Revert "Modify modules that need root permission."

author Sangjin Kim <sangjin3.kim@samsung.com>

Tue, 31 May 2016 08:39:53 +0000 (01:39 -0700)

committer Sangjin Kim <sangjin3.kim@samsung.com>

Tue, 31 May 2016 08:40:51 +0000 (01:40 -0700)
author Sangjin Kim <sangjin3.kim@samsung.com>
Tue, 31 May 2016 08:39:53 +0000 (01:39 -0700)
committer Sangjin Kim <sangjin3.kim@samsung.com>
Tue, 31 May 2016 08:40:51 +0000 (01:40 -0700)
diff --git a/packaging/sdbd.spec b/packaging/sdbd.spec

index 6a3da0b7fae7210b19b7935bbca1e8acb62d83dc..7bde2d988e94b7b3d0f51580bc4d378071be8f34 100644 (file)
--- a/packaging/sdbd.spec
+++ b/packaging/sdbd.spec
@@ -2,7 +2,7 @@
  
  Name:       sdbd
  Summary:    SDB daemon
-Version:    3.0.12
+Version:    3.0.11
  Release:    0
  License:    Apache-2.0
  Summary:    SDB daemon
diff --git a/packaging/sdbd_device.service b/packaging/sdbd_device.service

index 5aaac68edcff91d51372e7f2260bb0353cb4cee9..4fe803f942bbf0f4e67ea932f6eb050aeac809f0 100644 (file)
--- a/packaging/sdbd_device.service
+++ b/packaging/sdbd_device.service
@@ -4,8 +4,6 @@ Requires=tizen-system-env.service
  After=tmp.mount
  
  [Service]
-User=sdk
-Group=sdk
  Type=forking
  EnvironmentFile=-/run/tizen-system-env
  PIDFile=/tmp/.sdbd.pid
diff --git a/packaging/sdbd_emulator.service b/packaging/sdbd_emulator.service

index 995d5463ffe122bb6bd18158a6b75026c217a0af..3db25cf3659cb745540baaa745933260626c25cf 100644 (file)
--- a/packaging/sdbd_emulator.service
+++ b/packaging/sdbd_emulator.service
@@ -5,8 +5,6 @@ After=tmp.mount dbus.service
  #DefaultDependencies=false
  
  [Service]
-User=sdk
-Group=sdk
  Type=forking
  Environment=DISPLAY=:0
  PIDFile=/tmp/.sdbd.pid
diff --git a/src/file_sync_service.c b/src/file_sync_service.c

index c15ae1011bc6b2d18aa0de9bce36529cf4438659..5fc6642db83c8a7896f1168cd023c9049f29f567 100644 (file)
--- a/src/file_sync_service.c
+++ b/src/file_sync_service.c
@@ -39,11 +39,42 @@
  
  #define SYNC_TIMEOUT 15
  
+struct sync_permit_rule
+{
+    const char *name;
+    char *regx;
+    int mode; // 0:push, 1: pull, 2: push&push
+};
+
+struct sync_permit_rule sdk_sync_permit_rule[] = {
+    /* 0 */ {"unitest", "", 1},
+    /* 1 */ {"codecoverage", "", 1},
+    /* 2 */ {"da", "", 1},
+    /* end */ {NULL, NULL, 0}
+};
+
  /* The typical default value for the umask is S_IWGRP | S_IWOTH (octal 022).
   * Before use the DIR_PERMISSION, the process umask value should be set 0 using umask().
   */
  #define DIR_PERMISSION 0777
  
+void init_sdk_sync_permit_rule_regx(void)
+{
+    int ret;
+    ret = asprintf(&sdk_sync_permit_rule[0].regx, "^((/tmp)|(%s)|(%s))/[a-zA-Z0-9]{10}/data/[a-zA-Z0-9_\\-]{1,50}\\.xml$", APP_INSTALL_PATH_PREFIX1, APP_INSTALL_PATH_PREFIX2);
+    if(ret < 0) {
+        D("failed to run asprintf for unittest\n");
+    }
+    ret = asprintf(&sdk_sync_permit_rule[1].regx, "^((/tmp)|(%s)|(%s))/[a-zA-Z0-9]{10}/data/+(.)*\\.gcda$", APP_INSTALL_PATH_PREFIX1, APP_INSTALL_PATH_PREFIX2);
+    if (ret < 0) {
+        D("failed to run asprintf for codecoverage\n");
+    }
+    ret = asprintf(&sdk_sync_permit_rule[2].regx, "^(/tmp/da/)*+[a-zA-Z0-9_\\-\\.]{1,50}\\.png$");
+    if (ret < 0) {
+        D("failed to run asprintf for da\n");
+    }
+}
+
  static void set_syncfile_smack_label(char *src) {
      char *label_transmuted = NULL;
      char *label = NULL;
@@ -558,6 +589,37 @@ static int do_recv(int s, const char *path, char *buffer)
      return 0;
  }
  
+static int verify_sync_rule(const char* path) {
+    regex_t regex;
+    int ret;
+    char buf[PATH_MAX];
+    int i=0;
+
+    init_sdk_sync_permit_rule_regx();
+    for (i=0; sdk_sync_permit_rule[i].regx != NULL; i++) {
+        ret = regcomp(&regex, sdk_sync_permit_rule[i].regx, REG_EXTENDED);
+        if(ret){
+            return 0;
+        }
+        // execute regular expression
+        ret = regexec(&regex, path, 0, NULL, 0);
+        if(!ret){
+            regfree(&regex);
+            D("found matched rule(%s) from %s path\n", sdk_sync_permit_rule[i].name, path);
+            return 1;
+        } else if( ret == REG_NOMATCH ){
+            // do nothin
+        } else{
+            regerror(ret, &regex, buf, sizeof(buf));
+            D("regex match failed(%s): %s\n",sdk_sync_permit_rule[i].name, buf);
+        }
+    }
+    regfree(&regex);
+    for (i=0; sdk_sync_permit_rule[i].regx != NULL; i++){
+       free(sdk_sync_permit_rule[i].regx);
+    }
+    return 0;
+}
  
  void file_sync_service(int fd, void *cookie)
  {
@@ -622,7 +684,7 @@ void file_sync_service(int fd, void *cookie)
  
              D("sync: '%s' '%s'\n", (char*) &msg.req, name);
  
-            if (should_drop_privileges()) {
+            if (should_drop_privileges() && !verify_sync_rule(name)) {
                  set_sdk_user_privileges();
              }
author	Sangjin Kim <sangjin3.kim@samsung.com>
	Tue, 31 May 2016 08:39:53 +0000 (01:39 -0700)
committer	Sangjin Kim <sangjin3.kim@samsung.com>
	Tue, 31 May 2016 08:40:51 +0000 (01:40 -0700)
packaging/sdbd.spec		patch \| blob \| history
packaging/sdbd_device.service		patch \| blob \| history
packaging/sdbd_emulator.service		patch \| blob \| history
src/file_sync_service.c		patch \| blob \| history