#include <badge.h>
#include <badge_db.h>
+#include <security-server.h>
#include "service_common.h"
#include "debug.h"
double seq;
};
-struct noti_service {
+struct badge_service {
const char *cmd;
void (*handler)(struct tcb *tcb, struct packet *packet, void *data);
+ const char *rule;
+ const char *access;
};
/*!
}
}
+static int _is_valid_permission(int fd, struct badge_service *service)
+{
+ int ret;
+
+ if (service->rule != NULL && service->access != NULL) {
+ ret = security_server_check_privilege_by_sockfd(fd, service->rule, service->access);
+ if (ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED) {
+ ErrPrint("SMACK:Access denied\n");
+
+ return 0;
+ }
+ }
+
+ return 1;
+}
+
/*!
* SERVICE THREAD
*/
{
int i = 0;
const char *command;
- static struct noti_service service_req_table[] = {
+ static struct badge_service service_req_table[] = {
{
.cmd = "insert_badge",
.handler = _handler_insert_badge,
+ .rule = "data-provider-master::badge.client",
+ .access = "w",
},
{
.cmd = "delete_badge",
.handler = _handler_delete_badge,
+ .rule = "data-provider-master::badge.client",
+ .access = "w",
},
{
.cmd = "set_badge_count",
.handler = _handler_set_badge_count,
+ .rule = "data-provider-master::badge.client",
+ .access = "w",
},
{
.cmd = "set_disp_option",
.handler = _handler_set_display_option,
+ .rule = "data-provider-master::badge.client",
+ .access = "w",
},
{
.cmd = "service_register",
.handler = _handler_service_register,
+ .rule = NULL,
+ .access = NULL,
},
{
.cmd = NULL,
.handler = NULL,
+ .rule = NULL,
+ .access = NULL,
},
};
if (strcmp(service_req_table[i].cmd, command))
continue;
+ _is_valid_permission(tcb_fd(tcb), &(service_req_table[i]));
service_req_table[i].handler(tcb, packet, data);
break;
}
static int service_thread_main(struct tcb *tcb, struct packet *packet, void *data)
{
const char *command;
+ int ret;
if (!packet) {
DbgPrint("TCB: %p is terminated (NIL packet)\n", tcb);
switch (packet_type(packet)) {
case PACKET_REQ:
+
/* Need to send reply packet */
DbgPrint("%p REQ: Command: [%s]\n", tcb, command);
+ if (!strcmp(command, "add_livebox")) {
+ ret = security_server_check_privilege_by_sockfd(tcb_fd(tcb), "data-provider-master::shortcut.livebox", "w");
+ if (ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED) {
+ ErrPrint("SMACK:Access denied\n");
+ }
+ } else if (!strcmp(command, "add_shortcut")) {
+ ret = security_server_check_privilege_by_sockfd(tcb_fd(tcb), "data-provider-master::shortcut.shortcut", "w");
+ if (ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED) {
+ ErrPrint("SMACK:Access denied\n");
+ }
+ }
+
if (service_common_multicast_packet(tcb, packet, TCB_CLIENT_TYPE_SERVICE) < 0)
ErrPrint("Unable to send service request packet\n");
else