Protect security_manager_app_has_privilege with privilege check

This API serves similar data like fetching policy but wasn't protected
with privilege check. This change introduces the same entry checks.

Change-Id: I3fb2be619d05ebc770fd5c3b994baa13ff07c2a0

diff --git a/src/common/include/service_impl.h b/src/common/include/service_impl.h
index cabeef06a9dac88b91defe692448dfd5f54def06..d213f1e8c3ddcd67687ee8716d3b6c0279a17760 100644 (file)
--- a/src/common/include/service_impl.h
+++ b/src/common/include/service_impl.h
@@ -215,6 +215,7 @@ public:
     /**
      * Process checking application's privilege access based on app_name
      *
+     * @param[in]  creds credentials of the caller
      * @param[in]  appName application identifier
      * @param[in]  privilege privilege name
      * @param[in]  uid user identifier
@@ -222,7 +223,7 @@ public:
      *
      * @return API return code, as defined in protocols.h
      */
-    int appHasPrivilege(std::string appName, std::string privilege, uid_t uid, bool &result);
+    int appHasPrivilege(const Credentials &creds, const std::string appName, const std::string privilege, uid_t uid, bool &result);
 
     /**
      * Process applying private path sharing between applications.

diff --git a/src/common/service_impl.cpp b/src/common/service_impl.cpp
index 035f75e0baf09ed0848c3cb1df8f2e09c6ecf80d..d8d9f9ec49c3e5b3661bf8ecd2eb1b647b060e51 100644 (file)
--- a/src/common/service_impl.cpp
+++ b/src/common/service_impl.cpp
@@ -1691,13 +1691,20 @@ int ServiceImpl::policyGroupsForUid(uid_t uid, std::vector<gid_t> &groups)
 }
 
 int ServiceImpl::appHasPrivilege(
-        std::string appName,
-        std::string privilege,
+        const Credentials &creds,
+        const std::string appName,
+        const std::string privilege,
         uid_t uid,
         bool &result)
 {
     try {
         std::string appProcessLabel = getAppProcessLabel(appName);
+        if ((appProcessLabel != creds.label || creds.uid != uid)
+            && !authenticate(creds, PRIVILEGE_POLICY_USER)
+            && !authenticate(creds, PRIVILEGE_PERMISSION_CHECK)) {
+            LogError("Not enough privilege to access other process policies");
+            return SECURITY_MANAGER_ERROR_ACCESS_DENIED;
+        }
         std::string uidStr = std::to_string(uid);
         result = m_cynara.check(appProcessLabel, privilege, uidStr, "");
         LogDebug("result = " << result);

diff --git a/src/include/app-runtime.h b/src/include/app-runtime.h
index fa9078e4e5955b77abbe23e896cf9eea624bd481..c51e6269c8f83c21067ede9e1c224cea9d97fed9 100644 (file)
--- a/src/include/app-runtime.h
+++ b/src/include/app-runtime.h
@@ -201,6 +201,12 @@ int security_manager_identify_app_from_cynara_client(const char *client, char **
  * - 0: access denied
  * - 1: access granted
  *
+ * Required privileges:
+ * for checking policy for the caller application process:
+ * - none
+ * for checking policy for other application process:
+ * - http://tizen.org/privilege/notexist or http://tizen.org/privilege/permission.check
+ *
  * \param[in]  app_id     Application identifier
  * \param[in]  privilege  Privilege name
  * \param[in]  uid        User identifier

diff --git a/src/server/service/include/service.h b/src/server/service/include/service.h
index b4db1547fd3522b80d2fd28de6254f51b4e4879e..5805cf0dd6b8aa63254f178a9a7caa3e1a25af18 100644 (file)
--- a/src/server/service/include/service.h
+++ b/src/server/service/include/service.h
@@ -178,8 +178,9 @@ private:
      *
      * @param  recv   Raw received data buffer
      * @param  send   Raw data buffer to be sent
+     * @param  creds  credentials of the requesting process
      */
-    void processAppHasPrivilege(MessageBuffer &recv, MessageBuffer &send);
+    void processAppHasPrivilege(MessageBuffer &recv, MessageBuffer &send, const Credentials &creds);
 
     /**
      * Process applying private path sharing between applications.

diff --git a/src/server/service/service.cpp b/src/server/service/service.cpp
index 9a169b59efbf21e34b24d034bdd9f2faf24d4b5f..cfcaedbf0a626457c35649ae125579232ea420e7 100644 (file)
--- a/src/server/service/service.cpp
+++ b/src/server/service/service.cpp
@@ -134,7 +134,7 @@ bool Service::processOne(const ConnectionID &conn, MessageBuffer &buffer,
                     break;
                 case SecurityModuleCall::APP_HAS_PRIVILEGE:
                     LogDebug("call_type: SecurityModuleCall::APP_HAS_PRIVILEGE");
-                    processAppHasPrivilege(buffer, send);
+                    processAppHasPrivilege(buffer, send, creds);
                     break;
                 case SecurityModuleCall::APP_APPLY_PRIVATE_SHARING:
                     LogDebug("call_type: SecurityModuleCall::APP_APPLY_PRIVATE_SHARING");
@@ -387,7 +387,7 @@ void Service::processGroupsForUid(MessageBuffer &recv, MessageBuffer &send)
     }
 }
 
-void Service::processAppHasPrivilege(MessageBuffer &recv, MessageBuffer &send)
+void Service::processAppHasPrivilege(MessageBuffer &recv, MessageBuffer &send, const Credentials &creds)
 {
     std::string appName;
     std::string privilege;
@@ -398,7 +398,7 @@ void Service::processAppHasPrivilege(MessageBuffer &recv, MessageBuffer &send)
     Deserialization::Deserialize(recv, uid);
 
     bool result;
-    int ret = serviceImpl.appHasPrivilege(appName, privilege, uid, result);
+    int ret = serviceImpl.appHasPrivilege(creds, appName, privilege, uid, result);
 
     Serialization::Serialize(send, ret);
     if (ret == SECURITY_MANAGER_SUCCESS)