Adopt cynara api to check privilege

Change-Id: If6be9d37967c4e12882865f8e4ed8d1b7f09c943
Signed-off-by: sungwook79.park <sungwook79.park@samsung.com>

diff --git a/CMakeLists.txt b/CMakeLists.txt
index c525efcd9371869fb5c634a59f4765c195984009..deec380b6bc3fd2e45bfc49f30b7a2a22df5a3bd 100644 (file)
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -47,7 +47,7 @@ INCLUDE_DIRECTORIES("${CMAKE_SOURCE_DIR}/include")
 INCLUDE(FindPkgConfig)
 pkg_check_modules(pkgs REQUIRED
     aul buxton2 capi-appfw-app-control capi-appfw-app-manager capi-base-common capi-media-audio-io capi-media-sound-manager ecore-wl2
-    capi-system-info cynara-client cynara-session db-util dlog ecore glib-2.0 json-glib-1.0 libgum libtzplatform-config libxml-2.0 sqlite3 vconf gmock bundle rpc-port
+    capi-system-info cynara-client cynara-session cynara-creds-self db-util dlog ecore glib-2.0 json-glib-1.0 libgum libtzplatform-config libxml-2.0 sqlite3 vconf gmock bundle rpc-port
 )
 
 

diff --git a/client/vc.c b/client/vc.c
index 75300694be8067453d24b5acff667335fed2149a..1a7796c9fa19799df9e200e18ee8555b31ebca92 100644 (file)
--- a/client/vc.c
+++ b/client/vc.c
@@ -19,6 +19,7 @@
 #include <cynara-client.h>
 #include <cynara-error.h>
 #include <cynara-session.h>
+#include <cynara-creds-self.h>
 #include <Ecore_Wl2.h>
 #include <stdlib.h>
 #include <stdio.h>
@@ -112,30 +113,31 @@ static int __check_privilege_initialize()
 
 static int __check_privilege(const char* uid, const char * privilege)
 {
-       FILE *fp = NULL;
-       char label_path[1024] = "/proc/self/attr/current";
-       char smack_label[1024] = {'\0',};
+       char *client_identification = NULL;
+       char *session = NULL;
+       int ret;
 
        if (!p_cynara) {
-               return false;   //LCOV_EXCL_LINE
+               return false;
        }
 
-       fp = fopen(label_path, "r");
-       if (fp != NULL) {
-               if (0 >= fread(smack_label, 1, sizeof(smack_label), fp))
-                       SLOG(LOG_ERROR, TAG_VCC, "[ERROR] fail to fread"); //LCOV_EXCL_LINE
-
-               fclose(fp);
+       if (cynara_creds_self_get_client(CLIENT_METHOD_DEFAULT, &client_identification) != CYNARA_API_SUCCESS) {
+               SLOG(LOG_ERROR, TAG_VCC, "Failed to get client.");
+               return false;
        }
 
-       pid_t pid = getpid();
-       char *session = cynara_session_from_pid(pid);
-       int ret = cynara_check(p_cynara, smack_label, session, uid, privilege);
-       SLOG(LOG_DEBUG, TAG_VCC, "[Client]cynara_check returned %d(%s)", ret, (CYNARA_API_ACCESS_ALLOWED == ret) ? "Allowed" : "Denied");
-       FREE(session);
+       session = cynara_session_from_pid(getpid());
+       ret = cynara_check(p_cynara, client_identification, session, uid, privilege);
 
-       if (ret != CYNARA_API_ACCESS_ALLOWED)
-               return false;   //LCOV_EXCL_LINE
+       free(session);
+       session = NULL;
+       free(client_identification);
+       client_identification = NULL;
+
+       if (ret != CYNARA_API_ACCESS_ALLOWED) {
+               SLOG(LOG_DEBUG, TAG_VCC, "[Client]cynara_check returned %d(Denied)", ret);
+               return false;
+       }
        return true;
 }
 

diff --git a/client/vc_mgr.c b/client/vc_mgr.c
index 0d6659eaee730ca941088a25155a20afabb2bc5e..2afe109942ac7e870b59e54f3080bd81268b5d39 100644 (file)
--- a/client/vc_mgr.c
+++ b/client/vc_mgr.c
@@ -19,6 +19,7 @@
 #include <cynara-client.h>
 #include <cynara-error.h>
 #include <cynara-session.h>
+#include <cynara-creds-self.h>
 #include <pthread.h>
 #include <math.h>
 
@@ -155,34 +156,31 @@ static int __check_privilege_initialize()
 
 static int __check_privilege(const char* uid, const char * privilege)
 {
-       FILE *fp = NULL;
-       char label_path[1024] = "/proc/self/attr/current";
-       char smack_label[1024] = {'\0',};
+       char *client_identification = NULL;
+       char *session = NULL;
+       int ret;
 
        if (!p_cynara) {
-               SLOG(LOG_ERROR, TAG_VCM, "[ERROR] p_cynara is NULL");
                return false;
        }
 
-       fp = fopen(label_path, "r");
-       if (fp != NULL) {
-               if (fread(smack_label, 1, sizeof(smack_label), fp) <= 0)
-                       SLOG(LOG_ERROR, TAG_VCM, "[ERROR] fail to fread");
-
-               fclose(fp);
+       if (cynara_creds_self_get_client(CLIENT_METHOD_DEFAULT, &client_identification) != CYNARA_API_SUCCESS) {
+               SLOG(LOG_ERROR, TAG_VCM, "Failed to get client.");
+               return false;
        }
 
-       pid_t pid = getpid();
-       char *session = cynara_session_from_pid(pid);
-       int ret = cynara_check(p_cynara, smack_label, session, uid, privilege);
+       session = cynara_session_from_pid(getpid());
+       ret = cynara_check(p_cynara, client_identification, session, uid, privilege);
+
        free(session);
        session = NULL;
+       free(client_identification);
+       client_identification = NULL;
 
        if (ret != CYNARA_API_ACCESS_ALLOWED) {
-               SLOG(LOG_INFO, TAG_VCM, "[Client]cynara_check returned %d(Denied), p_cynara(%p), label(%s), session(%s), uid(%s), priv(%s)", ret, p_cynara, smack_label, session, uid, privilege);
+               SLOG(LOG_DEBUG, TAG_VCM, "[Client]cynara_check returned %d(Denied)", ret);
                return false;
        }
-
        return true;
 }
 

diff --git a/common/vc_command.c b/common/vc_command.c
index 1a13a6a194ea062460a613b1bdcc402ed6ff07b6..0dd1cd6b8fc31e607b321951287ee939c34af05a 100644 (file)
--- a/common/vc_command.c
+++ b/common/vc_command.c
@@ -19,6 +19,7 @@
 #include <cynara-client.h>
 #include <cynara-error.h>
 #include <cynara-session.h>
+#include <cynara-creds-self.h>
 #include <libintl.h>
 #include <stdlib.h>
 #include <system_info.h>
@@ -109,31 +110,31 @@ static int __check_privilege_initialize()
 
 static int __check_privilege(const char* uid, const char * privilege)
 {
-       FILE *fp = NULL;
-       char label_path[1024] = "/proc/self/attr/current";
-       char smack_label[1024] = {'\0',};
+       char *client_identification = NULL;
+       char *session = NULL;
+       int ret;
 
        if (!p_cynara) {
                return false;
        }
 
-       fp = fopen(label_path, "r");
-       if (fp != NULL) {
-               if (0 >= fread(smack_label, 1, sizeof(smack_label), fp))
-                       SLOG(LOG_ERROR, TAG_VCCMD, "[ERROR] fail to fread");
-
-               fclose(fp);
+       if (cynara_creds_self_get_client(CLIENT_METHOD_DEFAULT, &client_identification) != CYNARA_API_SUCCESS) {
+               SLOG(LOG_ERROR, TAG_VCCMD, "Failed to get client.");
+               return false;
        }
 
-       pid_t pid = getpid();
-       char *session = cynara_session_from_pid(pid);
-       int ret = cynara_check(p_cynara, smack_label, session, uid, privilege);
-       SLOG(LOG_DEBUG, TAG_VCCMD, "[Client]cynara_check returned %d(%s)", ret, (CYNARA_API_ACCESS_ALLOWED == ret) ? "Allowed" : "Denied");
-       if (session)
-               free(session);
+       session = cynara_session_from_pid(getpid());
+       ret = cynara_check(p_cynara, client_identification, session, uid, privilege);
 
-       if (ret != CYNARA_API_ACCESS_ALLOWED)
+       free(session);
+       session = NULL;
+       free(client_identification);
+       client_identification = NULL;
+
+       if (ret != CYNARA_API_ACCESS_ALLOWED) {
+               SLOG(LOG_DEBUG, TAG_VCCMD, "[Client]cynara_check returned %d(Denied)", ret);
                return false;
+       }
        return true;
 }
 

diff --git a/packaging/voice-control.spec b/packaging/voice-control.spec
index 9f190e654b61c77f1ba8151971742f97dd6fab91..7ec56890a155e020cb08b4f3cc6f4ef82ebac23a 100644 (file)
--- a/packaging/voice-control.spec
+++ b/packaging/voice-control.spec
@@ -20,6 +20,7 @@ BuildRequires:  pkgconfig(capi-media-sound-manager)
 BuildRequires:  pkgconfig(capi-system-info)
 BuildRequires:  pkgconfig(cynara-client)
 BuildRequires:  pkgconfig(cynara-session)
+BuildRequires:  pkgconfig(cynara-creds-self)
 BuildRequires:  pkgconfig(db-util)
 BuildRequires:  pkgconfig(dlog)
 BuildRequires:  pkgconfig(ecore)

diff --git a/server/vce.c b/server/vce.c
index 4ce0c9eba5dfc0b8b7057c5773544113de5b8a1a..d8b73d24cf6ebf01bc1f82517a2f6716601139d3 100644 (file)
--- a/server/vce.c
+++ b/server/vce.c
@@ -18,6 +18,7 @@
 #include <cynara-client.h>
 #include <cynara-error.h>
 #include <cynara-session.h>
+#include <cynara-creds-self.h>
 #include <system_info.h>
 #include "vcd_tidl.h"
 #include "vcd_main.h"
@@ -72,31 +73,31 @@ static int __check_privilege_initialize()
 
 static int __check_privilege(const char* uid, const char * privilege)
 {
-       FILE *fp = NULL;
-       char label_path[1024] = "/proc/self/attr/current";
-       char smack_label[1024] = {'\0',};
+       char *client_identification = NULL;
+       char *session = NULL;
+       int ret;
 
        if (!p_cynara) {
                return false;
        }
 
-       fp = fopen(label_path, "r");
-       if (fp != NULL) {
-               if (0 >= fread(smack_label, 1, sizeof(smack_label), fp))
-                       SLOG(LOG_ERROR, TAG_VCD, "[ERROR] fail to fread");
-
-               fclose(fp);
+       if (cynara_creds_self_get_client(CLIENT_METHOD_DEFAULT, &client_identification) != CYNARA_API_SUCCESS) {
+               SLOG(LOG_ERROR, TAG_VCD, "Failed to get client.");
+               return false;
        }
 
-       pid_t pid = getpid();
-       char *session = cynara_session_from_pid(pid);
-       int ret = cynara_check(p_cynara, smack_label, session, uid, privilege);
-       SLOG(LOG_INFO, TAG_VCD, "[Client]cynara_check returned %d(%s)", ret, (CYNARA_API_ACCESS_ALLOWED == ret) ? "Allowed" : "Denied");
-       if (session)
-               free(session);
+       session = cynara_session_from_pid(getpid());
+       ret = cynara_check(p_cynara, client_identification, session, uid, privilege);
 
-       if (ret != CYNARA_API_ACCESS_ALLOWED)
+       free(session);
+       session = NULL;
+       free(client_identification);
+       client_identification = NULL;
+
+       if (ret != CYNARA_API_ACCESS_ALLOWED) {
+               SLOG(LOG_DEBUG, TAG_VCD, "[Client]cynara_check returned %d(Denied)", ret);
                return false;
+       }
        return true;
 }
 

diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt
index b2e4c8be0eb784f0595d318172aebc1d77dedbdc..ad077d7b76371c0a50fcfdc5dc7d3cb9f16f16f9 100644 (file)
--- a/tests/CMakeLists.txt
+++ b/tests/CMakeLists.txt
@@ -41,6 +41,7 @@ SET_TARGET_PROPERTIES(${UNITTEST_VC} PROPERTIES
 --wrap=cynara_initialize,\
 --wrap=cynara_finish,\
 --wrap=cynara_session_from_pid,\
+--wrap=cynara_creds_self_get_client,\
 --wrap=cynara_check")
 
 INSTALL(FILES ${CMAKE_SOURCE_DIR}/tests/${PKGNAME}.xml DESTINATION ${TZ_SYS_RO_PACKAGES})

diff --git a/tests/src/cynara_mock.cpp b/tests/src/cynara_mock.cpp
index ff6e88fe23fd50ae31bceb76b92db2665d8d4e16..7919314e9ff1cb7961337f87440c4f2b9791421d 100644 (file)
--- a/tests/src/cynara_mock.cpp
+++ b/tests/src/cynara_mock.cpp
@@ -32,3 +32,8 @@ EXPORT_API char *__wrap_cynara_session_from_pid(pid_t pid)
 {
     return strdup("session");
 }
+
+EXPORT_API int __wrap_cynara_creds_self_get_client(enum cynara_client_creds method, char **client)
+{
+    return 0;
+}
\ No newline at end of file

diff --git a/tests/src/cynara_mock.h b/tests/src/cynara_mock.h
index 1becb425d2d637ef29029c5902bf7e8a7e170778..ce9e7e169c013ecc35dc1c6c3ecdab4fc4103ad1 100644 (file)
--- a/tests/src/cynara_mock.h
+++ b/tests/src/cynara_mock.h
@@ -3,6 +3,7 @@
 
 #include <sys/types.h>
 #include <unistd.h>
+#include <cynara-creds-self.h>
 
 #ifdef __cplusplus
 extern "C" {
@@ -80,6 +81,7 @@ int __wrap_cynara_check(cynara* c, const char* client, const char* client_sessio
                         const char* privilege);
 
 char *__wrap_cynara_session_from_pid(pid_t pid);
+int __wrap_cynara_creds_self_get_client(enum cynara_client_creds method, char **client);
 
 #ifdef __cplusplus
 }