Adds error handling when a change of user privilege has failed.

- When the authority to change the shell and sync service process
  has failed, add the error handling.

Change-Id: I78a5ee314cad9a881a16dc7817ab6c85e11f0d57
Signed-off-by: Kim Gunsoo <gunsoo83.kim@samsung.com>

diff --git a/src/file_sync_service.c b/src/file_sync_service.c
index 5fc6642db83c8a7896f1168cd023c9049f29f567..bd0bf98eb436cad2c6e30f3c0fb718f5d790f9ce 100644 (file)
--- a/src/file_sync_service.c
+++ b/src/file_sync_service.c
@@ -685,7 +685,10 @@ void file_sync_service(int fd, void *cookie)
             D("sync: '%s' '%s'\n", (char*) &msg.req, name);
 
             if (should_drop_privileges() && !verify_sync_rule(name)) {
-                set_sdk_user_privileges();
+                if (getuid() != g_sdk_user_id && set_sdk_user_privileges() < 0) {
+                    fail_message(fd, "failed to set SDK user privileges.");
+                    goto fail;
+                }
             }
 
             switch(msg.req.id) {

diff --git a/src/sdb.c b/src/sdb.c
index f257a0f500af9baf6eff16f0bc6d43fdf43a8ed5..d421ba7fd3a8fdb18b6214b5ec2dc0c2d5690b3f 100644 (file)
--- a/src/sdb.c
+++ b/src/sdb.c
@@ -1538,14 +1538,17 @@ int set_sdk_user_privileges() {
 
     if (sdbd_set_groups() < 0) {
         D("set groups failed (errno: %d)\n", errno);
+        return -1;
     }
 
     if (setgid(g_sdk_group_id) != 0) {
         D("set group id failed (errno: %d)\n", errno);
+        return -1;
     }
 
     if (setuid(g_sdk_user_id) != 0) {
         D("set user id failed (errno: %d)\n", errno);
+        return -1;
     }
 
     if (chdir(g_sdk_home_dir) < 0) {

diff --git a/src/services.c b/src/services.c
index b6d960af0ab16403c9918e93cd9cb66a92edc0bf..24786807cccbe8138fd82b15aa9759a79554dfd6 100644 (file)
--- a/src/services.c
+++ b/src/services.c
@@ -493,7 +493,10 @@ static int create_subprocess(const char *cmd, pid_t *pid, char * const argv[], c
                 // do nothing
                 D("sdb: executes root commands!!:%s\n", argv[2]);
             } else {
-                set_sdk_user_privileges();
+                if (getuid() != g_sdk_user_id && set_sdk_user_privileges() < 0) {
+                    fprintf(stderr, "failed to set SDK user privileges\n");
+                    exit(-1);
+                }
             }
         }
         redirect_and_exec(pts, cmd, argv, envp);