Instead of directly accessing /proc/<pid>/attr/current, cynara api is used.
Change-Id: I8be076bf58d5a7908897760693cf93af61aa68b9
Signed-off-by: Changgyu Choi <changyu.choi@samsung.com>
CMAKE_MINIMUM_REQUIRED(VERSION 2.8.12)
PROJECT(amd)
-IF(_TIZEN_FEATURE_SMACK_DISABLE)
-MESSAGE(STATUS "[SMACK] Disable")
-ADD_DEFINITIONS("-DTIZEN_FEATURE_SMACK_DISABLE")
-ELSE(_TIZEN_FEATURE_SMACK_DISABLE)
-MESSAGE(STATUS "[SMACK] Enable")
-ENDIF(_TIZEN_FEATURE_SMACK_DISABLE)
-
SET(EXTRA_FLAGS "${EXTRA_FLAGS} -Wall")
SET(EXTRA_FLAGS "${EXTRA_FLAGS} -Werror")
SET(EXTRA_FLAGS "${EXTRA_FLAGS} -Wl,-zdefs")
PKG_CHECK_MODULES(CAPI_SYSTEM_RESOURCE_DEPS REQUIRED capi-system-resource)
PKG_CHECK_MODULES(CERT_SVC_VCORE_DEPS REQUIRED cert-svc-vcore)
PKG_CHECK_MODULES(CYNARA_CLIENT_DEPS REQUIRED cynara-client)
+PKG_CHECK_MODULES(CYNARA_CREDS_PID_DEPS REQUIRED cynara-creds-pid)
PKG_CHECK_MODULES(CYNARA_CREDS_SOCKET_DEPS REQUIRED cynara-creds-socket)
PKG_CHECK_MODULES(CYNARA_SESSION_DEPS REQUIRED cynara-session)
PKG_CHECK_MODULES(DLOG_DEPS REQUIRED dlog)
BuildRequires: pkgconfig(capi-system-resource)
BuildRequires: pkgconfig(cert-svc-vcore)
BuildRequires: pkgconfig(cynara-client)
+BuildRequires: pkgconfig(cynara-creds-pid)
BuildRequires: pkgconfig(cynara-creds-socket)
BuildRequires: pkgconfig(cynara-session)
BuildRequires: pkgconfig(dlog)
%define tizen_feature_prelink 0
%endif
-%if "%{?dev_wos}" == "1"
-%define tizen_feature_smack_disable 1
-%else
-%define tizen_feature_smack_disable 0
-%endif
-
%prep
%setup -q
sed -i 's|TZ_SYS_DB|%{TZ_SYS_DB}|g' %{SOURCE1001}
cp %{SOURCE1001} ./org.tizen.NUIGadgetViewer.manifest
%build
-%if 0%{?tizen_feature_smack_disable}
-_TIZEN_FEATURE_SMACK_DISABLE=ON
-%endif
-
%if 0%{?gcov:1}
export CFLAGS+=" -fprofile-arcs -ftest-coverage"
export CXXFLAGS+=" -fprofile-arcs -ftest-coverage"
-DMAJORVER=${MAJORVER} \
-DAMD_MODULES_DIR=%{_moddir} \
-D_TIZEN_FEATURE_PRELINK:BOOL=${_TIZEN_FEATURE_PRELINK} \
- -D_TIZEN_FEATURE_SMACK_DISABLE:BOOL=${_TIZEN_FEATURE_SMACK_DISABLE} \
.
%__make %{?_smp_mflags}
CAPI_SYSTEM_INFO_DEPS
CAPI_SYSTEM_RESOURCE_DEPS
CERT_SVC_VCORE_DEPS
+ CYNARA_CREDS_PID_DEPS
DLOG_DEPS
GIO_DEPS
GLIB_DEPS
#include <aul_sock.h>
#include <bundle.h>
#include <bundle_cpp.h>
+#include <cynara-creds-pid.h>
#include <errno.h>
#include <glib.h>
#include <limits.h>
return true;
}
-inline bool IsSmackDisabled()
-{
-#ifdef TIZEN_FEATURE_SMACK_DISABLE
- return true;
-#else
- return false;
-#endif /* TIZEN_FEATURE_SMACK_DISABLE */
-}
-
int VerifyAppProcess(pid_t pid, const std::string& pkgid) {
if (pkgid.empty())
return -1;
- if (IsSmackDisabled())
- return 0;
-
- char attr[PATH_MAX] = { 0, };
- if (aul_proc_get_attr(pid, attr, sizeof(attr)) < 0)
+ char* attr = nullptr;
+ int ret = cynara_creds_pid_get_client(pid, CLIENT_METHOD_DEFAULT, &attr);
+ if (ret != CYNARA_API_SUCCESS || attr == nullptr)
return -1;
+ std::unique_ptr<char, decltype(free)*> attr_auto(attr, free);
std::string smack_label = "User::Pkg::" + pkgid;
+ /*
+ TODO: In smack disable case, it always returns default
+ label("User::Pkg::default_app_no_Smack_mode").
+ So, we need to check whether the package id of the process is matched with pkgid.
+ */
if (smack_label == attr)
return 0;
AUL_DEPS
AUL_SERVER_DEPS
BUNDLE_DEPS
+ CYNARA_CREDS_PID_DEPS
DLOG_DEPS
GIO_DEPS
GLIB_DEPS
#include <bundle.h>
#include <bundle_internal.h>
#include <ctype.h>
+#include <cynara-creds-pid.h>
#include <glib.h>
#include <pkgmgr-info.h>
#include <stdio.h>
return ret;
}
-static int __is_smack_disabled(void)
-{
-#ifdef TIZEN_FEATURE_SMACK_DISABLE
- return true;
-#else
- return false;
-#endif /* TIZEN_FEATURE_SMACK_DISABLE */
-}
-
static int __validate_widget_caller(amd_request_h req)
{
bundle *kb = amd_request_get_bundle(req);
amd_app_status_h caller_status;
const char *caller_pkgid;
pid_t caller_pid = amd_request_get_pid(req);
- char attr[512] = { 0, };
+ char *attr = NULL;
int r;
if (amd_request_get_uid(req) < REGULAR_UID_MIN) {
caller_status = amd_app_status_find_by_effective_pid(caller_pid);
if (!caller_status) {
- if (__is_smack_disabled())
- return 0;
-
- r = aul_proc_get_attr(caller_pid, attr, sizeof(attr));
- if (r != 0) {
+ /*
+ TODO: In smack disable case, it always returns default
+ label("User::Pkg::default_app_no_Smack_mode").
+ We must check whether caller is app or not.
+ */
+ r = cynara_creds_pid_get_client(caller_pid, CLIENT_METHOD_DEFAULT, &attr);
+ if (r != CYNARA_API_SUCCESS || attr == NULL) {
LOGE("Failed to get attr. caller(%d)", caller_pid);
return -1;
}
- if (!strcmp(attr, "User"))
+ int cmp = strcmp(attr, "User");
+ free(attr);
+
+ if (cmp == 0)
return 0;
LOGE("Reject request. caller(%d)", caller_pid);
projects / platform / core / appfw / amd.git / commitdiff