--- /dev/null
+Kidong Kim <kd0228.kim@samsung.com>
--- /dev/null
+CMAKE_MINIMUM_REQUIRED(VERSION 2.6)
+PROJECT(libprivilege-control C)
+
+SET(PREFIX ${CMAKE_INSTALL_PREFIX})
+SET(EXEC_PREFIX "\${prefix}")
+SET(LIBDIR "\${prefix}/lib")
+SET(INCLUDEDIR "\${prefix}/include")
+SET(VERSION 1.0)
+
+SET(VERSION_MAJOR 0)
+SET(VERSION "${VERSION_MAJOR}.0.2")
+
+INCLUDE_DIRECTORIES(${CMAKE_SOURCE_DIR}/include)
+
+INCLUDE(FindPkgConfig)
+pkg_check_modules(pkgs REQUIRED security-server openssl)
+
+FOREACH(flag ${pkgs_CFLAGS})
+ SET(EXTRA_CFLAGS "${EXTRA_CFLAGS} ${flag}")
+ENDFOREACH(flag)
+
+SET(src_dir "./src")
+SET(include_dir "./include")
+
+## Additional flag
+SET(activate "-DUSE_PRIVILEGE_CONTROL")
+
+SET(EXTRA_CFLAGS "${EXTRA_CFLAGS} -fvisibility=hidden")
+SET(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} ${EXTRA_CFLAGS}")
+
+###################################################################################################
+## for libprivilege-control.so (library)
+SET(libprivilege-control_SOURCES ${src_dir}/privilege-control.c ${src_dir}/account-manage.c)
+SET(libprivilege-control_LDFLAGS " -module -avoid-version ")
+SET(libprivilege-control_CFLAGS " ${CFLAGS} -fPIC -I${include_dir} ${activate} ")
+#SET(libprivilege-control_LIBADD " ")
+
+ADD_LIBRARY(privilege-control SHARED ${libprivilege-control_SOURCES})
+TARGET_LINK_LIBRARIES(privilege-control ${pkgs_LDFLAGS})
+SET_TARGET_PROPERTIES(privilege-control PROPERTIES COMPILE_FLAGS "${libprivilege-control_CFLAGS}")
+SET_TARGET_PROPERTIES(privilege-control PROPERTIES SOVERSION ${VERSION_MAJOR})
+SET_TARGET_PROPERTIES(privilege-control PROPERTIES VERSION ${VERSION})
+###################################################################################################
+
+###################################################################################################
+## for slp-su (excutable)
+SET(slp-su_SOURCES ${src_dir}/slp-su.c)
+SET(slp-su_LDFLAGS " -module -avoid-version ")
+SET(slp-su_CFLAGS " ${CFLAGS} -fPIC -I${include_dir} ${activate} ")
+
+ADD_EXECUTABLE(slp-su ${slp-su_SOURCES})
+TARGET_LINK_LIBRARIES(slp-su ${pkgs_LDFLAGS} privilege-control)
+SET_TARGET_PROPERTIES(slp-su PROPERTIES COMPILE_FLAGS "${slp-su_CFLAGS}")
+###################################################################################################
+
+###################################################################################################
+## for debug-util (excutable)
+SET(debug-util_SOURCES ${src_dir}/debug-util.c)
+SET(debug-util_LDFLAGS " -module -avoid-version ")
+SET(debug-util_CFLAGS " ${CFLAGS} -fPIC -I${include_dir} ${activate} ")
+
+ADD_EXECUTABLE(debug-util ${debug-util_SOURCES})
+TARGET_LINK_LIBRARIES(debug-util ${pkgs_LDFLAGS} privilege-control)
+SET_TARGET_PROPERTIES(debug-util PROPERTIES COMPILE_FLAGS "${debug-util_CFLAGS}")
+###################################################################################################
+
+###################################################################################################
+## for kill_app (excutable)
+SET(kill-app_SOURCES ${src_dir}/kill_app.c)
+SET(kill-app_LDFLAGS " -module -avoid-version ")
+SET(kill-app_CFLAGS " ${CFLAGS} -fPIC -I${include_dir} ${activate} ")
+
+ADD_EXECUTABLE(kill_app ${kill-app_SOURCES})
+#TARGET_LINK_LIBRARIES(kill_app ${pkgs_LDFLAGS} privilege-control)
+SET_TARGET_PROPERTIES(kill_app PROPERTIES COMPILE_FLAGS "${kill-app_CFLAGS}")
+###################################################################################################
+
+CONFIGURE_FILE(libprivilege-control.pc.in libprivilege-control.pc @ONLY)
+
+FILE(GLOB datfiles ${CMAKE_CURRENT_SOURCE_DIR}/permissions/*.dat)
+FILE(GLOB udevfiles ${CMAKE_CURRENT_SOURCE_DIR}/udev/rules/*)
+
+INSTALL(TARGETS privilege-control DESTINATION lib COMPONENT RuntimeLibraries)
+INSTALL(FILES ${CMAKE_CURRENT_BINARY_DIR}/libprivilege-control.pc DESTINATION lib/pkgconfig)
+INSTALL(FILES ${CMAKE_CURRENT_BINARY_DIR}/passwd DESTINATION /opt/etc/)
+INSTALL(FILES ${CMAKE_CURRENT_BINARY_DIR}/group DESTINATION /opt/etc/)
+INSTALL(FILES ${CMAKE_CURRENT_SOURCE_DIR}/include/privilege-control.h DESTINATION include)
+INSTALL(FILES ${datfiles} DESTINATION /usr/share/privilege-control)
+INSTALL(FILES ${CMAKE_CURRENT_SOURCE_DIR}/app_group_list DESTINATION /usr/share/privilege-control)
+INSTALL(FILES ${CMAKE_CURRENT_SOURCE_DIR}/dev_group_list DESTINATION /usr/share/privilege-control)
+INSTALL(FILES ${udevfiles} DESTINATION /lib/udev/rules.d)
+INSTALL(PROGRAMS ${CMAKE_CURRENT_SOURCE_DIR}/slp-su DESTINATION bin)
+INSTALL(PROGRAMS ${CMAKE_CURRENT_SOURCE_DIR}/debug-util DESTINATION bin)
+INSTALL(PROGRAMS ${CMAKE_CURRENT_SOURCE_DIR}/kill_app DESTINATION bin)
--- /dev/null
+Copyright (c) 2000 - 2012 Samsung Electronics Co., Ltd. All rights reserved.
+
+ Apache License
+ Version 2.0, January 2004
+ http://www.apache.org/licenses/
+
+ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+ 1. Definitions.
+
+ "License" shall mean the terms and conditions for use, reproduction,
+ and distribution as defined by Sections 1 through 9 of this document.
+
+ "Licensor" shall mean the copyright owner or entity authorized by
+ the copyright owner that is granting the License.
+
+ "Legal Entity" shall mean the union of the acting entity and all
+ other entities that control, are controlled by, or are under common
+ control with that entity. For the purposes of this definition,
+ "control" means (i) the power, direct or indirect, to cause the
+ direction or management of such entity, whether by contract or
+ otherwise, or (ii) ownership of fifty percent (50%) or more of the
+ outstanding shares, or (iii) beneficial ownership of such entity.
+
+ "You" (or "Your") shall mean an individual or Legal Entity
+ exercising permissions granted by this License.
+
+ "Source" form shall mean the preferred form for making modifications,
+ including but not limited to software source code, documentation
+ source, and configuration files.
+
+ "Object" form shall mean any form resulting from mechanical
+ transformation or translation of a Source form, including but
+ not limited to compiled object code, generated documentation,
+ and conversions to other media types.
+
+ "Work" shall mean the work of authorship, whether in Source or
+ Object form, made available under the License, as indicated by a
+ copyright notice that is included in or attached to the work
+ (an example is provided in the Appendix below).
+
+ "Derivative Works" shall mean any work, whether in Source or Object
+ form, that is based on (or derived from) the Work and for which the
+ editorial revisions, annotations, elaborations, or other modifications
+ represent, as a whole, an original work of authorship. For the purposes
+ of this License, Derivative Works shall not include works that remain
+ separable from, or merely link (or bind by name) to the interfaces of,
+ the Work and Derivative Works thereof.
+
+ "Contribution" shall mean any work of authorship, including
+ the original version of the Work and any modifications or additions
+ to that Work or Derivative Works thereof, that is intentionally
+ submitted to Licensor for inclusion in the Work by the copyright owner
+ or by an individual or Legal Entity authorized to submit on behalf of
+ the copyright owner. For the purposes of this definition, "submitted"
+ means any form of electronic, verbal, or written communication sent
+ to the Licensor or its representatives, including but not limited to
+ communication on electronic mailing lists, source code control systems,
+ and issue tracking systems that are managed by, or on behalf of, the
+ Licensor for the purpose of discussing and improving the Work, but
+ excluding communication that is conspicuously marked or otherwise
+ designated in writing by the copyright owner as "Not a Contribution."
+
+ "Contributor" shall mean Licensor and any individual or Legal Entity
+ on behalf of whom a Contribution has been received by Licensor and
+ subsequently incorporated within the Work.
+
+ 2. Grant of Copyright License. Subject to the terms and conditions of
+ this License, each Contributor hereby grants to You a perpetual,
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+ copyright license to reproduce, prepare Derivative Works of,
+ publicly display, publicly perform, sublicense, and distribute the
+ Work and such Derivative Works in Source or Object form.
+
+ 3. Grant of Patent License. Subject to the terms and conditions of
+ this License, each Contributor hereby grants to You a perpetual,
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+ (except as stated in this section) patent license to make, have made,
+ use, offer to sell, sell, import, and otherwise transfer the Work,
+ where such license applies only to those patent claims licensable
+ by such Contributor that are necessarily infringed by their
+ Contribution(s) alone or by combination of their Contribution(s)
+ with the Work to which such Contribution(s) was submitted. If You
+ institute patent litigation against any entity (including a
+ cross-claim or counterclaim in a lawsuit) alleging that the Work
+ or a Contribution incorporated within the Work constitutes direct
+ or contributory patent infringement, then any patent licenses
+ granted to You under this License for that Work shall terminate
+ as of the date such litigation is filed.
+
+ 4. Redistribution. You may reproduce and distribute copies of the
+ Work or Derivative Works thereof in any medium, with or without
+ modifications, and in Source or Object form, provided that You
+ meet the following conditions:
+
+ (a) You must give any other recipients of the Work or
+ Derivative Works a copy of this License; and
+
+ (b) You must cause any modified files to carry prominent notices
+ stating that You changed the files; and
+
+ (c) You must retain, in the Source form of any Derivative Works
+ that You distribute, all copyright, patent, trademark, and
+ attribution notices from the Source form of the Work,
+ excluding those notices that do not pertain to any part of
+ the Derivative Works; and
+
+ (d) If the Work includes a "NOTICE" text file as part of its
+ distribution, then any Derivative Works that You distribute must
+ include a readable copy of the attribution notices contained
+ within such NOTICE file, excluding those notices that do not
+ pertain to any part of the Derivative Works, in at least one
+ of the following places: within a NOTICE text file distributed
+ as part of the Derivative Works; within the Source form or
+ documentation, if provided along with the Derivative Works; or,
+ within a display generated by the Derivative Works, if and
+ wherever such third-party notices normally appear. The contents
+ of the NOTICE file are for informational purposes only and
+ do not modify the License. You may add Your own attribution
+ notices within Derivative Works that You distribute, alongside
+ or as an addendum to the NOTICE text from the Work, provided
+ that such additional attribution notices cannot be construed
+ as modifying the License.
+
+ You may add Your own copyright statement to Your modifications and
+ may provide additional or different license terms and conditions
+ for use, reproduction, or distribution of Your modifications, or
+ for any such Derivative Works as a whole, provided Your use,
+ reproduction, and distribution of the Work otherwise complies with
+ the conditions stated in this License.
+
+ 5. Submission of Contributions. Unless You explicitly state otherwise,
+ any Contribution intentionally submitted for inclusion in the Work
+ by You to the Licensor shall be under the terms and conditions of
+ this License, without any additional terms or conditions.
+ Notwithstanding the above, nothing herein shall supersede or modify
+ the terms of any separate license agreement you may have executed
+ with Licensor regarding such Contributions.
+
+ 6. Trademarks. This License does not grant permission to use the trade
+ names, trademarks, service marks, or product names of the Licensor,
+ except as required for reasonable and customary use in describing the
+ origin of the Work and reproducing the content of the NOTICE file.
+
+ 7. Disclaimer of Warranty. Unless required by applicable law or
+ agreed to in writing, Licensor provides the Work (and each
+ Contributor provides its Contributions) on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+ implied, including, without limitation, any warranties or conditions
+ of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+ PARTICULAR PURPOSE. You are solely responsible for determining the
+ appropriateness of using or redistributing the Work and assume any
+ risks associated with Your exercise of permissions under this License.
+
+ 8. Limitation of Liability. In no event and under no legal theory,
+ whether in tort (including negligence), contract, or otherwise,
+ unless required by applicable law (such as deliberate and grossly
+ negligent acts) or agreed to in writing, shall any Contributor be
+ liable to You for damages, including any direct, indirect, special,
+ incidental, or consequential damages of any character arising as a
+ result of this License or out of the use or inability to use the
+ Work (including but not limited to damages for loss of goodwill,
+ work stoppage, computer failure or malfunction, or any and all
+ other commercial damages or losses), even if such Contributor
+ has been advised of the possibility of such damages.
+
+ 9. Accepting Warranty or Additional Liability. While redistributing
+ the Work or Derivative Works thereof, You may choose to offer,
+ and charge a fee for, acceptance of support, warranty, indemnity,
+ or other liability obligations and/or rights consistent with this
+ License. However, in accepting such obligations, You may act only
+ on Your own behalf and on Your sole responsibility, not on behalf
+ of any other Contributor, and only if You agree to indemnify,
+ defend, and hold each Contributor harmless for any liability
+ incurred by, or claims asserted against, such Contributor by reason
+ of your accepting any such warranty or additional liability.
+
+ END OF TERMS AND CONDITIONS
+
+ APPENDIX: How to apply the Apache License to your work.
+
+ To apply the Apache License to your work, attach the following
+ boilerplate notice, with the fields enclosed by brackets "[]"
+ replaced with your own identifying information. (Don't include
+ the brackets!) The text should be enclosed in the appropriate
+ comment syntax for the file format. We also recommend that a
+ file or class name and description of purpose be included on the
+ same "printed page" as the copyright notice for easier
+ identification within third-party archives.
+
+ Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+
--- /dev/null
+20
+29
+44
+5000
+6001
+6002
+6003
+6004
+6005
+6006
+6007
+6008
+6009
+6010
+6011
+6012
+6013
+6014
+6015
+6016
+6017
+6018
+6019
+6020
+6021
+6022
+6023
+6024
+6025
+6026
+6501
+6502
+6503
+6505
+6506
+6508
+6509
+6510
+6511
+6512
+6513
+6514
+6515
+6516
+6517
+6518
+6519
+6520
+6521
+6522
+6523
+6524
+6525
+6526
+6528
+6601
+6602
+6603
+6701
+6702
+6703
+6801
+6802
+6803
+6804
+6805
+6806
+6807
+6808
+6809
+6810
+6811
+6812
+6813
+6814
+6815
+6816
+6817
+6818
+6819
+6820
+6821
+6822
+6823
+6824
+6825
+6826
+6827
--- /dev/null
+libprivilege-control (0.0.2-40) unstable; urgency=low
+
+ * Remove 'inhouse' directory
+ * Tag: libprivilege-control_0.0.2-40
+ * Git: pkgs/l/libprivilege-control
+
+ -- Kidong Kim <kd0228.kim@samsung.com> Thu, 09 Feb 2012 17:41:32 +0900
--- /dev/null
+Source: libprivilege-control
+Priority: extra
+Maintainer: Kidong Kim <kd0228.kim@samsung.com>
+Build-Depends: debhelper (>= 5), autotools-dev, libsecurity-server-client-dev, libssl-dev, openssl
+Standards-Version: 3.7.2
+Section: base
+Homepage: N/A
+
+Package: libprivilege-control-dev
+Section: libs
+Architecture: any
+Depends: ${shlibs:Depends}, ${misc:Depends}, libprivilege-control-0 (= ${Source-Version}), libssl-dev
+Description: development pacakge of library to control privilege of in-house application
+
+Package: libprivilege-control-0
+Section: libs
+Architecture: any
+Depends: ${shlibs:Depends}, ${misc:Depends}
+Description: library to control privilege of in-house application
+
+Package: libprivilege-control-dbg
+Section: debug
+Architecture: any
+Depends: ${shlibs:Depends}, ${misc:Depends}, libprivilege-control-0 (= ${Source-Version})
+Description: debug package of library to control privilege of in-house application
--- /dev/null
+/usr/lib/libprivilege-control.so
+/usr/lib/libprivilege-control.so.*
+/usr/bin/slp-su
+/usr/bin/debug-util
+/usr/bin/kill_app
+/usr/share/privilege-control/*
+/opt/etc/passwd
+/opt/etc/group
+/lib/udev/rules.d
--- /dev/null
+#!/bin/sh
+
+if [ ! -e "/home/app" ]
+then
+ if [ ${USER} = "root" ]
+ then
+ mkdir -p /home/app
+ fi
+fi
+
+if [ ! -e "/home/developer" ]
+then
+ if [ ${USER} = "root" ]
+ then
+ mkdir -p /home/developer
+ fi
+fi
+
+if [ ${USER} = "root" ]
+then
+ chown 5000:5000 /home/app
+ chmod 755 /home/app
+ chown 5100:5100 /home/developer
+ chmod 755 /home/developer
+fi
+
+if [ ! -e "/usr/share/privilege-control" ]
+then
+ mkdir /usr/share/privilege-control/
+fi
+
+if [ -e "/etc/passwd" ]
+then
+ rm -f /etc/passwd
+fi
+ln -s /opt/etc/passwd /etc/passwd
+
+if [ -e "/etc/group" ]
+then
+ rm -f /etc/group
+fi
+ln -s /opt/etc/group /etc/group
--- /dev/null
+/usr/include/privilege-control.h
+/usr/lib/pkgconfig/libprivilege-control.pc
--- /dev/null
+#!/usr/bin/make -f
+# -*- makefile -*-
+# Sample debian/rules that uses debhelper.
+# This file was originally written by Joey Hess and Craig Small.
+# As a special exception, when this file is copied by dh-make into a
+# dh-make output file, you may use that output file without restriction.
+# This special exception was added by Craig Small in version 0.37 of dh-make.
+
+# Uncomment this to turn on verbose mode.
+#export DH_VERBOSE=1
+
+CFLAGS ?= -Wall -g
+CXXFLAGS ?= -Wall -g
+LDFLAGS ?=
+PREFIX ?= /usr
+DATADIR ?= /opt
+
+ifneq (,$(findstring noopt,$(DEB_BUILD_OPTIONS)))
+ CFLAGS += -O0
+ CXXFLAGS += -O0
+else
+ CFLAGS += -O2
+ CXXFLAGS += -O2
+endif
+
+LDFLAGS += -Wl,--rpath=$(PREFIX)/lib -Wl,--as-needed
+
+configure: configure-stamp
+configure-stamp:
+ dh_testdir
+ # Add here commands to configure the package.
+ CFLAGS="$(CFLAGS)" CXXFLAGS="$(CXXFLAGS)" LDFLAGS="$(LDFLAGS)" cmake . -DCMAKE_INSTALL_PREFIX=$(PREFIX)
+
+ touch configure-stamp
+
+build: build-stamp
+
+build-stamp: configure-stamp
+ dh_testdir
+
+ # Add here commands to compile the package.
+ $(MAKE)
+ #docbook-to-man debian/wavplayer.sgml > wavplayer.1
+
+ for f in `find $(CURDIR)/debian/ -name "*.in"`; do \
+ cat $$f > $${f%.in}; \
+ sed -i -e "s#@PREFIX@#$(PREFIX)#g" $${f%.in}; \
+ sed -i -e "s#@DATADIR@#$(DATADIR)#g" $${f%.in}; \
+ done
+
+
+ touch $@
+
+clean:
+ dh_testdir
+ dh_testroot
+ rm -f build-stamp configure-stamp
+
+ # Add here commands to clean up after the build process.
+ -$(MAKE) clean
+ rm -rf CMakeCache.txt
+ rm -rf CMakeFiles
+ rm -rf cmake_install.cmake
+ rm -rf Makefile
+ rm -rf install_manifest.txt
+ rm -rf *.so
+ rm -rf *.pc
+
+ for f in `find $(CURDIR)/debian/ -name "*.in"`; do \
+ rm -f $${f%.in}; \
+ done
+
+ dh_clean
+
+install: build
+ dh_testdir
+ dh_testroot
+ dh_clean -k
+ dh_installdirs
+
+ # Add here commands to install the package into debian/wavplayer.
+ $(MAKE) DESTDIR=$(CURDIR)/debian/tmp install
+
+# Build architecture-independent files here.
+binary-indep: build install
+# We have nothing to do by default.
+
+# Build architecture-dependent files here.
+binary-arch: build install
+ dh_testdir
+ dh_testroot
+ dh_installchangelogs
+ dh_installdocs
+ dh_installexamples
+ dh_install --sourcedir=debian/tmp
+# dh_installmenu
+# dh_installdebconf
+# dh_installlogrotate
+# dh_installemacsen
+# dh_installpam
+# dh_installmime
+# dh_python
+# dh_installinit
+# dh_installcron
+# dh_installinfo
+ dh_installman
+ dh_link
+# dh_strip
+ dh_strip --dbg-package=libprivilege-control-dbg
+ dh_compress
+ dh_fixperms
+# dh_perl
+ dh_makeshlibs -plibprivilege-control-0
+ dh_installdeb
+ dh_shlibdeps
+ dh_gencontrol
+ dh_md5sums
+ dh_builddeb
+
+binary: binary-indep binary-arch
+.PHONY: build clean binary-indep binary-arch binary install configure
--- /dev/null
+5100
+6509
--- /dev/null
+root:*:0:
+daemon:*:1:
+bin:*:2:
+sys:*:3:
+adm:*:4:
+tty:*:5:
+disk:*:6:
+lp:*:7:
+mail:*:8:
+news:*:9:
+uucp:*:10:
+man:*:12:
+proxy:*:13:
+kmem:*:15:
+dialout:*:20:app
+fax:*:21:
+voice:*:22:
+cdrom:*:24:
+floppy:*:25:
+tape:*:26:
+sudo:*:27:
+audio:*:29:root,app,pulse,media
+dip:*:30:
+www-data:*:33:
+backup:*:34:
+operator:*:37:
+list:*:38:
+irc:*:39:
+src:*:40:
+gnats:*:41:
+shadow:*:42:
+utmp:*:43:
+video:*:44:app,media
+sasl:*:45:
+plugdev:*:46:
+staff:*:50:
+games:*:60:
+users:*:100:
+nogroup:*:65534:
+app:x:5000:
+developer:x:5100:
+testuser:x:5101:
+db_alarm:x:6001:app
+db_browser:x:6002:app
+db_calendar:x:6003:app
+db_cc_list:x:6004:app
+db_contact:x:6005:app
+db_email_service:x:6006:app
+db_java_runtime:x:6007:app
+db_logs:x:6008:app
+db_memo:x:6009:app
+db_menu:x:6010:app
+db_msg_service:x:6011:app
+db_mtp:x:6012:app
+db_spkmgr:x:6013:app
+db_t9buffer:x:6014:app
+db_worldclock:x:6015:app
+db_sns:x:6016:app
+db_filemanager:x:6017:app
+db_daily_briefing:x:6018:app
+db_always:x:6019:app
+db_media_browser:x:6020:app
+db_music:x:6021:app
+db_drm:x:6022:app
+db_lbs_landmark:x:6023:app
+db_comm:x:6024:app
+db_quickpanel:x:6025:app
+db_wrt:x:6026:app
+camera:x:6501:app,media
+message:x:6502:app
+myfiles:x:6503:app
+admin:x:6504:
+pulse:x:6507:
+pulse-access:x:6505:root,app,media
+pulse-rt:x:6506:root,app,media
+app_logging:x:6509:app,media,developer
+sys_logging:x:6527:app,media
+hwcodec:x:6510:app,media
+recording:x:6508:app,pulse,media
+java:x:6511:app
+radio:x:6512:app
+installer:x:6513:app
+nfc-manager:x:6517:app
+use_cert:x:6524:app
+usb_device:x:6525:app
+keytone:x:6526:app
+video_tel:x:6528:app
+vconf_setting:x:6514:app
+vconf_hib:x:6515:app
+vconf_seven:x:6516:app
+vconf_sndprof:x:6518:app
+vconf_wifi:x:6519:app
+vconf_bt:x:6520:app
+vconf_callstate:x:6521:app
+vconf_idlelock:x:6522:app
+vconf_sync:x:6523:app
+ss_drmkey:x:6601:app
+ss_ssaccount:x:6602:app
+ss_activesync:x:6603:app
+system_time:x:6701:app
+system_bklight:x:6702:app
+system_torch:x:6703:app
+lbs:x:6801:app,system
+alarm:x:6802:app
+dnet_use:x:6803:app
+dnet_setting:x:6804:app
+tel_call:x:6805:app
+tel_call_info:x:6806:app
+tel_msg:x:6807:app
+tel_msg_info:x:6808:app
+tel_net:x:6809:app
+tel_net_info:x:6810:app
+tel_gprs:x:6811:app
+tel_gprs_info:x:6812:app
+tel_sim:x:6813:app
+tel_sim_info:x:6814:app
+tel_sap:x:6815:app
+tel_ss:x:6816:app
+tel_ss_info:x:6817:app
+tel_sat:x:6826:app
+task_mgr:x:6818:app
+power_mgr:x:6819:app
+permanent:x:6820:app
+oom_adj:x:6821:app
+soundpath:x:6822:app
+asm:x:6823:app
+message_sync:x:6824:app
+message_lbs:x:6825:app
+bt_use:x:6827:app,pulse,system
+system:x:1000:
+bluetooth:x:1002:
+graphics:x:1003:
+input:x:1004:
+log:x:1007:
+compass:x:1008:
+mount:x:1009:
+wifi:x:1010:
+adb:x:1011:
+install:x:1012:
+media:x:1013:
+dhcp:x:1014:
+sdcard_rw:x:1015:
+vpn:x:1016:
+keystore:x:1017:
+shell:x:2000:
+cache:x:2001:
+diag:x:2002:
+net_bt_admin:x:3001:
+net_bt:x:3002:
+inet:x:3003:
+net_raw:x:3004:
+net_admin:x:3005:
+misc:x:9998:
--- /dev/null
+/*
+ * libprivilege control
+ *
+ * Copyright (c) 2000 - 2012 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Contact: Kidong Kim <kd0228.kim@samsung.com>
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+#ifndef _PRIVILEGE_CONTROL_H_
+#define _PRIVILEGE_CONTROL_H_
+
+#ifdef __cplusplus
+extern "C" {
+#endif // __cplusplus
+
+#ifndef API
+#define API __attribute__((visibility("default")))
+#endif // API
+
+/* error codes */
+#define PC_OPERATION_SUCCESS ((int)0)
+#define PC_ERR_FILE_OPERATION -1
+#define PC_ERR_MEM_OPERATION -2
+#define PC_ERR_NOT_PERMITTED -3
+#define PC_ERR_INVALID_PARAM -4
+#define PC_ERR_INVALID_OPERATION -5
+
+/* APIs - used by applications */
+int control_privilege(void);
+
+int set_privilege(const char* pkg_name);
+
+/* added APIs - add & delete user and group for 3rd party applications */
+int add_user_and_group(const char* pkg_name, const char* permissions);
+
+int delete_user_and_group(const char* pkg_name);
+
+#ifdef __cplusplus
+}
+#endif // __cplusplus
+
+#endif // _PRIVILEGE_CONTROL_H_
--- /dev/null
+prefix=@PREFIX@
+exec_prefix=@EXEC_PREFIX@
+libdir=@LIBDIR@
+includedir=@INCLUDEDIR@
+
+Name: libprivilege-control
+Description: Library to control privilege of application
+Version: @VERSION@
+Requires: openssl
+Libs: -L${libdir} -lprivilege-control
+Cflags: -I${includedir}/
--- /dev/null
+Name: libprivilege-control
+Summary: Library to control privilege of application
+Version: 0.0.2
+Release: 1.1
+Group: System/Security
+License: Apache 2.0
+Source0: %{name}-%{version}.tar.gz
+BuildRequires: cmake
+BuildRequires: pkgconfig(openssl)
+BuildRequires: pkgconfig(security-server)
+
+%description
+development package of library to control privilege of in-house application
+
+%package devel
+Summary: Control privilege of application (devel)
+Group: Development/Libraries
+Requires: %{name} = %{version}-%{release}
+
+%description devel
+Library to control privilege of application (devel)
+
+%package conf
+Summary: Control privilege of application files
+Group: Development/Libraries
+Requires: %{name} = %{version}-%{release}
+
+%description conf
+Library to control privilege of application files
+
+
+%prep
+%setup -q
+
+%build
+cmake . -DCMAKE_INSTALL_PREFIX=%{_prefix}
+
+make %{?jobs:-j%jobs}
+
+%install
+rm -rf %{buildroot}
+%make_install
+
+
+%post
+if [ ! -e "/home/app" ]
+then
+ mkdir -p /home/app
+fi
+
+if [ ! -e "/home/developer" ]
+then
+ mkdir -p /home/developer
+fi
+
+chown 5000:5000 /home/app
+chmod 755 /home/app
+chown 5100:5100 /home/developer
+chmod 755 /home/developer
+
+if [ ! -e "/usr/share/privilege-control" ]
+then
+ mkdir -p /usr/share/privilege-control/
+fi
+
+%post conf
+if [ -e "/etc/passwd" ]
+then
+ rm -f /etc/passwd
+fi
+ln -sf /opt/etc/passwd /etc/passwd
+
+if [ -e "/etc/group" ]
+then
+ rm -f /etc/group
+fi
+ln -sf /opt/etc/group /etc/group
+
+
+
+# FIXME: should split to separate binaries package
+%files
+/usr/lib/*.so.*
+/usr/bin/debug-util
+/usr/bin/kill_app
+/usr/bin/slp-su
+/usr/share/privilege-control/*
+/lib/udev/rules.d/95-permissions-slp.rules
+
+%files conf
+/opt/etc/group
+/opt/etc/passwd
+
+%files devel
+/usr/include/*.h
+/usr/lib/*.so
+/usr/lib/pkgconfig/*.pc
--- /dev/null
+root::0:0:root:/root:/bin/sh
+bin:*:1:1:bin:/bin:
+daemon:*:2:2:daemon:/sbin:
+shutdown:*:6:0:shutdown:/sbin:/sbin/shutdown
+halt:*:7:0:halt:/sbin:/sbin/halt
+ftp:*:14:50:FTP User:/home/ftp:
+nobody:*:99:99:Nobody:/:
+sshd:x:112:65534::/var/run/sshd:/usr/sbin/nologin
+app:x:5000:5000:In-house application:/home/app:/bin/sh
+developer::5100:5100:developer with SDK:/home/developer:/bin/false
+testuser:x:5101:5101:test user:/home/testuser:/bin/sh
+pulse:x:6507:6507:PulseAudio daemon:/var/run/pulse:/bin/false
+system:x:1000:1000:SPLUSA:/home/system:/bin/sh
+bluetooth:x:1002:1002:SPLUSA:/home/bluetooth:/bin/false
+graphics:x:1003:1003:SPLUSA:/home/graphics:/bin/false
+input:x:1004:1004:SPLUSA:/home/input:/bin/false
+log:x:1007:1007:SPLUSA:/home/log:/bin/false
+compass:x:1008:1008:SPLUSA:/home/compass:/bin/false
+mount:x:1009:1009:SPLUSA:/home/mount:/bin/false
+wifi:x:1010:1010:SPLUSA:/home/wifi:/bin/false
+adb:x:1011:1011:SPLUSA:/home/adb:/bin/false
+install:x:1012:1012:SPLUSA:/home/install:/bin/false
+media:x:1013:1013:SPLUSA:/home/media:/bin/false
+dhcp:x:1014:1014:SPLUSA:/home/dhcp:/bin/false
+sdcard_rw:x:1015:1015:SPLUSA:/home/sdcard_rw:/bin/false
+vpn:x:1016:1016:SPLUSA:/home/vpn:/bin/false
+keystore:x:1017:1017:SPLUSA:/home/keystore:/bin/false
+shell:x:2000:2000:SPLUSA:/home/shell:/bin/false
+cache:x:2001:2001:SPLUSA:/home/cache:/bin/false
+diag:x:2002:2002:SPLUSA:/home/diag:/bin/false
+net_bt_admin:x:3001:3001:SPLUSA:/home/net_bt_admin:/bin/false
+net_bt:x:3002:3002:SPLUSA:/home/net_bt:/bin/false
+inet:x:3003:3003:SPLUSA:/home/inet:/bin/false
+net_raw:x:3004:3004:SPLUSA:/home/net_raw:/bin/false
+net_admin:x:3005:3005:SPLUSA:/home/net_admin:/bin/false
+misc:x:9998:9998:SPLUSA:/home/misc:/bin/false
--- /dev/null
+camera
+recording
+hwcodec
+soundpath
+asm
--- /dev/null
+db_calendar
--- /dev/null
+db_contact
--- /dev/null
+tel_msg_info
--- /dev/null
+tel_net_info
--- /dev/null
+radio
+audio
+soundpath
+asm
--- /dev/null
+tel_gprs_info
--- /dev/null
+dnet_setting
--- /dev/null
+audio
+hwcodec
+soundpath
+asm
--- /dev/null
+message_lbs
--- /dev/null
+message_sync
--- /dev/null
+message
+db_msg_service
--- /dev/null
+db_quickpanel
--- /dev/null
+tel_sim_info
--- /dev/null
+tel_call_info
--- /dev/null
+tel_ss_info
--- /dev/null
+system_time
--- /dev/null
+/*
+ * libprivilege control
+ *
+ * Copyright (c) 2000 - 2012 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Contact: Kidong Kim <kd0228.kim@samsung.com>
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <sys/wait.h>
+#include <unistd.h>
+#include <pwd.h>
+#include <errno.h>
+#include "privilege-control.h"
+#include <openssl/md2.h>
+
+#define FIRST_UID 20001
+#define USERNAME_SIZE 128
+#define HOMEDIR_SIZE 128
+#define FILENAME_SIZE 128
+#define PASSWD_LINE 256
+#define GROUP_LINE 256
+
+#define base64table "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"
+#define base64pad '='
+
+int md2_hashing(unsigned char* in, unsigned char* out)
+{
+ MD2_CTX mctx;
+
+ if(!MD2_Init(&mctx))
+ return PC_ERR_INVALID_PARAM;
+ if(!MD2_Update(&mctx, in, strlen((char*)in)))
+ return PC_ERR_INVALID_PARAM;
+ if(!MD2_Final(out, &mctx))
+ return PC_ERR_INVALID_PARAM;
+
+ return PC_OPERATION_SUCCESS;
+}
+
+int base64_encode(unsigned char* in, unsigned long int in_len, char** out, unsigned long int* out_len)
+{
+ unsigned char* current = in;
+ long int out_num = 0;
+ int str_len = 0;
+
+ if((in == NULL) || (in_len <= 0) || (out == NULL))
+ return -1; // error
+
+ *out_len = (((in_len + 2) / 3) * 4) + 1;
+ *out = (char*)malloc(*out_len);
+
+ if(*out == NULL)
+ return 0;
+
+ while(in_len > 2)
+ {
+ /* keep going until we have less than 24 bits */
+ ((char*)*out)[out_num++] = base64table[current[0] >> 2];
+ ((char*)*out)[out_num++] = base64table[((current[0] & 0x03) << 4) + (current[1] >> 4)];
+ ((char*)*out)[out_num++] = base64table[((current[1] & 0x0f) << 2) + (current[2] >> 6)];
+ ((char*)*out)[out_num++] = base64table[current[2] & 0x3f];
+
+ current += 3;
+ in_len -= 3;
+ str_len += 4;
+ }
+ /* now deal with the tail end of things */
+ if (in_len != 0)
+ {
+ ((char*)*out)[out_num++] = base64table[current[0] >> 2];
+ if (in_len > 1)
+ {
+ ((char*)*out)[out_num++] = base64table[((current[0] & 0x03) << 4) + (current[1] >> 4)];
+ ((char*)*out)[out_num++] = base64table[(current[1] & 0x0f) << 2];
+ ((char*)*out)[out_num++] = base64pad;
+ }
+ else
+ {
+ ((char*)*out)[out_num++] = base64table[(current[0] & 0x03) << 4];
+ ((char*)*out)[out_num++] = base64pad;
+ ((char*)*out)[out_num++] = base64pad;
+ }
+ str_len += 4;
+ }
+ ((char*)*out)[out_num++] = '\0';
+
+ return PC_OPERATION_SUCCESS;
+}
+
+int convert_user_name_from_pkgname(const char* pkg_name, char* user_name)
+{
+ char* hashing = NULL;
+ char* base64 = NULL;
+ unsigned long int len = 0;
+ int ret = PC_OPERATION_SUCCESS;
+
+ if(!pkg_name || !user_name)
+ {
+ ret = PC_ERR_INVALID_PARAM;
+ goto err;
+ }
+
+ hashing = (char*)malloc(sizeof(char) * MD2_DIGEST_LENGTH);
+ memset(hashing, 0x00, MD2_DIGEST_LENGTH);
+
+ if(md2_hashing((unsigned char*)pkg_name, (unsigned char*)hashing) != PC_OPERATION_SUCCESS)
+ {
+ fprintf(stderr, "[ERR] Fail to hashing\n");
+ ret = PC_ERR_INVALID_OPERATION;
+ goto err;
+ }
+
+ if(base64_encode((unsigned char*)hashing, MD2_DIGEST_LENGTH, &base64, &len) != PC_OPERATION_SUCCESS)
+ {
+ fprintf(stderr, "[ERR] Fail to encode\n");
+ ret = PC_ERR_INVALID_OPERATION;
+ goto err;
+ }
+
+ strncpy(user_name, base64, 16);
+ user_name[16] = '\0';
+
+err:
+ if(hashing != NULL)
+ free(hashing);
+ return ret;
+}
+
+API int add_user_and_group(const char* pkg_name, const char* permissions)
+{
+ FILE* fp_passwd = NULL;
+ FILE* fp_passwd2 = NULL;
+ FILE* fp_group = NULL;
+ FILE* fp_group2 = NULL;
+ FILE* fp_perm = NULL;
+ char user_name[USERNAME_SIZE];
+ char homedir[HOMEDIR_SIZE];
+ char linebuf[USERNAME_SIZE + HOMEDIR_SIZE + 128];
+ char linebuf2[USERNAME_SIZE + 20];
+ char buf_passwd[PASSWD_LINE];
+ char buf_group[GROUP_LINE];
+ char conf_filename[FILENAME_SIZE];
+ char perm_group[20];
+ char chown_cmd[32];
+ char str_orig[256];
+ char seps[] = ", \t\n\r";
+ int result = PC_OPERATION_SUCCESS;
+ int uid = -1, gid = -1, i = 0, cnt = 0, flag = 0;
+ char* expr = "3rd party user\0";
+ char* shell = "/bin/sh\0";
+ char* linebuf3 = NULL;
+ char* tempbuf = NULL;
+ char* token = NULL;
+ int inputed, pid, ret;
+
+ memset(user_name, 0x00, USERNAME_SIZE);
+ memset(homedir, 0x00, HOMEDIR_SIZE);
+ memset(linebuf, 0x00, (USERNAME_SIZE + HOMEDIR_SIZE + 128));
+ memset(linebuf2, 0x00, (USERNAME_SIZE + 20));
+ memset(buf_passwd, 0x00, PASSWD_LINE);
+ memset(buf_group, 0x00, GROUP_LINE);
+ memset(conf_filename, 0x00, FILENAME_SIZE);
+ memset(perm_group, 0x00, 20);
+ memset(str_orig, 0x00, 256);
+ memset(chown_cmd, 0x00, 32);
+
+ /* 0. this user MUST be 'root' */
+ if(getuid() != 0) { // not root
+ fprintf(stderr, "%s", "[ERR] Only root user can add new user\n");
+ result = PC_ERR_NOT_PERMITTED;
+ goto error;
+ }
+
+ /* 1. convert pkg_name to real user name */
+ result = convert_user_name_from_pkgname(pkg_name, user_name);
+ if(result != PC_OPERATION_SUCCESS) {
+ fprintf(stderr, "%s", "[ERR] Fail to convert pkg name\n");
+ result = PC_ERR_INVALID_OPERATION;
+ goto error;
+ }
+ /* 1.1. check there is a same user or not */
+ if(getpwnam(user_name)) {
+ fprintf(stderr, "%s", "[ERR] Fail to add new user - already exist\n");
+ result = PC_ERR_INVALID_OPERATION;
+ goto error;
+ }
+
+ /* 2. add user into /etc/passwd */
+ /* 2.1. get uid, gid */
+ uid = FIRST_UID;
+ while(getpwuid(uid) != NULL) // is there same uid?
+ uid++;
+ gid = uid;
+ /* 2.2. get home directory and make home directory */
+ snprintf(homedir, HOMEDIR_SIZE, "/opt/apps/%s", pkg_name);
+ if(mkdir(homedir, 0755) != 0) { // fail to make directory
+ if(errno == EEXIST) {
+ fprintf(stderr, "%s%s%s", "[LOG] ", homedir, " is already exist. Does NOT make new one.\n");
+ }
+ else {
+ fprintf(stderr, "%s", "[ERR] Fail to make home directory\n");
+ result = PC_ERR_FILE_OPERATION;
+ goto error;
+ }
+ }
+ memset(homedir, 0x00, HOMEDIR_SIZE);
+ snprintf(homedir, HOMEDIR_SIZE, "/opt/apps/%s/data", pkg_name);
+ if(mkdir(homedir, 0755) != 0) { // fail to make directory
+ if(errno == EEXIST) {
+ fprintf(stderr, "%s%s%s", "[LOG] ", homedir, " is already exist. Does NOT make new one.\n");
+ }
+ else {
+ fprintf(stderr, "%s", "[ERR] Fail to make home directory\n");
+ result = PC_ERR_FILE_OPERATION;
+ goto error;
+ }
+ }
+
+ pid = fork();
+ if(pid == 0) {
+ snprintf(chown_cmd, 32, "%d:%d", uid, gid);
+ ret = execl("/bin/chown", "/bin/chown", "-R", chown_cmd, homedir, NULL);
+ if(ret == -1) {
+ fprintf(stderr, "%s", "[ERR] fail to execute execl()\n");
+ perror("Fail to execute execl()");
+ exit(-1);
+ }
+ }
+ else if(pid > 0) {
+ wait((int*)0);
+ }
+ else {
+ fprintf(stderr, "%s", "[ERR] fail to execute fork()\n");
+ exit(-1);
+ }
+ /* 2.3. make one line of /etc/passwd */
+ snprintf(linebuf, (USERNAME_SIZE + HOMEDIR_SIZE + 128), "%s:x:%d:%d:%s:%s:%s", user_name, uid, gid, expr, homedir, shell);
+ uid = FIRST_UID;
+ /* 2.4. write to /etc/passwd */
+ if((fp_passwd = fopen("/opt/etc/passwd", "r")) == NULL) { // open original passwd file
+ fprintf(stderr, "%s", "[ERR] Fail to open /etc/passwd\n");
+ result = PC_ERR_FILE_OPERATION;
+ goto error;
+ }
+ if((fp_passwd2 = fopen("/opt/etc/passwd-modi", "w")) == NULL) { // open mofified file
+ fprintf(stderr, "%s", "[ERR] Fail to open /etc/passwd-modi\n");
+ result = PC_ERR_FILE_OPERATION;
+ goto error;
+ }
+
+ while(fgets(buf_passwd, PASSWD_LINE, fp_passwd))
+ fprintf(fp_passwd2, "%s", buf_passwd);
+ fprintf(fp_passwd2, "%s\n", linebuf);
+
+ fclose(fp_passwd);
+ fp_passwd = NULL;
+ fclose(fp_passwd2);
+ fp_passwd2 = NULL;
+
+ if(rename("/opt/etc/passwd", "/opt/etc/passwd-") != 0) { // if fail,
+ fprintf(stderr, "%s", "[ERR] Fail to change file name(/opt/etc/passwd)\n");
+ result = PC_ERR_FILE_OPERATION;
+ goto error;
+ }
+ if(rename("/opt/etc/passwd-modi", "/opt/etc/passwd") != 0) { // if fail,
+ fprintf(stderr, "%s", "[ERR] Fail to change file name(/opt/etc/passwd-modi)\n");
+ result = PC_ERR_FILE_OPERATION;
+ goto error;
+ }
+ /* 2.5. make one line of /etc/group */
+ snprintf(linebuf2, (USERNAME_SIZE + 20), "%s:x:%d:", user_name, gid);
+ /* 2.6. write to /etc/group */
+ if((fp_group = fopen("/opt/etc/group", "r")) == NULL) {
+ fprintf(stderr, "%s", "[ERR] Fail to open /etc/grup\n");
+ result = PC_ERR_FILE_OPERATION;
+ goto error;
+ }
+ if((fp_group2 = fopen("/opt/etc/group-modi", "w")) == NULL) {
+ fprintf(stderr, "%s", "[ERR] Fail to open /etc/group-modi\n");
+ result = PC_ERR_FILE_OPERATION;
+ goto error;
+ }
+
+ while(1) {
+ linebuf3 = (char*)malloc(sizeof(char) * 128);
+ if(linebuf3 == NULL) {
+ fprintf(stderr, "%s", "[ERR] Fail to allocate memory\n");
+ result = PC_ERR_MEM_OPERATION;
+ goto error;
+ }
+ memset(linebuf3, 0x00, 128);
+ cnt = 128;
+ i = 0;
+
+ while(1) { // get one line from /etc/group
+ inputed = fgetc(fp_group);
+ if(inputed == EOF) // end of /etc/group,
+ goto end_of_while;
+ else if((char)inputed == '\n') {
+ linebuf3[i] = '\0';
+ break;
+ }
+ else if((i == cnt) && ((char)inputed != '\n')) {
+ tempbuf = (char*)realloc(linebuf3, sizeof(char) * (i + 128));
+ if(tempbuf == NULL) {
+ fprintf(stderr, "%s", "[ERR] Fail to allocate memory\n");
+ result = PC_ERR_MEM_OPERATION;
+ goto error;
+ }
+ linebuf3 = tempbuf;
+ linebuf3[i] = (char)inputed;
+ cnt = i + 128;
+ }
+ else
+ linebuf3[i] = (char)inputed;
+
+ i++;
+ }
+
+ /* 3. get real group name from permissions */
+ strncpy(str_orig, permissions, strlen(permissions));
+ token = strtok(str_orig, seps);
+ while(token != NULL) {
+ /* 3.1. make dat file name */
+ snprintf(conf_filename, FILENAME_SIZE, "/usr/share/privilege-control/%s.dat", token);
+ if((fp_perm = fopen(conf_filename, "r")) == NULL) {
+ fprintf(stderr, "%s%s%s", "[ERR] Fail to open ", conf_filename, "\n");
+ result = PC_ERR_FILE_OPERATION;
+ goto error;
+ }
+ while(fgets(perm_group, 20, fp_perm)) {
+ perm_group[strlen(perm_group) - 1] = ':';
+ perm_group[strlen(perm_group)] = '\0';
+ if(strncmp(linebuf3, perm_group, strlen(perm_group)) == 0) { // found!!
+ if(!strncmp(linebuf3, user_name, strlen(user_name))) { // already have same user
+ flag = 1;
+ fprintf(fp_group2, "%s\n", linebuf3);
+ break;
+ }
+ if(linebuf3[strlen(linebuf3) - 1] == ':')
+ strncat(linebuf3, user_name, strlen(user_name));
+ else {
+ strncat(linebuf3, ",", 1);
+ strncat(linebuf3, user_name, strlen(user_name));
+ }
+ flag = 1;
+
+ fprintf(fp_group2, "%s\n", linebuf3);
+ break;
+ }
+ }
+ if(fp_perm != NULL) {
+ fclose(fp_perm);
+ fp_perm = NULL;
+ }
+ memset(conf_filename, 0x00, FILENAME_SIZE);
+ memset(perm_group, 0x00, 20);
+
+ if(flag == 1)
+ break;
+
+ token = strtok(NULL, seps);
+ }
+
+ if(flag != 1)
+ fprintf(fp_group2, "%s\n", linebuf3);
+
+ flag = 0;
+ if(linebuf3 != NULL) {
+ free(linebuf3);
+ linebuf3 = NULL;
+ }
+ }
+end_of_while:
+ fprintf(fp_group2, "%s\n", linebuf2);
+
+ fclose(fp_group);
+ fp_group = NULL;
+ fclose(fp_group2);
+ fp_group2 = NULL;
+
+ if(rename("/opt/etc/group", "/opt/etc/group-") != 0) { // if fail,
+ fprintf(stderr, "%s", "[ERR] Fail to change file name(/opt/etc/group)\n");
+ result = PC_ERR_FILE_OPERATION;
+ goto error;
+ }
+ if(rename("/opt/etc/group-modi", "/opt/etc/group") != 0) { // if fail,
+ fprintf(stderr, "%s", "[ERR] Fail to change file name(/opt/etc/group-modi)\n");
+ result = PC_ERR_FILE_OPERATION;
+ goto error;
+ }
+
+error:
+ if(fp_passwd != NULL)
+ fclose(fp_passwd);
+ if(fp_passwd2 != NULL)
+ fclose(fp_passwd2);
+ if(fp_group != NULL)
+ fclose(fp_group);
+ if(fp_group2 != NULL)
+ fclose(fp_group2);
+ if(fp_perm != NULL)
+ fclose(fp_perm);
+
+ if(linebuf3 != NULL)
+ free(linebuf3);
+
+ return result;
+}
+
+API int delete_user_and_group(const char* pkg_name)
+{
+ FILE* fp_passwd = NULL;
+ FILE* fp_passwd2 = NULL;
+ FILE* fp_group = NULL;
+ FILE* fp_group2 = NULL;
+ char user_name[USERNAME_SIZE];
+ char user_name2[USERNAME_SIZE];
+ char linebuf[512];
+ char* linebuf2 = NULL;
+ char* linebuf3 = NULL;
+ char* tempbuf = NULL;
+ char* start = NULL;
+ char* end = NULL;
+ int i = 0, cnt = 0, flag = 0;
+ int result = PC_OPERATION_SUCCESS;
+ int inputed;
+ char* temp = NULL;
+
+ memset(user_name, 0x00, USERNAME_SIZE);
+ memset(user_name2, 0x00, USERNAME_SIZE);
+ memset(linebuf, 0x00, 512);
+
+ /* 0. user MUST be 'root' */
+ if(getuid() != 0) { // not root
+ fprintf(stderr, "%s", "[ERR] Only root user can add new user\n");
+ result = PC_ERR_NOT_PERMITTED;
+ goto error;
+ }
+
+ /* 1. convert pkg_name to real user name */
+ result = convert_user_name_from_pkgname(pkg_name, user_name);
+ if(result != PC_OPERATION_SUCCESS) {
+ fprintf(stderr, "%s", "[ERR] Fail to convert pkg name\n");
+ result = PC_ERR_INVALID_OPERATION;
+ goto error;
+ }
+ /* 1.1. check there is a same user or not */
+ if(!getpwnam(user_name)) {
+ fprintf(stderr, "%s", "[ERR] Fail to delete user - not exist\n");
+ result = PC_ERR_INVALID_OPERATION;
+ goto error;
+ }
+
+ /* 2. delete user from /etc/passwd */
+ /* 2.1. open */
+ if((fp_passwd = fopen("/opt/etc/passwd", "r")) == NULL) { // open original passwd file
+ fprintf(stderr, "%s", "[ERR] Fail to open /etc/passwd\n");
+ result = PC_ERR_FILE_OPERATION;
+ goto error;
+ }
+ if((fp_passwd2 = fopen("/opt/etc/passwd-modi", "w")) == NULL) { // open mofified file
+ fprintf(stderr, "%s", "[ERR] Fail to open /etc/passwd-modi\n");
+ result = PC_ERR_FILE_OPERATION;
+ goto error;
+ }
+
+ /* 2.2. write */
+ strncpy(user_name2, user_name, (strlen(user_name) + 1));
+ user_name2[strlen(user_name)] = ':';
+
+ while(fgets(linebuf, 512, fp_passwd)) {
+ if(!strncmp(linebuf, user_name2, strlen(user_name2))) // found
+ continue;
+ fprintf(fp_passwd2, "%s", linebuf);
+ }
+
+ /* 2.3. rename file */
+ if(rename("/opt/etc/passwd", "/opt/etc/passwd-") != 0) { // if fail,
+ fprintf(stderr, "%s", "[ERR] Fail to change file name(/opt/etc/passwd)\n");
+ result = PC_ERR_FILE_OPERATION;
+ goto error;
+ }
+ if(rename("/opt/etc/passwd-modi", "/opt/etc/passwd") != 0) { // if fail,
+ fprintf(stderr, "%s", "[ERR] Fail to change file name(/opt/etc/passwd-modi)\n");
+ result = PC_ERR_FILE_OPERATION;
+ goto error;
+ }
+
+ /* 3. delete group from /etc/group */
+ /* 3.1. open */
+ if((fp_group = fopen("/opt/etc/group", "r")) == NULL) {
+ fprintf(stderr, "%s", "[ERR] Fail to open /etc/grup\n");
+ result = PC_ERR_FILE_OPERATION;
+ goto error;
+ }
+ if((fp_group2 = fopen("/opt/etc/group-modi", "w")) == NULL) {
+ fprintf(stderr, "%s", "[ERR] Fail to open /etc/group-modi\n");
+ result = PC_ERR_FILE_OPERATION;
+ goto error;
+ }
+
+ /* 3.2. search and delete */
+ while(1) {
+ linebuf2 = (char*)malloc(sizeof(char) * 128);
+ if(linebuf2 == NULL) {
+ fprintf(stderr, "%s", "[ERR] Fail to allocate memory\n");
+ result = PC_ERR_MEM_OPERATION;
+ goto error;
+ }
+ memset(linebuf2, 0x00, 128);
+ cnt = 128;
+ i = 0;
+
+ while(1) {
+ inputed = fgetc(fp_group);
+ if(inputed == EOF)
+ goto end_of_while;
+ else if((char)inputed == '\n') {
+ linebuf2[i] = '\0';
+ break;
+ }
+ else if((i == cnt) && ((char)inputed != '\n')) {
+ tempbuf = (char*)realloc(linebuf2, sizeof(char) * (i + 128));
+ if(tempbuf == NULL) {
+ fprintf(stderr, "%s", "[ERR] Fail to allocate memory\n");
+ result = PC_ERR_MEM_OPERATION;
+ goto error;
+ }
+ linebuf2 = tempbuf;
+ linebuf2[i] = (char)inputed;
+ cnt = i + 128;
+ }
+ else
+ linebuf2[i] = (char)inputed;
+
+ i++;
+ }
+
+ if(strncmp(linebuf2, user_name2, strlen(user_name2)) == 0) // group of user
+ continue;
+
+ if((start = strstr(strchr(linebuf2, ':'), user_name)) != NULL) { // found!!
+ linebuf3 = (char*)malloc(sizeof(char) * strlen(linebuf2));
+ memset(linebuf3, 0x00, strlen(linebuf2));
+
+repeat:
+ end = start + strlen(user_name);
+ // end MUST be ',' or '\0'
+ if(end[0] == ',')
+ end = end + 1;
+ else if(end[0] == '\0') {
+ temp = start - 1;
+ if(temp[0] == ',')
+ start = start - 1;
+ }
+ else {
+ start = strstr(end, user_name);
+ if(start[0] != '\0')
+ goto repeat;
+ }
+
+ strncpy(linebuf3, linebuf2, ((int)start - (int)linebuf2));
+ linebuf3 = strcat(linebuf3, end);
+ fprintf(fp_group2, "%s\n", linebuf3);
+ flag = 1;
+ }
+
+ if(flag != 1)
+ fprintf(fp_group2, "%s\n", linebuf2);
+ flag = 0;
+
+ if(linebuf2 != NULL) {
+ free(linebuf2);
+ linebuf2 = NULL;
+ }
+ if(linebuf3 != NULL) {
+ free(linebuf3);
+ linebuf3 = NULL;
+ }
+ }
+end_of_while:
+ fclose(fp_group);
+ fp_group = NULL;
+ fclose(fp_group2);
+ fp_group2 = NULL;
+
+ if(rename("/opt/etc/group", "/opt/etc/group-") != 0) { // if fail,
+ fprintf(stderr, "%s", "[ERR] Fail to change file name(/opt/etc/group)\n");
+ result = PC_ERR_FILE_OPERATION;
+ goto error;
+ }
+ if(rename("/opt/etc/group-modi", "/opt/etc/group") != 0) { // if fail,
+ fprintf(stderr, "%s", "[ERR] Fail to change file name(/opt/etc/group-modi)\n");
+ result = PC_ERR_FILE_OPERATION;
+ goto error;
+ }
+
+error:
+ if(fp_passwd != NULL)
+ fclose(fp_passwd);
+ if(fp_passwd2 != NULL)
+ fclose(fp_passwd2);
+ if(fp_group != NULL)
+ fclose(fp_group);
+ if(fp_group2 != NULL)
+ fclose(fp_group2);
+
+ if(linebuf2 != NULL)
+ free(linebuf2);
+ if(linebuf3 != NULL)
+ free(linebuf3);
+
+ return result;
+}
--- /dev/null
+/*
+ * libprivilege control
+ *
+ * Copyright (c) 2000 - 2012 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Contact: Kidong Kim <kd0228.kim@samsung.com>
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+#include <stdio.h>
+#include <errno.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+#include <sys/types.h>
+#include <sys/wait.h>
+
+#include "security-server.h"
+#include "privilege-control.h"
+
+#define DEVELOPER_UID 5100
+
+int main(int argc, char *argv[])
+{
+ int uid = 0, ret = -1;
+
+ uid = getuid();
+
+ if(uid == DEVELOPER_UID) {
+ fprintf(stderr, "%s", "[LOG] Sending request to security server...\n");
+ ret = security_server_launch_debug_tool(argc - 1, (const char **)argv + 1);
+ if(ret != SECURITY_SERVER_API_SUCCESS) {
+ fprintf(stderr, "[ERR] Failed to launch tool, [%d]\n", ret);
+ return 0;
+ }
+ return 1;
+ }
+ else if(uid == 0) {
+ fprintf(stderr, "%s", "[LOG] Executed as root privilege\n");
+
+ /*
+ * argv[0] : /usr/bin/debug-util
+ *
+ * argv[1] : package name
+ * argv[2] : command of developer(SDK)
+ * argv[3] ~ : parameter(s) of argv[2]
+ */
+ if(!strncmp(argv[1], "/usr/bin/launch_app", 19) || !strncmp(argv[1], "/usr/bin/kill_app", 17)) {
+ ret = execve(argv[1], (char * const*)argv + 1, NULL);
+ if(ret == -1) {
+ perror("[ERR] 1. Fail to execute execve()");
+ }
+ }
+ else if(set_privilege(argv[1]) == 0) { // success
+ if(!strncmp(argv[2], "/bin/gdbserver", 14) || !strncmp(argv[2], "/usr/bin/opcontrol", 18) || !strncmp(argv[2], "/usr/bin/valgrind", 17 )) {
+ ret = execve(argv[2], (char * const*)argv + 2, NULL);
+ if(ret == -1) { // error
+ perror("[ERR] 2. Fail to execute execve()");
+ }
+ }
+ }
+ else
+ fprintf(stderr, "[ERR] Fail to execute set_privilege()\n");
+ }
+ else {
+ fprintf(stderr, "[ERR] Wrong uid: %d\n", uid);
+ fprintf(stderr, "[ERR] You must run %s under root user or developer(%d) user\n", argv[0], DEVELOPER_UID);
+ return 0;
+ }
+
+ return 1;
+}
--- /dev/null
+/*
+ * libprivilege control
+ *
+ * Copyright (c) 2000 - 2012 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Contact: Kidong Kim <kd0228.kim@samsung.com>
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <sys/types.h>
+#include <signal.h>
+//#include <errno.h>
+
+#define FILE_NAME "/tmp/.testpkg"
+
+int main()
+{
+ int uid = -1;
+ int pid = -1;
+ FILE* fp_in = NULL;
+
+ /* if not root, fail */
+ uid = getuid();
+ if(uid != 0) { // not root
+ fprintf(stderr, "[ERR][kill_app] You MUST be root.\n");
+ goto err;
+ }
+
+ /* open file - /tmp/.testpkg */
+ if(!(fp_in = fopen(FILE_NAME, "r"))) {
+ fprintf(stderr, "[ERR][kill_app] Fail to open file, [%s]\n", FILE_NAME);
+ perror("err: ");
+ goto err;
+ }
+
+ /* get pid */
+ fscanf(fp_in, "%d", &pid);
+ if(pid <= 0) {
+ fprintf(stderr, "[ERR][kill_app] Invalid pid.\n");
+ goto err;
+ }
+
+ /* kill that process */
+ if(kill(pid, SIGKILL) < 0) {
+ fprintf(stderr, "[ERR][kill_app] Fail to kill application which has the pid [%d]\n", pid);
+ perror("err: ");
+ goto err;
+ }
+
+ /* delete the file */
+ if(unlink(FILE_NAME) < 0) {
+ fprintf(stderr, "[ERR][kill_app] Fail to delete file, [%s]\n", FILE_NAME);
+ perror("err: ");
+ goto err;
+ }
+
+err:
+ if(fp_in != NULL)
+ fclose(fp_in);
+
+ return 0;
+}
--- /dev/null
+/*
+ * libprivilege control
+ *
+ * Copyright (c) 2000 - 2012 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Contact: Kidong Kim <kd0228.kim@samsung.com>
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <sys/types.h>
+#include <unistd.h>
+#include <pwd.h>
+#include <grp.h>
+#include <errno.h>
+
+#include <math.h>
+#include <sys/time.h>
+
+#include "privilege-control.h"
+
+#define APP_GID 5000
+#define APP_UID 5000
+#define ADMIN_GROUP 6504
+#define DEVELOPER_GID 5100
+#define DEVELOPER_UID 5100
+
+#define APP_USER_NAME "app"
+#define DEV_USER_NAME "developer"
+
+#define APP_HOME_DIR "/opt/home/app"
+#define DEV_HOME_DIR "/opt/home/developer"
+
+#define APP_GROUP_PATH "/usr/share/privilege-control/app_group_list"
+#define DEV_GROUP_PATH "/usr/share/privilege-control/dev_group_list"
+
+#ifdef USE_PRIVILEGE_CONTROL
+
+typedef struct {
+ char user_name[10];
+ int uid;
+ int gid;
+ char home_dir[64];
+ char group_list[64];
+} new_user;
+
+API int control_privilege(void)
+{
+ if(getuid() == APP_UID) // current user is 'app'
+ return PC_OPERATION_SUCCESS;
+
+ if(set_privilege("org.tizen.") == PC_OPERATION_SUCCESS)
+ return PC_OPERATION_SUCCESS;
+ else
+ return PC_ERR_NOT_PERMITTED;
+}
+
+API int set_privilege(const char* pkg_name)
+{
+ FILE* fp_group = NULL; // /etc/group
+ uid_t t_uid = -1; // uid of current process
+ gid_t *glist = NULL; // group list
+ gid_t temp_gid = -1; // for group list
+ char buf[10] = {0, }; // contents in group_list file
+ int glist_cnt = 0; // for group list
+ int result;
+ new_user usr;
+
+ /*
+ * initialize user structure
+ */
+ memset(usr.user_name, 0x00, 10);
+ memset(usr.home_dir, 0x00, 64);
+ memset(usr.group_list, 0x00, 64);
+ usr.uid = -1;
+ usr.gid = -1;
+
+ t_uid = getuid();
+
+ if(t_uid == 0) // current user is 'root'
+ {
+ if(!strncmp(pkg_name, "developer", 9))
+ {
+ strncpy(usr.user_name, DEV_USER_NAME, strlen(DEV_USER_NAME));
+ usr.uid = DEVELOPER_UID;
+ usr.gid = DEVELOPER_GID;
+ strncpy(usr.home_dir, DEV_HOME_DIR, strlen(DEV_HOME_DIR));
+ strncpy(usr.group_list, DEV_GROUP_PATH, strlen(DEV_GROUP_PATH));
+ }
+ else
+ {
+ strncpy(usr.user_name, APP_USER_NAME, strlen(APP_USER_NAME));
+ usr.uid = APP_UID;
+ usr.gid = APP_GID;
+ strncpy(usr.home_dir, APP_HOME_DIR, strlen(APP_HOME_DIR));
+ strncpy(usr.group_list, APP_GROUP_PATH, strlen(APP_GROUP_PATH));
+ }
+
+ /*
+ * get group information
+ */
+ if(!(fp_group = fopen(usr.group_list, "r")))
+ {
+ fprintf(stderr, "[ERR] file open error: [%s]\n", usr.group_list);
+ result = PC_ERR_FILE_OPERATION; // return -1
+ goto error;
+ }
+
+ while(fgets(buf, 10, fp_group) != NULL)
+ {
+ if(buf == NULL)
+ {
+ fprintf(stderr, "[ERR] Fail to get gid\n");
+ result = PC_ERR_INVALID_OPERATION;
+ goto error;
+ }
+
+ errno = 0;
+ temp_gid = strtoul(buf, 0, 10);
+ if(errno != 0) // error occured during strtoul()
+ {
+ fprintf(stderr, "[ERR] cannot change string to integer: [%s]\n", buf);
+ result = PC_ERR_INVALID_OPERATION;
+ goto error;
+ }
+
+ glist = (gid_t*)realloc(glist, sizeof(gid_t) * (glist_cnt + 1));
+ if(!glist)
+ {
+ result = PC_ERR_MEM_OPERATION; // return -2
+ goto error;
+ }
+ glist[glist_cnt] = temp_gid;
+ glist_cnt++;
+ }
+ fclose(fp_group);
+ fp_group = NULL;
+
+ /*
+ * in case of dialer, add admin to glist
+ */
+ if(!strncmp(pkg_name, "org.tizen.phone", 15))
+ {
+ glist = (gid_t*)realloc(glist, sizeof(gid_t) * (glist_cnt + 1));
+ glist[glist_cnt] = ADMIN_GROUP; // 6504
+ glist_cnt++;
+ }
+
+ /*
+ * setgroups()
+ */
+ if(setgroups(glist_cnt, glist) != 0)
+ {
+ fprintf(stderr, "[ERR] setgrouops fail\n");
+ result = PC_ERR_NOT_PERMITTED; // return -3
+ goto error;
+ }
+ if(glist != NULL)
+ {
+ free(glist);
+ glist = NULL;
+ }
+
+ /*
+ * setgid() & setgid()
+ */
+ if(setgid(usr.gid) != 0) // fail
+ {
+ fprintf(stderr, "[ERR] fail to execute setgid().\n");
+ result = PC_ERR_INVALID_OPERATION;
+ goto error;
+ }
+ if(setuid(usr.uid) != 0) // fail
+ {
+ fprintf(stderr, "[ERR] fail to execute setuid().\n");
+ result = PC_ERR_INVALID_OPERATION;
+ goto error;
+ }
+
+ if(setenv("USER", usr.user_name, 1) != 0) //fail
+ {
+ fprintf(stderr, "[ERR] fail to execute setenv().\n");
+ result = PC_ERR_INVALID_OPERATION;
+ goto error;
+ }
+ if(setenv("HOME", usr.home_dir, 1) != 0) // fail
+ {
+ fprintf(stderr, "[ERR] fail to execute setenv().\n");
+ result = PC_ERR_INVALID_OPERATION;
+ goto error;
+ }
+ }
+ else // current user is not only 'root' but 'app'
+ {
+ fprintf(stderr, "[ERR] current user is NOT root\n");
+ result = PC_ERR_NOT_PERMITTED; // return -3
+ goto error;
+ }
+
+ result = PC_OPERATION_SUCCESS;
+
+error:
+ if(glist != NULL)
+ free(glist);
+
+ return result;
+}
+
+#else // USE_PRIVILEGE_CONTROL
+
+API int control_privilege(void)
+{
+ return 0;
+}
+
+API int set_privilege(const char* pkg_name)
+{
+ return 0;
+}
+
+#endif // USE_PRIVILEGE_CONTROL
--- /dev/null
+/*
+ * libprivilege control
+ *
+ * Copyright (c) 2000 - 2012 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Contact: Kidong Kim <kd0228.kim@samsung.com>
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <sys/types.h>
+#include <sys/wait.h>
+#include <unistd.h>
+
+#include "privilege-control.h"
+
+void print_usage(void)
+{
+ printf("%s", "Usage: slp-su [PKG_NAME]\n\n");
+ printf("%s", "Execute new shell which be belonged to user related with PKG_NAME\n\n");
+}
+
+int main(int argc, char* argv[])
+{
+ pid_t pid = -1;
+ char* buf = NULL;
+
+ if(argc != 2)
+ {
+ fprintf(stderr, "%s", "[ERR] Check your argument.\n\n");
+ print_usage();
+ return 0;
+ }
+
+ pid = fork();
+ switch(pid)
+ {
+ case 0: // child
+ {
+ if(set_privilege(argv[1]) == 0) // success
+ {
+ fprintf(stderr, "%s", "[LOG] Success to execute set_privilege()\n");
+ }
+ else
+ {
+ fprintf(stderr, "%s", "[ERR] Fail to execute set_privilege()\n");
+ exit(1);
+ }
+
+ buf = getenv("HOME");
+ if(buf == NULL) // fail
+ {
+ fprintf(stderr, "%s", "[ERR] Fail to execute getenv()\n");
+ exit(0);
+ }
+ else
+ {
+ fprintf(stderr, "%s: [%s]%s", "[LOG] HOME", buf, "\n");
+ }
+
+ if(chdir(buf) == 0) // success
+ {
+ fprintf(stderr, "%s", "[LOG] Success to change working directory\n");
+ }
+ else
+ {
+ fprintf(stderr, "%s", "[ERR] Fail to execute chdir()\n");
+ exit(0);
+ }
+
+ execl("/bin/sh", "/bin/sh", NULL);
+ break;
+ }
+ case -1: // error
+ {
+ fprintf(stderr, "%s", "[ERR] Fail to execute fork()\n");
+ exit(1);
+ break;
+ }
+ default: // parent
+ {
+ wait((int*)0);
+ fprintf(stderr, "%s", "[LOG] Parent end\n");
+ exit(0);
+ }
+ }
+
+ return 1;
+}
--- /dev/null
+ACTION=="remove", GOTO="permissions_slp_end"
+
+KERNEL=="s3c-jpeg", MODE="0660", GROUP="camera"
+KERNEL=="s5p-jpeg", MODE="0660", GROUP="camera"
+KERNEL=="radio[0-9]", MODE="0660", GROUP="radio"
+KERNEL=="s5p-mfc", MODE="0660", GROUP="hwcodec"
+KERNEL=="s3c-mfc", MODE="0660", GROUP="hwcodec"
+KERNEL=="srp", MODE="0660", GROUP="hwcodec"
+KERNEL=="log_main", MODE="0660", GROUP="app_logging"
+KERNEL=="log_events", MODE="0660", GROUP="app_logging"
+KERNEL=="log_radio", MODE="0660", GROUP="app_logging"
+KERNEL=="log_system", MODE="0660", GROUP="sys_logging"
+KERNEL=="controlC0D[0-9]c", MODE="0660", GROUP="recording"
+KERNEL=="pcmC0D[0-9]c", MODE="0660", GROUP="recording"
+KERNEL=="controlC0", MODE="0660", GROUP="audio"
+KERNEL=="pcmC0D[0-9]p", MODE="0660", GROUP="audio"
+KERNEL=="fb[0-9]", MODE="0660", GROUP="video"
+KERNEL=="video[0-9]", MODE="0660", GROUP="video"
+KERNEL=="s3c-mem", MODE="0660", GROUP="video"
+KERNEL=="umts_csd", MODE="0660", GROUP="video_tel"
+
+KERNEL=="pvrsrvkm", MODE="0666"
+KERNEL=="ump", MODE="0666"
+KERNEL=="mali", MODE="0666"
+KERNEL=="slp_global_lock", MODE="0666"
+
+# Marvell
+KERNEL=="uio[0-9]", MODE="0666"
+
+# Brightness control
+SUBSYSTEM=="leds", ATTR{brightness}=="?*", RUN+="/bin/chmod 0664 %S/%p/brightness", RUN+="/bin/chown :system_torch %S/%p/brightness"
+SUBSYSTEM=="backlight", ATTR{brightness}=="?*", RUN+="/bin/chmod 0664 %S/%p/brightness", RUN+="/bin/chown :system_bklight %S/%p/brightness"
+
+# Video4Linux
+SUBSYSTEM!="video4linux", GOTO="v4l_slp_end"
+IMPORT{program}="v4l_id %N"
+#KERNEL=="video*", SYMLINK+="camera", GROUP="camera", MODE="0660"
+
+# FIXME: video drivers on Proxima have invalid V4L capabilities, workaround by limiting to fimc1
+KERNEL=="video*", ATTR{name}=="s3c-fimc1", ENV{ID_V4L_CAPABILITIES}=="*:capture:*", SYMLINK+="camera", GROUP="camera", MODE="0660"
+
+LABEL="v4l_slp_end"
+
+LABEL="permissions_slp_end"
projects / framework / security / libprivilege-control.git / commitdiff