[Widget viewer evas] Add the permission check

author moon87.park <moon87.park@samsung.com>

Mon, 23 May 2016 08:46:04 +0000 (17:46 +0900)

committer moon87.park <moon87.park@samsung.com>

Mon, 23 May 2016 12:52:58 +0000 (21:52 +0900)
author moon87.park <moon87.park@samsung.com>
Mon, 23 May 2016 08:46:04 +0000 (17:46 +0900)
committer moon87.park <moon87.park@samsung.com>
Mon, 23 May 2016 12:52:58 +0000 (21:52 +0900)
diff --git a/packaging/libwidget_viewer.spec b/packaging/libwidget_viewer.spec

index 46bae5a..fad832e 100644 (file)
--- a/packaging/libwidget_viewer.spec
+++ b/packaging/libwidget_viewer.spec
@@ -33,6 +33,7 @@ BuildRequires: pkgconfig(libtzplatform-config)
  BuildRequires: pkgconfig(dali-adaptor)
  BuildRequires: pkgconfig(dali-toolkit)
  BuildRequires: pkgconfig(pepper-dali)
+BuildRequires: pkgconfig(cynara-client)
  
  %description
  API for creating a new instance of the widget and managing its life-cycle.
diff --git a/widget_viewer_evas/CMakeLists.txt b/widget_viewer_evas/CMakeLists.txt

index e61a11b..c4f8e62 100644 (file)
--- a/widget_viewer_evas/CMakeLists.txt
+++ b/widget_viewer_evas/CMakeLists.txt
@@ -22,6 +22,7 @@ pkg_check_modules(viewer_evas REQUIRED
         capi-appfw-application
         aul
         libpepper-efl
+       cynara-client
  )
  
  SET(BUILD_SOURCE
diff --git a/widget_viewer_evas/src/widget_viewer_evas.c b/widget_viewer_evas/src/widget_viewer_evas.c

index a0b1bb7..af299f8 100644 (file)
--- a/widget_viewer_evas/src/widget_viewer_evas.c
+++ b/widget_viewer_evas/src/widget_viewer_evas.c
@@ -30,6 +30,8 @@
  
  #include <pkgmgr-info.h>
  #include <system_info.h>
+#include <cynara-client.h>
+#include <fcntl.h>
  
  #include <widget_errno.h>
  
@@ -176,6 +178,52 @@ static inline bool is_widget_feature_enabled(void)
         return feature;
  }
  
+#define SMACK_LABEL_LEN 255
+static int __check_privilege(const char *privilege)
+{
+       cynara *p_cynara;
+
+       int fd = 0;
+       int ret = 0;
+
+       char subject_label[SMACK_LABEL_LEN +1] = "";
+       char uid[10] = {0, };
+       char *client_session = "";
+
+       ret = cynara_initialize(&p_cynara, NULL);
+       if (ret != CYNARA_API_SUCCESS)
+               return -1;
+
+       fd = open("/proc/self/attr/current", O_RDONLY);
+       if (fd < 0) {
+               ret = -1;
+               goto ERROR;
+       }
+
+       ret = read(fd, subject_label, SMACK_LABEL_LEN);
+       if (ret < 0) {
+               ErrPrint("read is failed");
+               close(fd);
+               goto ERROR;
+       }
+       close(fd);
+
+       snprintf(uid, 10, "%d", getuid());
+
+       ret = cynara_check(p_cynara, subject_label, client_session, uid, privilege);
+       if (ret != CYNARA_API_ACCESS_ALLOWED) {
+               ret = -1;
+               goto ERROR;
+       }
+
+       ret = 0;
+
+ERROR:
+       if (p_cynara)
+               cynara_finish(p_cynara);
+       return ret;
+}
+
  static void smart_callback_call(Evas_Object *obj, const char *signal, void *cbdata)
  {
         if (!obj) {
@@ -311,6 +359,9 @@ EAPI int widget_viewer_evas_init(Evas_Object *win)
         if (!is_widget_feature_enabled())
                 return WIDGET_ERROR_NOT_SUPPORTED;
  
+       if (__check_privilege("http://tizen.org/privilege/widget.viewer") < 0)
+               return WIDGET_ERROR_PERMISSION_DENIED;
+
         if (!win) {
                 ErrPrint("win object is invalid\n");
                 return WIDGET_ERROR_INVALID_PARAMETER;
author	moon87.park <moon87.park@samsung.com>
	Mon, 23 May 2016 08:46:04 +0000 (17:46 +0900)
committer	moon87.park <moon87.park@samsung.com>
	Mon, 23 May 2016 12:52:58 +0000 (21:52 +0900)
packaging/libwidget_viewer.spec		patch \| blob \| history
widget_viewer_evas/CMakeLists.txt		patch \| blob \| history
widget_viewer_evas/src/widget_viewer_evas.c		patch \| blob \| history