[sugar] Initial Security Patches

Michael Stone michael at laptop.org
Mon Jul 30 16:21:36 EDT 2007


Dear Sugar developers,

Attached are the first round of containerization patches for review. These
patches cause Sugar to use Rainbow to launch activities and cause Sugar to
notify Rainbow of foreground-activity-changed events, both conditional on the
existence of the flag-file '/etc/olpc-security'. They apply cleanly and work
for me on a 539 installation.

Michael

P.S. - For anyone who wants to peek (or poke), I'm maintaining these patches
(and any future patches we find we need) in the master branch of 

  git://dev.laptop.org/users/mstone/sugar

-------------- next part --------------
diff --git a/shell/shellservice.py b/shell/shellservice.py
index 5728e44..cff2a17 100644
--- a/shell/shellservice.py
+++ b/shell/shellservice.py
@@ -16,6 +16,7 @@
 
 """D-bus service providing access to the shell's functionality"""
 import dbus
+import os
 
 from model import bundleregistry
 
@@ -58,6 +59,12 @@ class ShellService(dbus.service.Object):
 
         bundle_registry = bundleregistry.get_registry()
         bundle_registry.connect('bundle-added', self._bundle_added_cb)
+
+        if os.path.exists('/etc/olpc-security'):
+            system_bus = dbus.SystemBus()
+            rainbow = system_bus.get_object('org.laptop.security.Rainbow', '/')
+            self.rainbow = dbus.Interface(rainbow,
+                               dbus_interface='org.laptop.security.Rainbow')
         
         bus = dbus.SessionBus()
         bus_name = dbus.service.BusName(_DBUS_SERVICE, bus=bus)
@@ -160,7 +167,8 @@ class ShellService(dbus.service.Object):
 
     @dbus.service.signal(_DBUS_OWNER_IFACE, signature="s")
     def CurrentActivityChanged(self, activity_id):
-        pass
+        if os.path.exists('/etc/olpc-security'):
+            self.rainbow.activity_changed(activity_id)
 
     def _cur_activity_changed_cb(self, owner, new_activity):
         new_id = ""
-------------- next part --------------
diff --git a/sugar/activity/activityfactory.py b/sugar/activity/activityfactory.py
index 404e5f4..8b8f324 100644
--- a/sugar/activity/activityfactory.py
+++ b/sugar/activity/activityfactory.py
@@ -26,12 +26,18 @@ from sugar.presence import presenceservice
 from sugar.activity.activityhandle import ActivityHandle
 from sugar import util
 
+import os
+
 _SHELL_SERVICE = "org.laptop.Shell"
 _SHELL_PATH = "/org/laptop/Shell"
 _SHELL_IFACE = "org.laptop.Shell"
 
 _ACTIVITY_FACTORY_INTERFACE = "org.laptop.ActivityFactory"
 
+_RAINBOW_SERVICE_NAME = "org.laptop.security.Rainbow"
+_RAINBOW_ACTIVITY_FACTORY_PATH = "/"
+_RAINBOW_ACTIVITY_FACTORY_INTERFACE = "org.laptop.security.Rainbow"
+
 def create_activity_id():
     """Generate a new, unique ID for this activity"""
     pservice = presenceservice.get_instance()
@@ -84,6 +90,9 @@ class ActivityCreationHandler(gobject.GObject):
         particular type of activity is created during the activity
         registration process in shell bundle registry which creates 
         service definition files for each registered bundle type.
+
+        If the file '/etc/olpc-security' exists, then activity launching 
+        will be delegated to the prototype 'Rainbow' security service.
         """
         gobject.GObject.__init__(self)
         self._service_name = service_name
@@ -112,10 +121,22 @@ class ActivityCreationHandler(gobject.GObject):
                     reply_handler=self._no_reply_handler,
                     error_handler=self._notify_launch_error_handler)
 
-        self._factory.create(self._activity_handle.get_dict(),
-                             timeout=120 * 1000,
-                             reply_handler=self._no_reply_handler,
-                             error_handler=self._create_error_handler)
+        if not os.path.exists('/etc/olpc-security'):
+            self._factory.create(self._activity_handle.get_dict(),
+                                 timeout=120 * 1000,
+                                 reply_handler=self._no_reply_handler,
+                                 error_handler=self._create_error_handler)
+        else:
+            system_bus = dbus.SystemBus()
+            factory = system_bus.get_object(_RAINBOW_SERVICE_NAME,
+                                     _RAINBOW_ACTIVITY_FACTORY_PATH)
+            factory.create_activity(self._service_name,
+                self._activity_handle.get_dict(),
+                timeout=120 * 1000,
+                reply_handler=self._no_reply_handler,
+                error_handler=self._create_error_handler,
+                dbus_interface=_RAINBOW_ACTIVITY_FACTORY_INTERFACE)
+            
 
     def get_activity_id(self):
         """Retrieve the unique identity for this activity"""


More information about the Sugar mailing list