Revert "change the download-provider permission from root to web_fw" 83/74283/2 accepted/tizen/common/20160613.145048 accepted/tizen/mobile/20160614.041943 accepted/tizen/tv/20160614.042506 accepted/tizen/wearable/20160614.042242 submit/tizen_common/20160613.130215 submit/tizen_mobile/20160613.130153 submit/tizen_tv/20160613.130206 submit/tizen_wearable/20160613.130211
authorjaekuk, lee <juku1999@samsung.com>
Mon, 13 Jun 2016 12:49:22 +0000 (21:49 +0900)
committerjaekuk lee <juku1999@samsung.com>
Mon, 13 Jun 2016 12:50:37 +0000 (05:50 -0700)
This reverts commit aec384948ca516b84d53750bc9501f4fc584aa92

Change-Id: I7cd75b31c1498f870ce5528dc99115f15510b1c7
Signed-off-by: jaekuk, lee <juku1999@samsung.com>
packaging/download-provider.spec
provider/download-provider-plugin-download-agent.c
systemd/download-provider.service

index 01d4c67..ccf9113 100755 (executable)
@@ -1,7 +1,7 @@
 %define _ux_define tizen2.3
 Name:       download-provider
 Summary:    Download the contents in background
-Version:    2.1.56
+Version:    2.1.55
 Release:    0
 Group:      Development/Libraries
 License:    Apache-2.0
@@ -9,7 +9,6 @@ Source0:    %{name}-%{version}.tar.gz
 Requires(post): libdevice-node
 Requires(post): sqlite
 Requires(post): connman
-Requires: security-config
 BuildRequires:  cmake
 BuildRequires:  pkgconfig(dlog)
 BuildRequires:  pkgconfig(gobject-2.0)
@@ -196,16 +195,12 @@ ln -s ../download-provider.socket %{buildroot}/lib/systemd/system/sockets.target
 #make notify dir in post section for smack
 mkdir %{TZ_SYS_DATA}/download-provider
 mkdir -p %{_notifydir}
-chown -R web_fw:web_fw %{_notifydir}
 chsmack -a 'System::Shared' %{_notifydir}
-chsmack -t %{_notifydir}
+chsmack -t %{_notifydir}                                        
 mkdir -p --mode=0700 %{_databasedir}
-chown -R web_fw:web_fw %{_databasedir}
 #chsmack -a 'download-provider' %{_databasedir}
 mkdir -p --mode=0700 %{_database_client_dir}
 #chsmack -a 'download-provider' %{_database_client_dir}
-chown -R web_fw:web_fw %{_database_client_dir}
-chown -R web_fw:web_fw %{_data_install_path}
 
 %files
 %defattr(-,root,root,-)
index f65f86b..abba454 100755 (executable)
@@ -216,7 +216,9 @@ static int __set_file_permission_to_client(dp_client_slots_fmt *slot, dp_request
                                if (lstat_info.st_mode == fstat_info.st_mode &&
                                        lstat_info.st_ino == fstat_info.st_ino &&
                                        lstat_info.st_dev == fstat_info.st_dev) {
-                                       if (fchown(fd, cred.uid, cred.gid) != 0) {
+                                       if ((fchown(fd, cred.uid, cred.gid) != 0) ||
+                                               (fchmod(fd, S_IRUSR | S_IWUSR |
+                                                       S_IRGRP | S_IROTH) != 0)) {
                                                TRACE_ERROR("[ERROR][%d] permission user:%d group:%d",
                                                        request->id, cred.uid, cred.gid);
                                                errorcode = DP_ERROR_PERMISSION_DENIED;
@@ -238,6 +240,26 @@ static int __set_file_permission_to_client(dp_client_slots_fmt *slot, dp_request
                TRACE_ERROR("lstat call failed");
                errorcode = DP_ERROR_PERMISSION_DENIED;
        }
+       if (errorcode == DP_ERROR_NONE && dp_smack_is_mounted() == 1) {
+               // get smack_label from sql
+               char *smack_label = dp_db_get_client_smack_label(slot->pkgname);
+               if (smack_label == NULL) {
+                       TRACE_SECURE_ERROR("[SMACK][%d] no label", request->id);
+                       errorcode = DP_ERROR_PERMISSION_DENIED;
+               } else {
+                       size_t len = str - (saved_path);
+                       char *dir_path = (char *)calloc(len + 1, sizeof(char));
+                       if (dir_path != NULL) {
+                               strncpy(dir_path, saved_path, len);
+                               errorcode = dp_smack_set_label(smack_label, dir_path, saved_path);
+                               free(dir_path);
+                       } else {
+                               TRACE_ERROR("[ERROR] calloc");
+                               errorcode = DP_ERROR_OUT_OF_MEMORY;
+                       }
+                       free(smack_label);
+               }
+       }
        return errorcode;
 }
 
index 732d017..4286283 100755 (executable)
@@ -3,9 +3,6 @@ Description=Download provider service
 After=check-mount.service
 
 [Service]
-User=web_fw
-Group=web_fw
-SupplementaryGroups=priv_mediastorage
 Type=simple
 ExecStart=/usr/bin/download-provider
 MemoryLimit=100M