Check privacy before executing an application

If the security_manager_prepare_app_privacy() returns an error,
the launch request will be rejected.

Change-Id: Iaa4f1341ff684cef33cfeea35921fa3c017bce80
Signed-off-by: Hwankyu Jhun <h.jhun@samsung.com>

diff --git a/src/launchpad.c b/src/launchpad.c
index 5cf71de..fef9868 100755 (executable)
--- a/src/launchpad.c
+++ b/src/launchpad.c
@@ -707,8 +707,15 @@ static int __prepare_exec(const char *appid, const char *app_path,
        /* TODO : should be add to check permission in the kernel*/
        setsid();
 
-       /* SET PRIVILEGES*/
        if (bundle_get_val(kb, AUL_K_PRIVACY_APPID) == NULL) {
+               /* CHECK PRIVACY */
+               ret = security_manager_prepare_app_privacy(appid);
+               if (ret != SECURITY_MANAGER_SUCCESS) {
+                       _W("Launching %s has been prohibited", appid);
+                       return PAD_ERR_REJECTED;
+               }
+
+               /* SET PRIVILEGES*/
                ret = security_manager_prepare_app(appid);
                if (ret != SECURITY_MANAGER_SUCCESS)
                        return PAD_ERR_REJECTED;

diff --git a/src/launchpad_lib.c b/src/launchpad_lib.c
index 927046e..c73c4fd 100644 (file)
--- a/src/launchpad_lib.c
+++ b/src/launchpad_lib.c
@@ -67,9 +67,17 @@ static int __prepare_exec(const char *appid, const char *app_path,
 
        __preexec_run(pkg_type, appid, app_path);
 
-       /* SET PRIVILEGES*/
        SECURE_LOGD("[candidata] appid : %s / pkg_type : %s / app_path : %s",
                appid, pkg_type, app_path);
+
+       /* CHECK PRIVACY */
+       ret = security_manager_prepare_app_privacy(appid);
+       if (ret != SECURITY_MANAGER_SUCCESS) {
+               _W("Launching %s has been prohibited", appid);
+               return -1;
+       }
+
+       /* SET PRIVILEGES*/
        ret = security_manager_prepare_app(appid);
        if (ret != SECURITY_MANAGER_SUCCESS) {
                _D("fail to set privileges - " \