Improved privilege checking using alternative API

Change-Id: I125b7d2d5369a7cd1be38643664040027e1daf44

diff --git a/CMakeLists.txt b/CMakeLists.txt
index fc4f40e7aa78bb066eae5875376e233b87be01ad..e0f70822e651196fab8b8cf5abf7cd7920038e40 100755 (executable)
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -25,6 +25,7 @@ pkg_check_modules(pkgs REQUIRED
     libtzplatform-config
     cynara-client
     cynara-session
+    cynara-creds-self
     capi-appfw-app-common
     capi-appfw-package-manager
     sqlite3

diff --git a/client/sticker_consumer.c b/client/sticker_consumer.c
index cf3448d6d4f790e40f156f30b7f00f4fdc5dae80..9530c12c6c9871912bdf3e0ca22d049fc66c5023 100644 (file)
--- a/client/sticker_consumer.c
+++ b/client/sticker_consumer.c
@@ -21,6 +21,7 @@
 #include <cynara-client.h>
 #include <cynara-error.h>
 #include <cynara-session.h>
+#include <cynara-creds-self.h>
 
 #include "sticker_consumer.h"
 #include "sticker_consumer_main.h"
@@ -45,28 +46,30 @@ static int _cynara_initialize()
 static int _check_privilege(const char *uid, const char *privilege)
 {
     int ret;
-    FILE *fp = NULL;
-    char label_path[1024] = "/proc/self/attr/current";
-    char smack_label[1024] = {'\0',};
+    char *client_identification = NULL;
 
     if (!p_cynara) {
         return -1;
     }
 
-    fp = fopen(label_path, "r");
-    if (fp != NULL) {
-        ret = fread(smack_label, 1, sizeof(smack_label), fp);
-        if (ret <= 0)
-            LOGE("Failed to fread");
-
-        fclose(fp);
+    if (cynara_creds_self_get_client(CLIENT_METHOD_DEFAULT, &client_identification) != CYNARA_API_SUCCESS) {
+        LOGW("Failed to get client");
+        return -1;
     }
 
     pid_t pid = getpid();
     char *session = cynara_session_from_pid(pid);
-    ret = cynara_check(p_cynara, smack_label, session, uid, privilege);
-    if (session)
+    ret = cynara_check(p_cynara, client_identification, session, uid, privilege);
+
+    if (session) {
         free(session);
+        session = NULL;
+    }
+
+    if (client_identification) {
+        free(client_identification);
+        client_identification = NULL;
+    }
 
     if (ret != CYNARA_API_ACCESS_ALLOWED) {
         LOGE("Access denied. The result of cynara_check() : %d.", ret); //LCOV_EXCL_LINE
@@ -85,7 +88,7 @@ static void _cynara_deinitialize()
 }
 
 static int _sticker_check_privilege() {
-    char uid[16];
+    char uid[16] = {0,};
     int ret = STICKER_ERROR_NONE;
 
     if (_cynara_initialize() != CYNARA_API_SUCCESS)

diff --git a/packaging/capi-ui-sticker.spec b/packaging/capi-ui-sticker.spec
index 4094936bd49a41c3706fd685bed8fb69b3d1da88..1de3e15548e8080eafd8eb46f150d08b71e50f87 100644 (file)
--- a/packaging/capi-ui-sticker.spec
+++ b/packaging/capi-ui-sticker.spec
@@ -15,6 +15,7 @@ BuildRequires:  pkgconfig(capi-appfw-event)
 BuildRequires:  pkgconfig(capi-system-info)
 BuildRequires:  pkgconfig(cynara-client)
 BuildRequires:  pkgconfig(cynara-session)
+BuildRequires:  pkgconfig(cynara-creds-self)
 BuildRequires:  pkgconfig(dbus-1)
 BuildRequires:  pkgconfig(dlog)
 BuildRequires:  pkgconfig(gio-2.0)