shared: Replace syscommon_proc_is_app() with security-manager API

Instead of syscommon_proc_is_app() which had been accessing smack node
'/proc/<pid>/attr/current' directly, use security-manager API instead.
It is especially important where smack is not support. The
security-manager API can handle such case in contrast to accessing
the smack node directly.

Change-Id: I2c3ae99bf7c0ec265d89ecf2a842c42d3903544a
Signed-off-by: Youngjae Cho <y0.cho@samsung.com>

diff --git a/packaging/deviced.spec b/packaging/deviced.spec
index 86258fcba2f27225c7a8ec01ea88f63b068fa769..b69d32dc84315fa3a1b9b5a05e2c6650b7de3216 100644 (file)
--- a/packaging/deviced.spec
+++ b/packaging/deviced.spec
@@ -47,6 +47,7 @@ BuildRequires:  pkgconfig(argos_watchdog)
 BuildRequires:  pkgconfig(cmocka)
 BuildRequires:  pkgconfig(gtest)
 BuildRequires:  pkgconfig(gmock)
+BuildRequires:  pkgconfig(security-manager)
 
 Requires: %{name}-tools = %{version}-%{release}
 %{?systemd_requires}

diff --git a/src/display/display-lock.c b/src/display/display-lock.c
index 824376eeadffdae460961d7d0b7d2e632206a0fb..fd6090ac8bceb74734de49179a817549fc03649e 100644 (file)
--- a/src/display/display-lock.c
+++ b/src/display/display-lock.c
@@ -391,7 +391,7 @@ static gboolean lock_watchdog_callback(void *data)
                return G_SOURCE_REMOVE;
        }
 
-       if (!syscommon_proc_is_app(dl->pid)) {
+       if (!deviced_apps_check_is_app(dl->pid)) {
                /* For daemon, no need to ask resourced if it is abnormal lock */
                // TODO: is it correct?
                broadcast_lock_watchdog_expired(dl->pid, dl->state, NULL, dl->time);

diff --git a/src/shared/CMakeLists.txt b/src/shared/CMakeLists.txt
index 44ad94008600030a3bf771cd30befb316b3a0758..5d7d3b769c0a38c84a2227ec479891567882eb40 100644 (file)
--- a/src/shared/CMakeLists.txt
+++ b/src/shared/CMakeLists.txt
@@ -4,7 +4,8 @@ PKG_CHECK_MODULES(SHARED_REQUIRED_PKGS REQUIRED
        dlog
        bundle
        capi-system-info
-       eventsystem)
+       eventsystem
+       security-manager)
 
 FILE(GLOB SHARED_SRCS "*.c")
 ADD_LIBRARY(deviced-common-private SHARED ${SHARED_SRCS})

diff --git a/src/shared/apps.c b/src/shared/apps.c
index fb6df4ffe4b35e6bf86377e9e5189ad456d67fc8..8f11e6aa1e3a87f9d0d86a530374cb1fe3ba9cd7 100644 (file)
--- a/src/shared/apps.c
+++ b/src/shared/apps.c
@@ -17,6 +17,7 @@
  */
 
 #include <stdarg.h>
+#include <security-manager/app-runtime.h>
 #include <libsyscommon/libgdbus.h>
 #include <libsyscommon/bitmap.h>
 #include <system/syscommon-plugin-deviced-common-interface.h>
@@ -194,6 +195,18 @@ void set_app_state(pid_t pid, enum application_state as)
                _E("Invalid as=%d", as);
 }
 
+int deviced_apps_check_is_app(pid_t pid)
+{
+       bool is_app = false;
+       int ret;
+
+       ret = security_manager_is_app_from_pid(pid, &is_app);
+       if (ret != SECURITY_MANAGER_SUCCESS)
+               return -1;
+
+       return is_app;
+}
+
 static void __CONSTRUCTOR__ initialize(void)
 {
        init_bm_background();

diff --git a/src/shared/apps.h b/src/shared/apps.h
index 92f753ef314778db1b8d8ec8d54f4a9a661e630c..8becaf1180c5247683be651c1fcb9b6135b2b744 100644 (file)
--- a/src/shared/apps.h
+++ b/src/shared/apps.h
@@ -44,5 +44,6 @@ int add_async_notification(char *type, dbus_pending_cb func, GVariant *param);
 int remove_notification(char *type, int id);
 void set_app_state(pid_t pid, enum application_state as);
 bool is_app_background (pid_t pid);
+int deviced_apps_check_is_app(pid_t pid);
 #endif /* __APPS_H__ */
 

diff --git a/src/tzip/tzip.c b/src/tzip/tzip.c
index 5035280edcc3e1ec136b35fc0d2b494d9224da7b..818fa8bcd81df8ddabd6686d4cc48dd354bb48a4 100644 (file)
--- a/src/tzip/tzip.c
+++ b/src/tzip/tzip.c
@@ -42,6 +42,7 @@
 #include "shared/devices.h"
 #include "shared/device-notifier.h"
 #include "shared/common.h"
+#include "shared/apps.h"
 #include "tzip-utility.h"
 
 #define PACKAGE_UNPACK_PATH            "/opt/usr/share/package-unpacked"
@@ -913,7 +914,7 @@ static GVariant *dbus_request_mount_tzip_internal(GDBusConnection *conn, const g
        }
 
        pid = gdbus_connection_get_sender_pid(conn, sender);
-       if (syscommon_proc_is_app(pid) != 0) {
+       if (deviced_apps_check_is_app(pid) != 0) {
                _E("PID(%d) is not privileged to use tzip.", pid);
                ret = -EPERM;
                goto out;
@@ -998,7 +999,7 @@ static GVariant *dbus_request_unmount_tzip_internal(GDBusConnection *conn, const
        }
 
        pid = gdbus_connection_get_sender_pid(conn, sender);
-       if (syscommon_proc_is_app(pid) != 0) {
+       if (deviced_apps_check_is_app(pid) != 0) {
                _E("PID(%d) is not privileged to use tzip.", pid);
                ret = -EPERM;
                goto out;

diff --git a/tests/deviced-common-private-test/CMakeLists.txt b/tests/deviced-common-private-test/CMakeLists.txt
index 535c231fb901c531ff753bb04a7284aa065a68c9..fe497541b24ea3b066831629a3b9ba4b1c98a2a8 100644 (file)
--- a/tests/deviced-common-private-test/CMakeLists.txt
+++ b/tests/deviced-common-private-test/CMakeLists.txt
@@ -10,7 +10,8 @@ PKG_CHECK_MODULES(ORIG_REQUIRED_PKGS REQUIRED
        libsyscommon
        bundle
        capi-system-info
-       eventsystem)
+       eventsystem
+       security-manager)
 
 SET(WRAP_FLAGS "-Wl,--wrap=dlopen")
 SET(WRAP_FLAGS "${WRAP_FLAGS} -Wl,--wrap=access")