPARMOR_LOMIRI_H
23 
24 #include "apparmor/context.h"
25 
26 #include <QDBusConnection>
27 #include <QSharedPointer>
28 #include <QStringList>
29 
30 #include <functional>
31 
32 class QUrl;
33 
34 namespace lomiri
35 {
36 namespace MediaHubService
37 {
38 namespace apparmor
39 {
40 // Collects Lomiri-specific apparmor conventions, e.g., format
41 // of short and full package names as well as convenience functionality
42 // to inspect apparmor::Context instances.
43 namespace lomiri
44 {
45 // The unconfined profile, unconditionally trusted
46 // by the system.
47 static constexpr const char* unconfined
48 {
49  "unconfined"
50 };
51 
52 class Context : public apparmor::Context
53 {
54 public:
55  // Constructs a new Context instance for the given raw name.
56  // Throws std::logic_error for empty names or for names not
57  // complying to Lomiri conventions.
58  Context(const QString &name);
59 
60  // Returns true iff the context is unconfined.
61  bool is_unconfined() const;
62 
63  // Returns true iff the context contains a package name.
64  bool has_package_name() const;
65 
66  // Returns the package name or throws if no package name can be found.
67  QString package_name() const;
68 
69  QString package_version() const;
70 
71  QString profile_name() const;
72 
73 private:
74  QStringList app_id_parts;
75  QString pkg_name_;
76  const bool unconfined_;
77  const bool has_package_name_;
78 };
79 
80 // Abstracts query for the apparmor context of an incoming request
82 {
83 public:
84  // To save us some typing.
85  typedef QSharedPointer<RequestContextResolver> Ptr;
86 
87  // Callback for resolve context operations.
88  typedef std::function<void(const Context&)> ResolveCallback;
89 
90  // Resolves the given name (of a dbus participant) to its apparmor context,
91  // invoking the callback whenever a result is available.
92  virtual void resolve_context_for_dbus_name_async(const QString &name, ResolveCallback cb) = 0;
93 
94 protected:
95  RequestContextResolver() = default;
97  virtual ~RequestContextResolver() = default;
99 };
100 
101 // An implementation of RequestContextResolver that queries the dbus
102 // daemon to resolve the apparmor context.
104 {
105 public:
106  // Constructs a new instance for the given bus connection.
108 
109  // From RequestContextResolver
110  void resolve_context_for_dbus_name_async(const QString &name, ResolveCallback) override;
111 
112 private:
113  QDBusConnection m_connection;
114 };
115 
116 // Abstracts an apparmor-based authentication of
117 // incoming requests from clients.
119 {
120 public:
121  // To save us some typing.
122  typedef QSharedPointer<RequestAuthenticator> Ptr;
123 
124  // Return type of an authentication call.
125  typedef std::tuple
126  <
127  bool, // True if authenticated, false if not.
128  QString // Reason for the result.
130 
131  virtual ~RequestAuthenticator() = default;
132 
133  // Returns true iff the client identified by the given apparmor::Context is allowed
134  // to access the given uri, false otherwise.
135  virtual Result authenticate_open_uri_request(const Context&, const QUrl &uri) = 0;
136 
137 protected:
138  RequestAuthenticator() = default;
139  RequestAuthenticator(const RequestAuthenticator&) = default;
141 };
142 
143 // Takes the existing logic and exposes it as an implementation
144 // of the RequestAuthenticator interface.
146 {
147  ExistingAuthenticator() = default;
148  // From RequestAuthenticator
149  Result authenticate_open_uri_request(const Context&, const QUrl &uri) override;
150 
151 private:
152  bool is_click_package_path(const Context&, const QString &path);
153 };
154 
155 }
156 }
157 }
158 }
159 
160 #endif // LOMIRI_MEDIAHUBSERVICE_APPARMOR_LOMIRI_H
lomiri::MediaHubService::apparmor::lomiri::RequestContextResolver::RequestContextResolver
RequestContextResolver()=default
lomiri::MediaHubService::apparmor::lomiri::RequestContextResolver::resolve_context_for_dbus_name_async
virtual void resolve_context_for_dbus_name_async(const QString &name, ResolveCallback cb)=0
lomiri::MediaHubService::apparmor::lomiri::ExistingAuthenticator
Definition: lomiri.h:145
lomiri::MediaHubService::apparmor::lomiri::Context::is_unconfined
bool is_unconfined() const
Definition: lomiri.cpp:90
lomiri::MediaHubService::apparmor::lomiri::DBusDaemonRequestContextResolver::DBusDaemonRequestContextResolver
DBusDaemonRequestContextResolver()
Definition: lomiri.cpp:123
lomiri::MediaHubService::apparmor::lomiri::RequestContextResolver::~RequestContextResolver
virtual ~RequestContextResolver()=default
lomiri::MediaHubService::apparmor::lomiri::Context::has_package_name
bool has_package_name() const
Definition: lomiri.cpp:95
lomiri::MediaHubService::apparmor::lomiri::Context::Context
Context(const QString &name)
Definition: lomiri.cpp:77
lomiri::MediaHubService::apparmor::lomiri::Context::package_name
QString package_name() const
Definition: lomiri.cpp:100
lomiri::MediaHubService::apparmor::lomiri::RequestAuthenticator::operator=
RequestAuthenticator & operator=(const RequestAuthenticator &)=default
lomiri::MediaHubService::apparmor::lomiri::RequestAuthenticator::Ptr
QSharedPointer< RequestAuthenticator > Ptr
Definition: lomiri.h:122
lomiri::MediaHubService::apparmor::lomiri::RequestAuthenticator::Result
std::tuple< bool, QString > Result
Definition: lomiri.h:129
lomiri::MediaHubService::apparmor::lomiri::ExistingAuthenticator::ExistingAuthenticator
ExistingAuthenticator()=default
lomiri::MediaHubService::apparmor::lomiri::Context::package_version
QString package_version() const
Definition: lomiri.cpp:105
lomiri::MediaHubService::apparmor::lomiri::ExistingAuthenticator::authenticate_open_uri_request
Result authenticate_open_uri_request(const Context &, const QUrl &uri) override
Definition: lomiri.cpp:190
lomiri::MediaHubService::apparmor::lomiri::RequestContextResolver
Definition: lomiri.h:81
lomiri::MediaHubService::apparmor::lomiri::DBusDaemonRequestContextResolver
Definition: lomiri.h:103
lomiri::MediaHubService::apparmor::lomiri::RequestAuthenticator::~RequestAuthenticator
virtual ~RequestAuthenticator()=default
lomiri::MediaHubService::apparmor::lomiri::RequestAuthenticator
Definition: lomiri.h:118
lomiri::MediaHubService::apparmor::Context
Definition: context.h:34
lomiri::MediaHubService::apparmor::lomiri::Context
Definition: lomiri.h:52
lomiri::MediaHubService::apparmor::lomiri::RequestContextResolver::Ptr
QSharedPointer< RequestContextResolver > Ptr
Definition: lomiri.h:85
lomiri::MediaHubService::apparmor
Definition: context.h:30
lomiri::MediaHubService::apparmor::lomiri::DBusDaemonRequestContextResolver::resolve_context_for_dbus_name_async
void resolve_context_for_dbus_name_async(const QString &name, ResolveCallback) override
Definition: lomiri.cpp:128
context.h
lomiri::MediaHubService::apparmor::lomiri::Context::profile_name
QString profile_name() const
Definition: lomiri.cpp:117
lomiri::MediaHubService::apparmor::lomiri::RequestAuthenticator::authenticate_open_uri_request
virtual Result authenticate_open_uri_request(const Context &, const QUrl &uri)=0
lomiri::MediaHubService::apparmor::lomiri::RequestAuthenticator::RequestAuthenticator
RequestAuthenticator()=default
lomiri
Definition: dbus_utils.h:24
lomiri::MediaHubService::apparmor::lomiri::RequestContextResolver::operator=
RequestContextResolver & operator=(const RequestContextResolver &)=delete
lomiri::MediaHubService::apparmor::lomiri::RequestContextResolver::ResolveCallback
std::function< void(const Context &)> ResolveCallback
Definition: lomiri.h:88