libcommon: Replace direct access to smack node with cynara/security-manager API

Considering no-smack environment, used API provided by cynara and
security-manager instead of direct access to the smack label node
/proc/<pid>/attr/current.

Change-Id: I6b2ce39a787726ad6c4b97fff0608ae2963f92fb
Signed-off-by: Youngjae Cho <y0.cho@samsung.com>

diff --git a/CMakeLists.txt b/CMakeLists.txt
index 87314e3e6ae293dc06d69745e803125ef50bc84b..92a00502c1103c4d47d2190ce1dbc0775d98b0b4 100644 (file)
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -38,7 +38,9 @@ pkg_check_modules(syscommon REQUIRED
        gio-unix-2.0
        dlog
        json-c
-       capi-system-info)
+       capi-system-info
+       cynara-creds-pid
+       security-manager)
 
 FOREACH(flag ${syscommon_CFLAGS})
        SET(EXTRA_CFLAGS "${EXTRA_CFLAGS} ${flag}")

diff --git a/packaging/libsyscommon.spec b/packaging/libsyscommon.spec
index 1d112a6fe4f7fed27e51900891d034beb655f0d0..bf61062e983fd3ebc5a449b60b9cb8ad9d794945 100644 (file)
--- a/packaging/libsyscommon.spec
+++ b/packaging/libsyscommon.spec
@@ -22,6 +22,8 @@ BuildRequires:  pkgconfig(dlog)
 BuildRequires:  pkgconfig(json-c)
 BuildRequires:  pkgconfig(capi-system-info)
 BuildRequires:  pkgconfig(capi-system-resource)
+BuildRequires:  pkgconfig(cynara-creds-pid)
+BuildRequires:  pkgconfig(security-manager)
 
 Requires:         /bin/cp
 Requires(post):   /sbin/ldconfig

diff --git a/src/libcommon/proc.c b/src/libcommon/proc.c
index 12ea0719184ec246782b0dc7ad246c74103e15c6..c2296320bd7fd7c11b34a00ffdea803c9d21b8b8 100644 (file)
--- a/src/libcommon/proc.c
+++ b/src/libcommon/proc.c
@@ -3,6 +3,10 @@
 #include <errno.h>
 #include <assert.h>
 #include <stdarg.h>
+#include <stdlib.h>
+
+#include <cynara-creds-pid.h>
+#include <security-manager/app-runtime.h>
 
 #include "shared/log.h"
 #include "libsyscommon/proc.h"
@@ -73,28 +77,38 @@ int syscommon_proc_get_cmdline(pid_t pid, char *buf, int len)
 
 int syscommon_proc_get_attr_current(pid_t pid, char *buf, int len)
 {
-       return proc_get_string(buf, len, "/proc/%d/attr/current", pid);
+       char *client = NULL;
+       int ret;
+
+       if (!buf)
+               return -EINVAL;
+
+       ret = cynara_creds_pid_get_client(pid, CLIENT_METHOD_DEFAULT, &client);
+       if (ret != CYNARA_API_SUCCESS)
+               return -EINVAL;
+
+       ret = snprintf(buf, len, "%s", client);
+
+       free(client);
+       client = NULL;
+
+       if (ret < 0)
+               return -EIO;
+
+       if (ret >= len)
+               return -EOVERFLOW;
+
+       return 0;
 }
 
 int syscommon_proc_is_app(pid_t pid)
 {
-       char attr[NAME_MAX] = { 0 ,};
-       int ret = 0;
+       bool is_app = false;
+       int ret;
 
-       ret = syscommon_proc_get_attr_current(pid, attr, sizeof(attr));
-       if (ret != 0) {
-               _E("Failed to read privilege, %d", ret);
+       ret = security_manager_is_app_from_pid(pid, &is_app);
+       if (ret != SECURITY_MANAGER_SUCCESS)
                return -1;
-       }
-
-       if (!strncmp("System", attr, sizeof("System")))
-               return 0;
-
-       if (!strncmp("User", attr, sizeof("User")))
-               return 0;
-
-       if (!strncmp("System::Privileged", attr, sizeof("System::Privileged")))
-               return 0;
 
-       return 1;
+       return is_app;
 }

diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt
index e53ee04e18738739c686c88d23a2324334cf10a8..a8064bcdc06bbd86afae5c3a793c5f07751c47ed 100644 (file)
--- a/tests/CMakeLists.txt
+++ b/tests/CMakeLists.txt
@@ -36,7 +36,9 @@ PKG_CHECK_MODULES(REQUIRED_PKGS REQUIRED
        glib-2.0
        json-c
        capi-system-info
-       cmocka)
+       cmocka
+       cynara-creds-pid
+       security-manager)
 
 ADD_EXECUTABLE(${TEST_DRIVER} ${SRCS})
 TARGET_LINK_LIBRARIES(${TEST_DRIVER} "${REQUIRED_PKGS_LDFLAGS} -ldl")