Change to use cynara api instead of direct access to check privilege

Change-Id: Iefc0bca70e6e891b0c9e27b2127366efbc80b738
Signed-off-by: SukhyungKang <shine.kang@samsung.com>

diff --git a/packaging/libwidget_viewer.spec b/packaging/libwidget_viewer.spec
index 151bb7eaa96e586cc94ce8abbbf8523601fbf52d..4bfca16e1f7c679e666e68117cc43f093ca38d08 100644 (file)
--- a/packaging/libwidget_viewer.spec
+++ b/packaging/libwidget_viewer.spec
@@ -35,6 +35,7 @@ BuildRequires: pkgconfig(wayland-client)
 BuildRequires: pkgconfig(libtbm)
 BuildRequires: pkgconfig(libtzplatform-config)
 BuildRequires: pkgconfig(cynara-client)
+BuildRequires: pkgconfig(cynara-creds-self)
 BuildRequires: pkgconfig(appsvc)
 BuildRequires: pkgconfig(ecore-wl2)
 BuildRequires: pkgconfig(wayland-tbm-client)

diff --git a/tests/unit_tests/CMakeLists.txt b/tests/unit_tests/CMakeLists.txt
index 8ddc0ff4c7158e646a9ef10e23682b82c90fbaa1..1e6d81eb09656278165d65bcb7c483dfb45e4950 100644 (file)
--- a/tests/unit_tests/CMakeLists.txt
+++ b/tests/unit_tests/CMakeLists.txt
@@ -21,6 +21,7 @@ PKG_CHECK_MODULES(${PROJECT_NAME}-unittests REQUIRED
     libtbm\r
     libtzplatform-config\r
     cynara-client\r
+    cynara-creds-self\r
     appsvc\r
     ecore-wl2\r
     wayland-tbm-client\r

diff --git a/widget_viewer_evas/CMakeLists.txt b/widget_viewer_evas/CMakeLists.txt
index e7cd95fecba1a08c4e2db4a785aa55b148cb518f..b228af269e981a8b853205f8ee1db66a557b07c8 100644 (file)
--- a/widget_viewer_evas/CMakeLists.txt
+++ b/widget_viewer_evas/CMakeLists.txt
@@ -22,6 +22,7 @@ pkg_check_modules(viewer_evas REQUIRED
        capi-appfw-application
        aul
        cynara-client
+       cynara-creds-self
        screen_connector_watcher_evas
 )
 

diff --git a/widget_viewer_evas/src/widget_viewer_evas.c b/widget_viewer_evas/src/widget_viewer_evas.c
index d59a9b6b952cacdc4282361783108fdc53c31f3c..5b711661e71ccf74450a9b8df3c8599d1e863b43 100644 (file)
--- a/widget_viewer_evas/src/widget_viewer_evas.c
+++ b/widget_viewer_evas/src/widget_viewer_evas.c
@@ -33,6 +33,7 @@
 #include <pkgmgr-info.h>
 #include <system_info.h>
 #include <cynara-client.h>
+#include <cynara-creds-self.h>
 #include <fcntl.h>
 
 #include <widget_errno.h>
@@ -383,12 +384,9 @@ static inline bool __is_widget_feature_enabled(void)
 #define SMACK_LABEL_LEN 255
 static int __check_privilege(const char *privilege)
 {
-       cynara *p_cynara;
-
-       int fd = 0;
+       cynara *p_cynara = NULL;
        int ret = 0;
-
-       char subject_label[SMACK_LABEL_LEN +1] = "";
+       char *cynara_client = NULL;
        char uid[10] = {0, };
        char *client_session = "";
 
@@ -396,23 +394,17 @@ static int __check_privilege(const char *privilege)
        if (ret != CYNARA_API_SUCCESS)
                return -1;
 
-       fd = open("/proc/self/attr/current", O_RDONLY);
-       if (fd < 0) {
-               ret = -1;
-               goto ERROR;
-       }
+       ret = cynara_creds_self_get_client(CLIENT_METHOD_DEFAULT, &cynara_client);
+       if (ret != CYNARA_API_SUCCESS) {
+               LOGD("failed to get cynara client : %d", ret);
 
-       ret = read(fd, subject_label, SMACK_LABEL_LEN);
-       if (ret < 0) {
-               LOGE("read is failed");/* LCOV_EXCL_LINE */
-               close(fd);/* LCOV_EXCL_LINE */
+               ret = -1;
                goto ERROR;
        }
-       close(fd);
 
        snprintf(uid, 10, "%d", getuid());
 
-       ret = cynara_check(p_cynara, subject_label, client_session, uid, privilege);
+       ret = cynara_check(p_cynara, cynara_client, client_session, uid, privilege);
        if (ret != CYNARA_API_ACCESS_ALLOWED) {
                ret = -1;
                goto ERROR;
@@ -423,6 +415,10 @@ static int __check_privilege(const char *privilege)
 ERROR:
        if (p_cynara)
                cynara_finish(p_cynara);
+
+       if (cynara_client)
+               free(cynara_client);
+
        return ret;
 }