Adopt cynara api to check privilege

Change-Id: Ic5a5dce9fc4bc4e3668331f05a617b60fd81ec66
Signed-off-by: sungwook79.park <sungwook79.park@samsung.com>

diff --git a/CMakeLists.txt b/CMakeLists.txt
index aa317cc593fd32b998de9aecc6ecc6e2df48d58c..3f595070eb9e10bccc0678f670da1cb77b865493 100644 (file)
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -39,12 +39,12 @@ INCLUDE_DIRECTORIES("${CMAKE_SOURCE_DIR}/include")
 INCLUDE(FindPkgConfig)
 IF("${_TV_PRODUCT}" STREQUAL "TRUE")
 pkg_check_modules(pkgs REQUIRED
-       aul capi-media-audio-io capi-media-wav-player capi-network-bluetooth capi-network-bluetooth-tv capi-system-info cynara-client cynara-session
+       aul capi-media-audio-io capi-media-wav-player capi-network-bluetooth capi-network-bluetooth-tv capi-system-info cynara-client cynara-session cynara-creds-self
        dbus-1 dlog ecore glib-2.0 libgum libtzplatform-config libxml-2.0 vconf vconf-internal-keys buxton2 gmock farfield-voice-api capi-appfw-app-manager
 )
 ELSE()
 pkg_check_modules(pkgs REQUIRED
-       aul capi-media-audio-io capi-media-wav-player capi-system-info cynara-client cynara-session
+       aul capi-media-audio-io capi-media-wav-player capi-system-info cynara-client cynara-session cynara-creds-self
        dbus-1 dlog ecore glib-2.0 libgum libtzplatform-config libxml-2.0 vconf vconf-internal-keys buxton2 gmock capi-appfw-app-manager
 )
 ENDIF()

diff --git a/client/stt.c b/client/stt.c
index f0384beb8ea430ec718daee0e3872bf7600c8af2..c9f016881680b3bc24bcbdd3893a01ce58d87d69 100644 (file)
--- a/client/stt.c
+++ b/client/stt.c
@@ -15,6 +15,7 @@
 #include <cynara-client.h>
 #include <cynara-error.h>
 #include <cynara-session.h>
+#include <cynara-creds-self.h>
 #include <dirent.h>
 #include <Ecore.h>
 #include <fcntl.h>
@@ -150,27 +151,26 @@ static int __check_privilege_initialize()
 
 static bool __check_privilege(const char* uid, const char * privilege)
 {
-       FILE *fp = NULL;
-       char label_path[1024] = "/proc/self/attr/current";
-       char smack_label[1024] = {'\0',};
+       char *client_identification = NULL;
+       char *session = NULL;
+       int ret;
 
        if (!p_cynara) {
                return false;
        }
 
-       fp = fopen(label_path, "r");
-       if (fp != NULL) {
-               if (0 >= fread(smack_label, 1, sizeof(smack_label), fp))
-                       SLOG(LOG_ERROR, TAG_STTC, "[ERROR] fail to fread"); //LCOV_EXCL_LINE
-
-               fclose(fp);
+       if (cynara_creds_self_get_client(CLIENT_METHOD_DEFAULT, &client_identification) != CYNARA_API_SUCCESS) {
+               SLOG(LOG_ERROR, TAG_STTC, "Failed to get client.");
+               return false;
        }
 
-       pid_t pid = getpid();
-       char *session = cynara_session_from_pid(pid);
-       int ret = cynara_check(p_cynara, smack_label, session, uid, privilege);
+       session = cynara_session_from_pid(getpid());
+       ret = cynara_check(p_cynara, client_identification, session, uid, privilege);
+
        free(session);
        session = NULL;
+       free(client_identification);
+       client_identification = NULL;
 
        if (ret != CYNARA_API_ACCESS_ALLOWED) {
                SLOG(LOG_DEBUG, TAG_STTC, "[Client]cynara_check returned %d(Denied)", ret);

diff --git a/packaging/stt.spec b/packaging/stt.spec
index ba071cbe10738be9c35b0b288aa0247102477959..65e2f9ef7b7d976acf0f29be473dcf2925f2a78d 100644 (file)
--- a/packaging/stt.spec
+++ b/packaging/stt.spec
@@ -20,6 +20,7 @@ BuildRequires:  pkgconfig(capi-media-wav-player)
 BuildRequires:  pkgconfig(capi-system-info)
 BuildRequires:  pkgconfig(cynara-client)
 BuildRequires:  pkgconfig(cynara-session)
+BuildRequires:  pkgconfig(cynara-creds-self)
 BuildRequires:  pkgconfig(dbus-1)
 BuildRequires:  pkgconfig(dlog)
 BuildRequires:  pkgconfig(ecore)

diff --git a/server/stte.c b/server/stte.c
index c2619c838756bd962a28ee156807a6686cd2a686..12e816ad2e5dbb356c4c465f8d5aad0475641bf5 100755 (executable)
--- a/server/stte.c
+++ b/server/stte.c
@@ -19,6 +19,7 @@
 #include <cynara-client.h>
 #include <cynara-error.h>
 #include <cynara-session.h>
+#include <cynara-creds-self.h>
 #include <pthread.h>
 
 #include "stt_engine.h"
@@ -79,30 +80,29 @@ static bool initialize_privilege_checker()
 
 static bool is_privilege_allowed(const char* uid, const char * privilege)
 {
-       FILE *fp = NULL;
-       char label_path[1024] = "/proc/self/attr/current";
-       char smack_label[1024] = {'\0',};
+       char *client_identification = NULL;
+       char *session = NULL;
+       int ret;
 
        if (!p_cynara) {
                return false;
        }
 
-       fp = fopen(label_path, "r");
-       if (fp != NULL) {
-               if (0 >= fread(smack_label, 1, sizeof(smack_label), fp))
-                       SLOG(LOG_ERROR, TAG_STTD, "[ERROR] fail to fread"); //LCOV_EXCL_LINE
-
-               fclose(fp);
-               fp = NULL;
+       if (cynara_creds_self_get_client(CLIENT_METHOD_DEFAULT, &client_identification) != CYNARA_API_SUCCESS) {
+               SLOG(LOG_ERROR, TAG_STTD, "Failed to get client.");
+               return false;
        }
 
-       pid_t pid = getpid();
-       char *session = cynara_session_from_pid(pid);
-       int ret = cynara_check(p_cynara, smack_label, session, uid, privilege);
+       session = cynara_session_from_pid(getpid());
+       ret = cynara_check(p_cynara, client_identification, session, uid, privilege);
+
        free(session);
+       session = NULL;
+       free(client_identification);
+       client_identification = NULL;
 
        if (ret != CYNARA_API_ACCESS_ALLOWED) {
-               SLOG(LOG_ERROR, TAG_STTD, "[Client]cynara_check returned %d(Denied)", ret);
+               SLOG(LOG_DEBUG, TAG_STTD, "[Client]cynara_check returned %d(Denied)", ret);
                return false;
        }
        return true;

diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt
index e3eebc13b88321bf2158f95dc00ee62401366088..9fb6aaca680b4462db14090d78ab0555aba4e5e4 100644 (file)
--- a/tests/CMakeLists.txt
+++ b/tests/CMakeLists.txt
@@ -41,6 +41,7 @@ SET_TARGET_PROPERTIES(${UNITTEST_STT} PROPERTIES
 --wrap=cynara_finish,\
 --wrap=cynara_session_from_pid,\
 --wrap=cynara_check,\
+--wrap=cynara_creds_self_get_client,\
 --wrap=calloc")
 
 INSTALL(FILES ${CMAKE_SOURCE_DIR}/tests/${PKGNAME}.xml DESTINATION ${TZ_SYS_RO_PACKAGES})

diff --git a/tests/src/cynara_mock.cpp b/tests/src/cynara_mock.cpp
index ff6e88fe23fd50ae31bceb76b92db2665d8d4e16..7919314e9ff1cb7961337f87440c4f2b9791421d 100644 (file)
--- a/tests/src/cynara_mock.cpp
+++ b/tests/src/cynara_mock.cpp
@@ -32,3 +32,8 @@ EXPORT_API char *__wrap_cynara_session_from_pid(pid_t pid)
 {
     return strdup("session");
 }
+
+EXPORT_API int __wrap_cynara_creds_self_get_client(enum cynara_client_creds method, char **client)
+{
+    return 0;
+}
\ No newline at end of file

diff --git a/tests/src/cynara_mock.h b/tests/src/cynara_mock.h
index 1becb425d2d637ef29029c5902bf7e8a7e170778..ce9e7e169c013ecc35dc1c6c3ecdab4fc4103ad1 100644 (file)
--- a/tests/src/cynara_mock.h
+++ b/tests/src/cynara_mock.h
@@ -3,6 +3,7 @@
 
 #include <sys/types.h>
 #include <unistd.h>
+#include <cynara-creds-self.h>
 
 #ifdef __cplusplus
 extern "C" {
@@ -80,6 +81,7 @@ int __wrap_cynara_check(cynara* c, const char* client, const char* client_sessio
                         const char* privilege);
 
 char *__wrap_cynara_session_from_pid(pid_t pid);
+int __wrap_cynara_creds_self_get_client(enum cynara_client_creds method, char **client);
 
 #ifdef __cplusplus
 }