util: privilege: Add is_privilege_supported function

is_privilege_supported checks privilege permission of self process.

Change-Id: Ife85a74a494e12de1e1418036d8c84d389518c4b
Signed-off-by: Chanwoo Choi <cw00.choi@samsung.com>

diff --git a/include/util/privilege.h b/include/util/privilege.h
new file mode 100644 (file)
index 0000000..c1bd97f
--- /dev/null
+++ b/include/util/privilege.h
@@ -0,0 +1,26 @@
+/*
+ * PASS
+ *
+ * Copyright (c) 2022 Samsung Electronics Co., Ltd.
+ *
+ * Licensed under the Apache License, Version 2.0 (the License);
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef __PRIVILEGE_H__
+#define __PRIVILEGE_H__
+
+#include <stdbool.h>
+
+bool is_privilege_supported(const char *privilege_name);
+
+#endif

diff --git a/packaging/pass.spec b/packaging/pass.spec
index bde3967..4444495 100644 (file)
--- a/packaging/pass.spec
+++ b/packaging/pass.spec
@@ -27,6 +27,8 @@ BuildRequires:  pkgconfig(libnl-3.0)
 BuildRequires:  pkgconfig(libsystemd)
 BuildRequires:  pkgconfig(json-c)
 BuildRequires:  pkgconfig(hal-api-power)
+BuildRequires:  pkgconfig(cynara-client)
+BuildRequires:  pkgconfig(cynara-session)
 
 %description
 PASS  (Power-Aware System Service)

diff --git a/src/util/privilege.c b/src/util/privilege.c
new file mode 100644 (file)
index 0000000..d577223
--- /dev/null
+++ b/src/util/privilege.c
@@ -0,0 +1,75 @@
+/*
+ * PASS (Power Aware System Service)
+ *
+ * Copyright (c) 2022 Samsung Electronics Co., Ltd.
+ *
+ * Licensed under the Apache License, Version 2.0 (the License);
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <unistd.h>
+#include <glib.h>
+#include <stdio.h>
+#include <stdlib.h>
+
+#include <cynara-client.h>
+#include <cynara-session.h>
+
+#include <util/log.h>
+#include <util/common.h>
+#include <util/privilege.h>
+
+extern char *program_invocation_name;
+
+bool is_privilege_supported(const char *privilege_name)
+{
+       cynara *cynara = NULL;
+       FILE *fp = NULL;
+       char uid[16];
+       char *session = NULL;
+       char smack_label[BUFF_MAX] = {0, };
+       int ret;
+
+       if (cynara_initialize(&cynara, NULL) != CYNARA_API_SUCCESS) {
+               _E("failed to initialize cynara");
+               return false;
+       }
+
+       fp = fopen("/proc/self/attr/current", "r");
+       if (fp != NULL) {
+               int ch = 0;
+               int idx = 0;
+               while (EOF != (ch = fgetc(fp))) {
+                       smack_label[idx] = ch;
+                       idx++;
+               }
+               fclose(fp);
+       }
+
+       pid_t pid = getpid();
+       session = cynara_session_from_pid(pid);
+       snprintf(uid, 16, "%d", getuid());
+       uid[15] = '\0';
+
+       ret = cynara_check(cynara, smack_label, session, uid, privilege_name);
+       if (session)
+               free(session);
+       if (cynara)
+               cynara_finish(cynara);
+       if (ret != CYNARA_API_ACCESS_ALLOWED) {
+               _E("'%s' privilege is not supported on %s",
+                               privilege_name, program_invocation_name);
+               return false;
+       }
+
+       return true;
+}