common : check SMACK label before running D-Bus signal handler

- To block malicious request
  - e.g. Send freezer signal for the app being in foreground
- In addition, modify the privilege for ProcSweep
  - Wearable home app has the code about sending this signal
  - Although it doesn't send currently, but if it send someday,
    we have to control with setting platform privilege

Change-Id: I7f260db24df31679514f00dbeb080e00979f42f9
Signed-off-by: Kichan Kwon <k_c.kwon@samsung.com>

diff --git a/resourced.conf b/resourced.conf
index 1ffd4de546f80e315d4eaf30dcfc71b5d15e813f..9dea8498ed56df7d55a7c667c58706ee050659f6 100644 (file)
--- a/resourced.conf
+++ b/resourced.conf
@@ -28,7 +28,7 @@
        <check send_destination="org.tizen.resourced"
                send_interface="org.tizen.resourced.process"
                send_member="ProcSweep"
-               privilege="http://tizen.org/privilege/systemmonitor"/>
+               privilege="http://tizen.org/privilege/systemsettings.admin"/>
        <check send_destination="org.tizen.resourced"
                send_interface="org.tizen.resourced.process"
                send_member="ProcWatchdog"

diff --git a/src/common/dbus-handler.c b/src/common/dbus-handler.c
index bcdfc27c70c5a75c4fba8d80b66b7ae569413a41..354406da7a97bdf71579f04e253c4487934455a2 100644 (file)
--- a/src/common/dbus-handler.c
+++ b/src/common/dbus-handler.c
@@ -34,6 +34,7 @@
 #include "resourced.h"
 #include "util.h"
 #include "fd-handler.h"
+#include "procfs.h"
 
 #define D_BUS_INIT_RETRY_COUNT 5
 
@@ -107,6 +108,38 @@ static void d_bus_method_handler(GDBusConnection *connection,
 
 static const GDBusInterfaceVTable vtable = { d_bus_method_handler, NULL, NULL };
 
+static gboolean d_bus_is_privileged(const gchar *name)
+{
+       int ret;
+       pid_t pid;
+       GVariant *reply;
+       char label[PROC_NAME_MAX];
+
+       reply = g_dbus_connection_call_sync(d_bus_get_connection(),
+                       "org.freedesktop.DBus", "/org/freedesktop/DBus",
+                       "org.freedesktop.DBus", "GetConnectionUnixProcessID",
+                       g_variant_new("(s)", name), NULL, G_DBUS_CALL_FLAGS_NONE,
+                       -1, NULL, NULL);
+
+       if (!reply) {
+               _E("Failed to get the PID of sender %s", name);
+               return FALSE;
+       }
+
+       g_variant_get(reply, "(u)", &pid);
+
+       ret = proc_get_label(pid, label);
+       if (ret < 0) {
+               _E("Failed to get SMACK label for PID %u (%d)", pid, ret);
+               return FALSE;
+       }
+
+       if (!strncmp(label, "System", 7) || !strncmp(label, "System::Privileged", 19))
+               return TRUE;
+
+       return FALSE;
+}
+
 static void d_bus_signal_handler(GDBusConnection *connection,
                const gchar *sender, const gchar *object_path,
                const gchar *interface_name, const gchar *signal_name,
@@ -116,6 +149,11 @@ static void d_bus_signal_handler(GDBusConnection *connection,
        if (!signal || !signal->callback)
                return;
 
+       if (!d_bus_is_privileged(sender)) {
+               _E("This sender doesn't have privilege to run %s", signal_name);
+               return;
+       }
+
        signal->callback(parameters);
 }