[sugar] Initial Security Patches
Michael Stone
michael at laptop.org
Mon Jul 30 16:21:36 EDT 2007
Dear Sugar developers,
Attached are the first round of containerization patches for review. These
patches cause Sugar to use Rainbow to launch activities and cause Sugar to
notify Rainbow of foreground-activity-changed events, both conditional on the
existence of the flag-file '/etc/olpc-security'. They apply cleanly and work
for me on a 539 installation.
Michael
P.S. - For anyone who wants to peek (or poke), I'm maintaining these patches
(and any future patches we find we need) in the master branch of
git://dev.laptop.org/users/mstone/sugar
-------------- next part --------------
diff --git a/shell/shellservice.py b/shell/shellservice.py
index 5728e44..cff2a17 100644
--- a/shell/shellservice.py
+++ b/shell/shellservice.py
@@ -16,6 +16,7 @@
"""D-bus service providing access to the shell's functionality"""
import dbus
+import os
from model import bundleregistry
@@ -58,6 +59,12 @@ class ShellService(dbus.service.Object):
bundle_registry = bundleregistry.get_registry()
bundle_registry.connect('bundle-added', self._bundle_added_cb)
+
+ if os.path.exists('/etc/olpc-security'):
+ system_bus = dbus.SystemBus()
+ rainbow = system_bus.get_object('org.laptop.security.Rainbow', '/')
+ self.rainbow = dbus.Interface(rainbow,
+ dbus_interface='org.laptop.security.Rainbow')
bus = dbus.SessionBus()
bus_name = dbus.service.BusName(_DBUS_SERVICE, bus=bus)
@@ -160,7 +167,8 @@ class ShellService(dbus.service.Object):
@dbus.service.signal(_DBUS_OWNER_IFACE, signature="s")
def CurrentActivityChanged(self, activity_id):
- pass
+ if os.path.exists('/etc/olpc-security'):
+ self.rainbow.activity_changed(activity_id)
def _cur_activity_changed_cb(self, owner, new_activity):
new_id = ""
-------------- next part --------------
diff --git a/sugar/activity/activityfactory.py b/sugar/activity/activityfactory.py
index 404e5f4..8b8f324 100644
--- a/sugar/activity/activityfactory.py
+++ b/sugar/activity/activityfactory.py
@@ -26,12 +26,18 @@ from sugar.presence import presenceservice
from sugar.activity.activityhandle import ActivityHandle
from sugar import util
+import os
+
_SHELL_SERVICE = "org.laptop.Shell"
_SHELL_PATH = "/org/laptop/Shell"
_SHELL_IFACE = "org.laptop.Shell"
_ACTIVITY_FACTORY_INTERFACE = "org.laptop.ActivityFactory"
+_RAINBOW_SERVICE_NAME = "org.laptop.security.Rainbow"
+_RAINBOW_ACTIVITY_FACTORY_PATH = "/"
+_RAINBOW_ACTIVITY_FACTORY_INTERFACE = "org.laptop.security.Rainbow"
+
def create_activity_id():
"""Generate a new, unique ID for this activity"""
pservice = presenceservice.get_instance()
@@ -84,6 +90,9 @@ class ActivityCreationHandler(gobject.GObject):
particular type of activity is created during the activity
registration process in shell bundle registry which creates
service definition files for each registered bundle type.
+
+ If the file '/etc/olpc-security' exists, then activity launching
+ will be delegated to the prototype 'Rainbow' security service.
"""
gobject.GObject.__init__(self)
self._service_name = service_name
@@ -112,10 +121,22 @@ class ActivityCreationHandler(gobject.GObject):
reply_handler=self._no_reply_handler,
error_handler=self._notify_launch_error_handler)
- self._factory.create(self._activity_handle.get_dict(),
- timeout=120 * 1000,
- reply_handler=self._no_reply_handler,
- error_handler=self._create_error_handler)
+ if not os.path.exists('/etc/olpc-security'):
+ self._factory.create(self._activity_handle.get_dict(),
+ timeout=120 * 1000,
+ reply_handler=self._no_reply_handler,
+ error_handler=self._create_error_handler)
+ else:
+ system_bus = dbus.SystemBus()
+ factory = system_bus.get_object(_RAINBOW_SERVICE_NAME,
+ _RAINBOW_ACTIVITY_FACTORY_PATH)
+ factory.create_activity(self._service_name,
+ self._activity_handle.get_dict(),
+ timeout=120 * 1000,
+ reply_handler=self._no_reply_handler,
+ error_handler=self._create_error_handler,
+ dbus_interface=_RAINBOW_ACTIVITY_FACTORY_INTERFACE)
+
def get_activity_id(self):
"""Retrieve the unique identity for this activity"""
More information about the Sugar
mailing list