lib: resource-monitor: Check systemmonitor privilege

In order to prevent the unauthorized client,
check the systemmonitor privilege[1] .
[1] http://tizen.org/privilege/systemmonitor

For example of rejection when don't have systemmonitor privilege
- Connect sdb without root and then executes resource-monitor/resource-monitor-tests.
  In result, cannot use the resource monitor. I checked it the log as following:

E/PASS    ( 1395): privilege.c: is_privilege_supported(69) > 'http://tizen.org/privilege/systemmonitor' privilege is not supported on resource-monitor
E/PASS    ( 1395): privilege.c: is_privilege_supported(69) > 'http://tizen.org/privilege/systemmonitor' privilege is not supported on resource-monitor
(snip)
E/PASS    ( 1429): privilege.c: is_privilege_supported(69) > 'http://tizen.org/privilege/systemmonitor' privilege is not supported on resource-monitor-tests
E/PASS    ( 1429): privilege.c: is_privilege_supported(69) > 'http://tizen.org/privilege/systemmonitor' privilege is not supported on resource-monitor-tests

Change-Id: I77531ca1717b3592f0803cc585e0f205c46edcee
Signed-off-by: Chanwoo Choi <cw00.choi@samsung.com>

diff --git a/lib/CMakeLists.txt b/lib/CMakeLists.txt
index 78a3b9c..fd2f3d1 100644 (file)
--- a/lib/CMakeLists.txt
+++ b/lib/CMakeLists.txt
@@ -17,6 +17,8 @@ SET(PKG_MODULES
        dlog
        gio-2.0
        glib-2.0
+       cynara-client
+       cynara-session
 )
 
 INCLUDE(FindPkgConfig)
@@ -31,7 +33,10 @@ SET(EXTRA_CFLAGS "${EXTRA_CFLAGS} -g -fno-omit-frame-pointer -finstrument-functi
 SET(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} ${EXTRA_CFLAGS} -lrt")
 SET(CMAKE_EXE_LINKER_FLAGS "-pie")
 
-SET(SRCS ./resource-monitor/resource-monitor.c)
+SET(SRCS
+       ${CMAKE_SOURCE_DIR}/src/util/privilege.c
+       ${CMAKE_SOURCE_DIR}/lib/resource-monitor/resource-monitor.c
+)
 
 ADD_LIBRARY( ${PROJECT_NAME} SHARED ${SRCS})
 TARGET_LINK_LIBRARIES( ${PROJECT_NAME} ${pkgs_LDFLAGS} -ldl -Wl,-z,nodelete,--no-undefined)

diff --git a/lib/resource-monitor/resource-monitor.c b/lib/resource-monitor/resource-monitor.c
index 062bfad..e7b567e 100644 (file)
--- a/lib/resource-monitor/resource-monitor.c
+++ b/lib/resource-monitor/resource-monitor.c
@@ -23,6 +23,7 @@
 #include <util/log.h>
 #include <monitor/request.h>
 #include <util/resource.h>
+#include <util/privilege.h>
 
 #include <stdio.h>
 #include <string.h>
@@ -38,6 +39,8 @@
 
 #include "resource-monitor.h"
 
+#define PRIVILEGE_SYSTEMMONITOR        "http://tizen.org/privilege/systemmonitor"
+
 #define REQUEST_SERVER_IP "127.0.0.1"
 #define REQUEST_SERVER_PORT 10001
 
@@ -125,6 +128,9 @@ static inline int handle_request(struct request_data *data)
        if (!data)
                return TIZEN_ERROR_INVALID_PARAMETER;
 
+       if (!is_privilege_supported(PRIVILEGE_SYSTEMMONITOR))
+               return TIZEN_ERROR_PERMISSION_DENIED;
+
        /* Make buffer with struct request_data according to request */
        switch (data->request) {
        case REQUEST_UPDATE_RESOURCE_ALL:
@@ -290,6 +296,9 @@ int pass_resource_monitor_init(void)
        struct sockaddr_in server_addr;
        int ret = TIZEN_ERROR_NO_DATA;
 
+       if (!is_privilege_supported(PRIVILEGE_SYSTEMMONITOR))
+               return TIZEN_ERROR_PERMISSION_DENIED;
+
        client = malloc(sizeof(struct pass_resource_monitor_client));
        if (!client) {
                _E("[libpass] failed to allocate memory");
@@ -334,6 +343,9 @@ int pass_resource_monitor_exit(int id)
 {
        struct pass_resource_monitor_client *client;
 
+       if (!is_privilege_supported(PRIVILEGE_SYSTEMMONITOR))
+               return TIZEN_ERROR_PERMISSION_DENIED;
+
        client = find_client_by_id(id);
        if (!client) {
                _E("[libpass] cannot find client-%d", id);
@@ -506,6 +518,9 @@ static int pass_resource_monitor_get_json(int id, char *json_string, int request
        char *buffer;
        va_list args;
 
+       if (!is_privilege_supported(PRIVILEGE_SYSTEMMONITOR))
+               return TIZEN_ERROR_PERMISSION_DENIED;
+
        buffer = malloc(HUGE_BUFF_MAX + 1);
        if (!buffer)
                return TIZEN_ERROR_OUT_OF_MEMORY;
@@ -705,6 +720,9 @@ pass_resource_monitor_get_array(int id, int res_id, u_int64_t attr_id, int data_
        int response_req;
        int ret, i;
 
+       if (!is_privilege_supported(PRIVILEGE_SYSTEMMONITOR))
+               return TIZEN_ERROR_PERMISSION_DENIED;
+
        buffer = malloc(HUGE_BUFF_MAX + 1);
        if (!buffer)
                return TIZEN_ERROR_OUT_OF_MEMORY;

diff --git a/tests/integration-test/CMakeLists.txt b/tests/integration-test/CMakeLists.txt
index 69ec8ff..24600cd 100644 (file)
--- a/tests/integration-test/CMakeLists.txt
+++ b/tests/integration-test/CMakeLists.txt
@@ -3,6 +3,7 @@ PROJECT(pass C CXX)
 SET(SRCS ${CMAKE_SOURCE_DIR}/src/pass/pass-hal.c
        ${CMAKE_SOURCE_DIR}/src/pass/pass-parser.c
        ${CMAKE_SOURCE_DIR}/src/util/common.c
+       ${CMAKE_SOURCE_DIR}/src/util/privilege.c
        ${CMAKE_SOURCE_DIR}/lib/resource-monitor/resource-monitor.c
 )
 
@@ -20,6 +21,8 @@ pkg_check_modules(gtest_pkgs REQUIRED
        dlog
        json-c
        hal-api-power
+       cynara-client
+       cynara-session
 )
 
 FOREACH(flag ${gtest_pkgs_CFLAGS})

diff --git a/tools/resource-monitor/CMakeLists.txt b/tools/resource-monitor/CMakeLists.txt
index 3e28063..8746e13 100644 (file)
--- a/tools/resource-monitor/CMakeLists.txt
+++ b/tools/resource-monitor/CMakeLists.txt
@@ -2,6 +2,7 @@ PROJECT(pass C CXX)
 
 SET(SRCS
        ${CMAKE_SOURCE_DIR}/src/util/common.c
+       ${CMAKE_SOURCE_DIR}/src/util/privilege.c
        ${CMAKE_SOURCE_DIR}/lib/resource-monitor/resource-monitor.c
 )
 
@@ -17,6 +18,8 @@ pkg_check_modules(gtest_pkgs REQUIRED
        gio-2.0
        dlog
        json-c
+       cynara-client
+       cynara-session
 )
 
 FOREACH(flag ${gtest_pkgs_CFLAGS})