Add cynara for check requested path [temporary code]

Change-Id: I3de0420ee385a70a671c0d90049d072b944f18d4
Signed-off-by: Minje Ahn <minje.ahn@samsung.com>

diff --git a/CMakeLists.txt b/CMakeLists.txt
index 3f2bf0d..845a360 100755 (executable)
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -9,7 +9,7 @@ SET(PREFIX ${CMAKE_INSTALL_PREFIX})
 SET(INC_DIR include)
 INCLUDE_DIRECTORIES(${INC_DIR})
 
-SET(dependents "dlog libmedia-service media-thumbnail libmedia-utils capi-base-common vconf")
+SET(dependents "dlog libmedia-service media-thumbnail libmedia-utils capi-base-common vconf cynara-client cynara-creds-socket cynara-session")
 SET(pc_dependents "dlog capi-base-common")
 
 INCLUDE(FindPkgConfig)

diff --git a/packaging/capi-content-media-content.spec b/packaging/capi-content-media-content.spec
index 9d408ee..cc65da3 100755 (executable)
--- a/packaging/capi-content-media-content.spec
+++ b/packaging/capi-content-media-content.spec
@@ -14,6 +14,8 @@ BuildRequires:  pkgconfig(media-thumbnail)
 BuildRequires:  pkgconfig(libmedia-utils)
 BuildRequires:  pkgconfig(vconf)
 BuildRequires:  pkgconfig(libtzplatform-config)
+BuildRequires:  pkgconfig(cynara-client)
+BuildRequires:  pkgconfig(cynara-session)
 
 %description
 A Media content library in SLP C API package.

diff --git a/src/media_content.c b/src/media_content.c
index 2a373c9..7ba9e05 100755 (executable)
--- a/src/media_content.c
+++ b/src/media_content.c
@@ -27,12 +27,26 @@
 #include <dirent.h>
 #include <fcntl.h>
 
+#include <grp.h>
+#include <pwd.h>
+
+#include <cynara-client.h>
+#include <cynara-session.h>
+#include <cynara-error.h>
+#include <cynara-creds-socket.h>
+
 
 static attribute_h g_attr_handle = NULL;
 static attribute_h g_alias_attr_handle = NULL;
 static MediaSvcHandle *db_handle = NULL;
 static int ref_count = 0;
 static GMutex db_mutex;
+#ifndef SCM_SECURITY
+#define SCM_SECURITY 0x03
+#endif
+
+static cynara *_cynara = NULL;
+G_LOCK_DEFINE_STATIC(cynara_mutex);
 
 static __thread media_noti_cb_s *g_noti_info = NULL;
 
@@ -555,6 +569,60 @@ static int __media_content_destroy_attribute_handle(void)
        return ret;
 }
 
+/* Temporary Code [remove after  inserted gid patch by security part] */
+int __media_content_cynara_check(const char *privilege)
+{
+       int ret = MEDIA_CONTENT_ERROR_NONE;
+       int result;
+       char *session = NULL;
+       pid_t pid;
+       char c_uid[20] = {0, };
+       char *smack = NULL;
+       FILE *pFile = NULL;
+       char buf[255] = {0, };
+
+       ret = cynara_initialize(&_cynara, NULL);
+       if (ret != CYNARA_API_SUCCESS) {
+               media_content_error("cynara_initialize", ret);
+               return MEDIA_CONTENT_ERROR_INVALID_OPERATION;
+       }
+
+       sprintf(c_uid, "%d", tzplatform_getuid(TZ_USER_NAME));
+
+       pid = getpid();
+
+       session = cynara_session_from_pid(pid);
+       if (session == NULL) {
+               media_content_error("cynara_session_from_pid failed");
+               return MEDIA_CONTENT_ERROR_INVALID_OPERATION;
+       }
+
+       pFile = fopen( "/proc/self/attr/current", "r" );
+       if (pFile != NULL) {
+               smack = fgets(buf, sizeof(buf), pFile);
+               fclose(pFile);
+       } else {
+               media_content_error("current info read failed");
+               return MEDIA_CONTENT_ERROR_INVALID_OPERATION;
+       }
+
+
+       G_LOCK(cynara_mutex);
+       result = cynara_check(_cynara, smack, session, c_uid, privilege);
+       G_UNLOCK(cynara_mutex);
+
+       if (result != CYNARA_API_ACCESS_ALLOWED)
+               media_content_error("cynara_check", result);
+
+       SAFE_FREE(session);
+
+       cynara_finish(_cynara);
+       _cynara = NULL;
+
+       return result == CYNARA_API_ACCESS_ALLOWED ? MEDIA_CONTENT_ERROR_NONE : MEDIA_CONTENT_ERROR_PERMISSION_DENIED;
+}
+
+
 attribute_h _content_get_attirbute_handle(void)
 {
        return g_attr_handle;
@@ -907,6 +975,15 @@ int media_content_scan_folder(const char *path, bool is_recursive, media_scan_co
 
        media_content_retvm_if(!STRING_VALID(path), MEDIA_CONTENT_ERROR_INVALID_PARAMETER, "Invalid path");
 
+       /* Temporary Code [remove after  inserted gid patch by security part] */
+       if (strncmp(path, "/usr/storage", strlen("/usr/storage")) == 0) {
+               ret = __media_content_cynara_check("http://tizen.org/privilege/externalstorage");
+               media_content_retvm_if(ret == MEDIA_CONTENT_ERROR_PERMISSION_DENIED, ret, "Permission Denied");
+       } else {
+               ret = __media_content_cynara_check("http://tizen.org/privilege/mediastorage");
+               media_content_retvm_if(ret == MEDIA_CONTENT_ERROR_PERMISSION_DENIED, ret, "Permission Denied");
+       }
+
        memset(storage_id, 0x00, sizeof(storage_id));
 
        ret = __media_content_check_dir(path);