Add privilege checker

Change-Id: Ie2c767cf078228305d09613d74d6f2f3a34b3f6c
Signed-off-by: Minje Ahn <minje.ahn@samsung.com>

diff --git a/packaging/capi-media-controller.spec b/packaging/capi-media-controller.spec
index 9578850..8f60832 100755 (executable)
--- a/packaging/capi-media-controller.spec
+++ b/packaging/capi-media-controller.spec
@@ -1,6 +1,6 @@
 Name:       capi-media-controller
 Summary:    A media controller library in Tizen Native API
-Version:    0.0.13
+Version:    0.0.14
 Release:    1
 Group:      Multimedia/API
 License:    Apache-2.0

diff --git a/src/media_controller_ipc.c b/src/media_controller_ipc.c
index 0adc70c..df34401 100755 (executable)
--- a/src/media_controller_ipc.c
+++ b/src/media_controller_ipc.c
@@ -25,16 +25,12 @@
 #define MC_SVC_NAME "mediacontroller"
 
 /* This checks if service daemon is running */
-static gboolean __is_service_activated()
+static int __is_service_activated()
 {
-       gboolean ret = FALSE;
+       int  ret = MEDIA_CONTROLLER_ERROR_NONE;
        ret = mc_ipc_send_message_to_server(MC_MSG_SERVER_CONNECTION, MC_SERVER_CONNECTION_MSG);
-       if (ret != MEDIA_CONTROLLER_ERROR_NONE) {
-               mc_error("Failed to mc_ipc_send_message_to_server [%d]", ret);
-               return FALSE;
-       }
 
-       return TRUE;
+       return ret;
 }
 
 static char *__make_key_for_map(const char *main_key, const char *sub_key)
@@ -387,9 +383,15 @@ int mc_ipc_service_connect(void)
        struct sockaddr_un serv_addr;
        unsigned int retrycount = 0;
 
-       if (__is_service_activated() == TRUE) {
+        ret = __is_service_activated();
+
+       if (ret == MEDIA_CONTROLLER_ERROR_NONE) {
                mc_debug("service is already running!");
-               return MEDIA_CONTROLLER_ERROR_NONE;
+               return ret;
+       }
+       else if (ret == MEDIA_CONTROLLER_ERROR_PERMISSION_DENIED) {
+               mc_error("Permission deny!");
+               return ret;
        }
 
        /*Create Socket*/
@@ -411,7 +413,7 @@ int mc_ipc_service_connect(void)
 
        mc_ipc_delete_client_socket(&sock_info);
 
-       while ((__is_service_activated() == FALSE) && (retrycount++ < MAX_WAIT_COUNT)) {
+       while ((__is_service_activated() != MEDIA_CONTROLLER_ERROR_NONE) && (retrycount++ < MAX_WAIT_COUNT)) {
                MC_MILLISEC_SLEEP(200);
                mc_error("[No-Error] retry count [%d]", retrycount);
        }

diff --git a/svc/media_controller_svc.c b/svc/media_controller_svc.c
index aa65779..e7ab9af 100755 (executable)
--- a/svc/media_controller_svc.c
+++ b/svc/media_controller_svc.c
@@ -218,6 +218,21 @@ gboolean _mc_read_service_request_tcp_socket(GIOChannel *src, GIOCondition condi
                        }
                }
        } else if (recv_msg.msg_type == MC_MSG_SERVER_CONNECTION) {
+               ret = mc_cynara_check(&creds, MC_CLIENT_PRIVILEGE);
+               if (ret != MEDIA_CONTROLLER_ERROR_NONE) {
+                       mc_error("permission is denied![%d]", ret);
+                       ret = mc_cynara_check(&creds, MC_SERVER_PRIVILEGE);
+                       if (ret != MEDIA_CONTROLLER_ERROR_NONE) {
+                               mc_error("permission is denied![%d]", ret);
+
+                               send_msg = MEDIA_CONTROLLER_ERROR_PERMISSION_DENIED;
+                               goto ERROR;
+                       }
+               }
+
+               MC_SAFE_FREE(creds.uid);
+               MC_SAFE_FREE(creds.smack);
+
                if (recv_msg.msg_size > 0) {
                        if (strncmp(recv_msg.msg, MC_SERVER_CONNECTION_MSG, recv_msg.msg_size) == 0) {
                                if (g_connection_cnt == -1)