Revert "change umask value to 022 from 000 because of security reason"

This reverts commit f17729d36596c1bb347a3ade5d86f6d05bd931e3.

Change-Id: Id9368d876bf0c3cfe068d7e4567dff8b4bec135b

diff --git a/src/file_sync_service.c b/src/file_sync_service.c
index b0a0f07f1f8b3f867053f18470113781f47ffaf5..5fc6642db83c8a7896f1168cd023c9049f29f567 100644 (file)
--- a/src/file_sync_service.c
+++ b/src/file_sync_service.c
@@ -14,7 +14,6 @@
  * limitations under the License.
  */
 
-#include <limits.h>
 #include <stdlib.h>
 #include <stdio.h>
 #include <string.h>
@@ -59,8 +58,6 @@ struct sync_permit_rule sdk_sync_permit_rule[] = {
  */
 #define DIR_PERMISSION 0777
 
-static struct tzplatform_context* sdk_user_context = NULL;
-
 void init_sdk_sync_permit_rule_regx(void)
 {
     int ret;
@@ -337,62 +334,6 @@ static void sync_mediadb(char *path) {
     return;
 }
 
-static void deinit_sdk_user_context(void) {
-    if (sdk_user_context != NULL) {
-        tzplatform_context_destroy(sdk_user_context);
-        sdk_user_context = NULL;
-    }
-}
-
-// return 0 if success to initialize
-// return negative value otherwise
-static int init_sdk_user_context() {
-    if (sdk_user_context == NULL) {
-        int ret = tzplatform_context_create(&sdk_user_context);
-        if (ret < 0) {
-            D ("failed to create tzplatform context by error (%d)\n", ret);
-            return ret;
-        }
-
-        ret = tzplatform_context_set_user(sdk_user_context, g_sdk_user_id);
-        if (ret < 0) {
-            D ("failed to set user to sdk_user_context\n");
-            return ret;
-        }
-
-        atexit(deinit_sdk_user_context);
-    }
-
-    return 0;
-}
-
-// return 1 if given directory is writable by others
-// return 0 otherwise
-static int is_writable_by_others(char* path) {
-    int ret = 0;
-
-    if ( init_sdk_user_context() == 0 ) {
-        const char* content_path = tzplatform_context_getenv(sdk_user_context, TZ_USER_CONTENT);
-        char* abpath = realpath(path, NULL);
-        D ("tzplatform getenv : %s\n", content_path);
-
-        if (abpath != NULL) {
-            if (strncmp(abpath, content_path, strlen(content_path)) == 0) {
-                D("path (%s) is writable by others\n", path);
-                ret = 1;
-            }
-            free(abpath);
-        } else {
-            D("failed to get realpath of (%s)\n", path);
-        }
-    } else {
-        // do nothing
-        // no directory is writable by others
-    }
-
-    return ret;
-}
-
 static int handle_send_file(int s, int noti_fd, char *path, mode_t mode, char *buffer)
 {
     syncmsg msg;
@@ -554,8 +495,6 @@ static int do_send(int s, int noti_fd, char *path, char *buffer)
         return -1;
     }
 
-    D("send path (%s)\n", path);
-
     tmp = strrchr(path,',');
     if(tmp) {
         *tmp = 0;
@@ -566,6 +505,7 @@ static int do_send(int s, int noti_fd, char *path, char *buffer)
 #endif
         // extracts file permission from stat.mode. (ex 100644 & 0777 = 644);
         mode &= 0777; // combination of (S_IRWXU | S_IRWXG | S_IRWXO)
+        mode |= S_IWOTH; // SDK requirement from N_SE-43337
     }
     if(!tmp || errno) {
         mode = 0644; // set default permission value in most of unix system.
@@ -583,6 +523,7 @@ static int do_send(int s, int noti_fd, char *path, char *buffer)
     // sdb does not allow to check that file exists or not. After deleting old file and creating new file again unconditionally.
     sdb_unlink(path);
 
+
 #ifdef HAVE_SYMLINKS
     if(is_link)
         ret = handle_send_link(s, noti_fd, path, buffer);
@@ -598,13 +539,6 @@ static int do_send(int s, int noti_fd, char *path, char *buffer)
         //mode |= ((mode >> 3) & 0070);
         //mode |= ((mode >> 3) & 0007);
         ret = handle_send_file(s, noti_fd, path, mode, buffer);
-        if (is_writable_by_others(path)) {
-            mode_t realmode = mode & ~(SDBD_UMASK);
-            realmode |= S_IWOTH;
-            if (chmod(path, realmode) != 0) {
-                D ("failed to chmod of writable path by others\n");
-            }
-        }
     }
 
     return ret;

diff --git a/src/sdb.c b/src/sdb.c
index a30b3c41da5756e55e42efc6bc58083d4e86d771..22d279441869448bdbf7295dfd0f76df0863dc15 100644 (file)
--- a/src/sdb.c
+++ b/src/sdb.c
@@ -1084,6 +1084,9 @@ void start_device_log(void)
 
 int daemonize(void) {
 
+    // set file creation mask to 0
+    umask(0);
+
     switch (fork()) {
     case -1:
         return -1;
@@ -1092,11 +1095,6 @@ int daemonize(void) {
     default:
         _exit(0);
     }
-
-    // 2016-08-25 : modified umask to 022 from 000 because of security reason
-       // there is a problem that the file created by sdb shell command could be written by 'others'
-       umask(SDBD_UMASK);
-
 #ifdef SDB_PIDPATH
     FILE *f = fopen(SDB_PIDPATH, "w");
 
@@ -2202,6 +2200,8 @@ int sdb_main(int is_daemon, int server_port)
         D("sdbd should be launched in develop mode.\n");
         return -1;
     }
+
+    umask(000);
 #endif
 
     atexit(sdb_cleanup);

diff --git a/src/sdb.h b/src/sdb.h
index 36f28e1bdc62af081153090f34b55a2fc4bcc7de..c9a9e0c60fc25126db6e73f83fe1043f235425d9 100644 (file)
--- a/src/sdb.h
+++ b/src/sdb.h
@@ -47,8 +47,6 @@
 
 #define SDB_SERVER_VERSION 0        // Increment this when we want to force users to start a new sdb server
 
-#define SDBD_UMASK 0022        // default file creation mask of sdbd
-
 typedef struct amessage amessage;
 typedef struct apacket apacket;
 typedef struct asocket asocket;