Modify the default download path for security

It is possible to modify the information for the
downaloded files via bluetooth by any apps.
To prevent this security issue this patchset sets
the default path as the secure area, and moves
media files to media download folder.

Change-Id: I2d64c7188171446dedba4b8395f6fcde28f4530e
Signed-off-by: DoHyun Pyun <dh79.pyun@samsung.com>

diff --git a/bt-share/include/bt-share-common.h b/bt-share/include/bt-share-common.h
index 90e38d1916b679e45f768f3e582d9972a87366e1..e3f2aaeb5f66b335472468335e1b8489e86fcd5c 100644 (file)
--- a/bt-share/include/bt-share-common.h
+++ b/bt-share/include/bt-share-common.h
@@ -25,6 +25,7 @@ extern "C" {
 #endif
 
 #include <glib.h>
+#include <tzplatform_config.h>
 
 /* Define Error type */
 #define BT_SHARE_FAIL -1
@@ -59,6 +60,8 @@ extern "C" {
 #define HTML_FORMAT "<html><head><meta http-equiv=\"Content-Type\" content=\"text/html;charset=UTF-8\"/></head><body><a href=\"%s\">%s</a></body></html>"
 #define BT_CONTACT_SHARE_TMP_DIR "/opt/usr/home/owner/media/Downloads/"
 
+#define BT_SHARE_DATA_DIR tzplatform_mkpath(TZ_SYS_GLOBALUSER_DATA, "bluetooth-share")
+
 typedef enum {
        BT_HTTP_FILE,
        BT_TXT_FILE,

diff --git a/bt-share/src/bt-share-main.c b/bt-share/src/bt-share-main.c
index 00851da51d2e3724cc5be76885900ca16f5bd56c..65bb3354bbd744c407266aa4d16358d84e056e0d 100644 (file)
--- a/bt-share/src/bt-share-main.c
+++ b/bt-share/src/bt-share-main.c
@@ -367,14 +367,11 @@ static gboolean __bt_dbus_request_name(void)
 
 int _bt_init_obex_server(void)
 {
-       char storage[STORAGE_PATH_LEN_MAX] = {0, };
-
-       _bt_get_default_storage(storage);
-       retvm_if(bluetooth_obex_server_init(storage) != BLUETOOTH_ERROR_NONE,
+       retvm_if(bluetooth_obex_server_init(BT_SHARE_DATA_DIR) != BLUETOOTH_ERROR_NONE,
                        BT_SHARE_FAIL, "Fail to init obex server");
 
        /* LCOV_EXCL_START */
-       bluetooth_obex_server_set_root(BT_FTP_FOLDER);
+       bluetooth_obex_server_set_root(BT_SHARE_DATA_DIR);
 
        return BT_SHARE_ERROR_NONE;
        /* LCOV_EXCL_STOP */

diff --git a/bt-share/src/obex-event-handler.c b/bt-share/src/obex-event-handler.c
index e47952bdb4106549b7dc3ae34d27e76360497f75..5669fcc3931541db516b9b91472db71d86965740 100644 (file)
--- a/bt-share/src/obex-event-handler.c
+++ b/bt-share/src/obex-event-handler.c
@@ -322,6 +322,29 @@ static gboolean __bt_scan_media_file(char *file_path)
 
        return TRUE;
 }
+
+static void __bt_move_media_file(char *file_path)
+{
+       char storage[STORAGE_PATH_LEN_MAX] = {0, };
+       char media_file_path[BT_FILE_PATH_LEN_MAX] = {0, };
+
+       retm_if(!file_path, "invalid param!");
+
+       INFO("File path: %s", file_path);
+
+       _bt_get_default_storage(storage);
+
+       retm_if(!BT_SHARE_DATA_DIR, "DATA dir is NULL");
+
+       snprintf(media_file_path, BT_FILE_PATH_LEN_MAX, "%s/%s",
+               storage, file_path + strlen(BT_SHARE_DATA_DIR));
+
+       INFO("Media file path: %s", media_file_path);
+
+       ecore_file_mv(file_path, media_file_path);
+
+       __bt_scan_media_file(media_file_path);
+}
 /* LCOV_EXCL_STOP */
 
 /* LCOV_EXCL_START */
@@ -1271,6 +1294,12 @@ done:
                                        file_type != BT_FILE_VCARD) {
                                if (file_type != BT_FILE_VCAL)
                                        __bt_scan_media_file(name);
+
+                               if (file_type != BT_FILE_VCARD)
+                                       __bt_move_media_file(name);
+                               else
+                                       ecore_file_remove(name);
+
                                g_free(name);
                                break;
                        }
@@ -1638,13 +1667,14 @@ static gboolean __bt_save_v_object(char *file_path,
 /* LCOV_EXCL_START */
 static void *__bt_obex_writeclose(bt_file_info_t *info)
 {
-       if (__bt_save_v_object(info->file_path, info->file_type) == FALSE) {
-               ERR("Unable to save vObject");
-               __bt_scan_media_file(info->file_path);
-       }
+       if (info->file_type == BT_FILE_VCAL || info->file_type == BT_FILE_VCARD) {
+               if (__bt_save_v_object(info->file_path, info->file_type) == FALSE)
+                       ERR("Unable to save vObject");
 
-       if (info->file_type == BT_FILE_VCAL || info->file_type == BT_FILE_VCARD)
                ecore_file_remove(info->file_path);
+       } else {
+               __bt_move_media_file(info->file_path);
+       }
 
        __free_file_info(info);
 

diff --git a/packaging/bluetooth-share.spec b/packaging/bluetooth-share.spec
index 5caf1b779f1968323cb77b02d56a6d2965ff9119..d460f3847a054852f94926784f4d61847c145b26 100644 (file)
--- a/packaging/bluetooth-share.spec
+++ b/packaging/bluetooth-share.spec
@@ -138,6 +138,7 @@ mkdir -p %{_libdir}/systemd/system/multi-user.target.wants/
 %files
 %manifest %{name}.manifest
 %license LICENSE
+%attr(755, network_fw, network_fw)%{TZ_COMM_DATA}/%{name}
 %defattr(-,root,root,-)
 %{_bindir}/bluetooth-share
 #%{_datadir}/dbus-1/system-services/org.bluetooth.share.service