Modify modules that need root permission.

- Removed to permit root permission for push/pull(unitest, codecoverage, DA)
- Changed uid/gid of SDBD into sdk

Change-Id: Idd874377159afa3d387c9abb59aada2a9d34dbc3
Signed-off-by: shingil.kang <shingil.kang@samsung.com>

diff --git a/packaging/sdbd.spec b/packaging/sdbd.spec
index 826c4f069f12363cac03a589b3be895f3e886be2..6e1ba42103709635f13227fdf2fe030a8b853320 100644 (file)
--- a/packaging/sdbd.spec
+++ b/packaging/sdbd.spec
@@ -2,7 +2,7 @@
 
 Name:       sdbd
 Summary:    SDB daemon
-Version:    3.0.11
+Version:    3.0.12
 Release:    0
 License:    Apache-2.0
 Summary:    SDB daemon

diff --git a/packaging/sdbd_device.service b/packaging/sdbd_device.service
index 4fe803f942bbf0f4e67ea932f6eb050aeac809f0..5aaac68edcff91d51372e7f2260bb0353cb4cee9 100644 (file)
--- a/packaging/sdbd_device.service
+++ b/packaging/sdbd_device.service
@@ -4,6 +4,8 @@ Requires=tizen-system-env.service
 After=tmp.mount
 
 [Service]
+User=sdk
+Group=sdk
 Type=forking
 EnvironmentFile=-/run/tizen-system-env
 PIDFile=/tmp/.sdbd.pid

diff --git a/packaging/sdbd_emulator.service b/packaging/sdbd_emulator.service
index 1a2f29813ef2046dd1191eb480744fb4da4ac190..01d3d048b800c6ae291c9c755f012746502607f9 100644 (file)
--- a/packaging/sdbd_emulator.service
+++ b/packaging/sdbd_emulator.service
@@ -5,6 +5,8 @@ After=tmp.mount dbus.service
 #DefaultDependencies=false
 
 [Service]
+User=sdk
+Group=sdk
 Type=forking
 Environment=DISPLAY=:0
 PIDFile=/tmp/.sdbd.pid

diff --git a/src/file_sync_service.c b/src/file_sync_service.c
index 5fc6642db83c8a7896f1168cd023c9049f29f567..c15ae1011bc6b2d18aa0de9bce36529cf4438659 100644 (file)
--- a/src/file_sync_service.c
+++ b/src/file_sync_service.c
@@ -39,42 +39,11 @@
 
 #define SYNC_TIMEOUT 15
 
-struct sync_permit_rule
-{
-    const char *name;
-    char *regx;
-    int mode; // 0:push, 1: pull, 2: push&push
-};
-
-struct sync_permit_rule sdk_sync_permit_rule[] = {
-    /* 0 */ {"unitest", "", 1},
-    /* 1 */ {"codecoverage", "", 1},
-    /* 2 */ {"da", "", 1},
-    /* end */ {NULL, NULL, 0}
-};
-
 /* The typical default value for the umask is S_IWGRP | S_IWOTH (octal 022).
  * Before use the DIR_PERMISSION, the process umask value should be set 0 using umask().
  */
 #define DIR_PERMISSION 0777
 
-void init_sdk_sync_permit_rule_regx(void)
-{
-    int ret;
-    ret = asprintf(&sdk_sync_permit_rule[0].regx, "^((/tmp)|(%s)|(%s))/[a-zA-Z0-9]{10}/data/[a-zA-Z0-9_\\-]{1,50}\\.xml$", APP_INSTALL_PATH_PREFIX1, APP_INSTALL_PATH_PREFIX2);
-    if(ret < 0) {
-        D("failed to run asprintf for unittest\n");
-    }
-    ret = asprintf(&sdk_sync_permit_rule[1].regx, "^((/tmp)|(%s)|(%s))/[a-zA-Z0-9]{10}/data/+(.)*\\.gcda$", APP_INSTALL_PATH_PREFIX1, APP_INSTALL_PATH_PREFIX2);
-    if (ret < 0) {
-        D("failed to run asprintf for codecoverage\n");
-    }
-    ret = asprintf(&sdk_sync_permit_rule[2].regx, "^(/tmp/da/)*+[a-zA-Z0-9_\\-\\.]{1,50}\\.png$");
-    if (ret < 0) {
-        D("failed to run asprintf for da\n");
-    }
-}
-
 static void set_syncfile_smack_label(char *src) {
     char *label_transmuted = NULL;
     char *label = NULL;
@@ -589,37 +558,6 @@ static int do_recv(int s, const char *path, char *buffer)
     return 0;
 }
 
-static int verify_sync_rule(const char* path) {
-    regex_t regex;
-    int ret;
-    char buf[PATH_MAX];
-    int i=0;
-
-    init_sdk_sync_permit_rule_regx();
-    for (i=0; sdk_sync_permit_rule[i].regx != NULL; i++) {
-        ret = regcomp(&regex, sdk_sync_permit_rule[i].regx, REG_EXTENDED);
-        if(ret){
-            return 0;
-        }
-        // execute regular expression
-        ret = regexec(&regex, path, 0, NULL, 0);
-        if(!ret){
-            regfree(&regex);
-            D("found matched rule(%s) from %s path\n", sdk_sync_permit_rule[i].name, path);
-            return 1;
-        } else if( ret == REG_NOMATCH ){
-            // do nothin
-        } else{
-            regerror(ret, &regex, buf, sizeof(buf));
-            D("regex match failed(%s): %s\n",sdk_sync_permit_rule[i].name, buf);
-        }
-    }
-    regfree(&regex);
-    for (i=0; sdk_sync_permit_rule[i].regx != NULL; i++){
-       free(sdk_sync_permit_rule[i].regx);
-    }
-    return 0;
-}
 
 void file_sync_service(int fd, void *cookie)
 {
@@ -684,7 +622,7 @@ void file_sync_service(int fd, void *cookie)
 
             D("sync: '%s' '%s'\n", (char*) &msg.req, name);
 
-            if (should_drop_privileges() && !verify_sync_rule(name)) {
+            if (should_drop_privileges()) {
                 set_sdk_user_privileges();
             }