The reboot operation is permitted to privileged apps only.
Change-Id: I58e161cbb7b6b1bb54fc6e7dffd5f62eefa12fec
Signed-off-by: taeyoung <ty317.kim@samsung.com>
#define VIP_DIR "/tmp/vip"
#define BUFF_MAX 255
+#define APP_ATTR_PATH "/proc/%d/attr/current"
+
/**
* Opens "/proc/$pid/oom_score_adj" file for w/r;
* Return: FILE pointer or NULL
_D("%s --> %d:%02d:%02d %d",
prefix, tm.tm_hour, tm.tm_min, tm.tm_sec, tv.tv_usec);
}
+
+int get_privilege(pid_t pid, char *name, size_t len)
+{
+ char path[PATH_MAX];
+ char attr[BUFF_MAX];
+ size_t attr_len;
+ FILE *fp;
+
+ snprintf(path, sizeof(path), APP_ATTR_PATH, pid);
+
+ fp = fopen(path, "r");
+ if (!fp)
+ return -errno;
+
+ attr_len = fread(attr, 1, sizeof(attr) - 1, fp);
+ fclose(fp);
+ if (attr_len == 0)
+ return -ENOENT;
+
+ attr[attr_len] = '\0';
+
+ snprintf(name, len, "%s", attr);
+ return 0;
+}
int terminate_process(const char *partition, bool force);
int mount_check(const char* path);
void print_time(const char *prefix);
+int get_privilege(pid_t pid, char *name, size_t len);
#endif /* __CORE_COMMON_H__ */
return ret;
}
+static int app_privileged(pid_t pid)
+{
+ char attr[64];
+ int ret;
+ size_t len;
+
+ ret = get_privilege(pid, attr, sizeof(attr));
+ if (ret < 0) {
+ _E("Failed to get privilege of PID(%d)", pid);
+ return 0;
+ }
+
+ len = strlen(attr);
+
+ if (!strncmp("System::Privileged", attr, len + 1))
+ return 1;
+
+ if (strstr(attr, "User::Pkg::") == attr)
+ return 1;
+
+ return 0;
+}
+
static void poweroff_stop_systemd_service(void)
{
_D("systemd service stop");
update_pm_setting(SETTING_POWEROFF, val);
}
-static int power_execute(void *data)
+static int power_execute_pid(void *data, pid_t pid)
{
int ret;
long val;
val = POWER_OFF_DIRECT;
else if (strncmp(PWROFF_POPUP, str, PWROFF_POPUP_LEN) == 0)
val = POWER_OFF_POPUP;
- else if (strncmp(POWER_REBOOT, str, POWER_REBOOT_LEN) == 0)
+ else if (strncmp(POWER_REBOOT, str, POWER_REBOOT_LEN) == 0) {
+ if (!app_privileged(pid)) {
+ _E("PID(%d) does not have the permission for reboot", pid);
+ return -EPERM;
+ }
val = POWER_OFF_RESTART;
- else {
+ } else {
_E("Invalid parameter : data(%s)", str);
return -EINVAL;
}
return 0;
}
+static int power_execute(void *data)
+{
+ return power_execute_pid(data, getpid());
+}
+
static DBusMessage *dbus_power_handler(E_DBus_Object *obj, DBusMessage *msg)
{
DBusError err;
goto out;
}
- ret = power_execute(type_str);
+ _I("PID(%d) requests %s", pid, type_str);
+ ret = power_execute_pid(type_str, pid);
out:
reply = dbus_message_new_method_return(msg);
DBusMessage *reply;
char *str;
int ret;
+ pid_t pid;
if (!dbus_message_get_args(msg, NULL,
DBUS_TYPE_STRING, &str, DBUS_TYPE_INVALID)) {
goto out;
}
- _I("reboot command : %s", str);
- ret = power_execute(POWER_REBOOT);
+ pid = get_edbus_sender_pid(msg);
+
+ _I("PID(%d) requests reboot with command : %s", pid, str);
+ ret = power_execute_pid(POWER_REBOOT, pid);
out:
reply = dbus_message_new_method_return(msg);
#include "core/edbus-handler.h"
#include "core/list.h"
#include "core/device-notifier.h"
+#include "core/common.h"
#include <fuse.h>
#include <stdio.h>
#include "tzip.h"
#include "tzip-utility.h"
-#define APP_ATTR_PATH "/proc/%d/attr/current"
static pthread_t thread;
static pthread_t mount_thread;
static int check_smack_label(pid_t pid)
{
- char path[PATH_MAX];
char attr[64];
size_t len;
- FILE *fp;
-
- snprintf(path, sizeof(path), APP_ATTR_PATH, pid);
-
- fp = fopen(path, "r");
- if (!fp)
- return 0;
+ int ret;
- len = fread(attr, 1, sizeof(attr) - 1, fp);
- fclose(fp);
- if (len == 0)
+ ret = get_privilege(pid, attr, sizeof(attr));
+ if (ret < 0) {
+ _E("Failed to get privilege of PID(%d)", pid);
return 0;
+ }
- attr[len] = '\0';
+ len = strlen(attr) + 1;
- if (!strncmp("System", attr, len + 1))
+ if (!strncmp("System", attr, len))
return 1;
- if (!strncmp("User", attr, len + 1))
+ if (!strncmp("User", attr, len))
return 1;
- if (!strncmp("System::Privileged", attr, len + 1))
+ if (!strncmp("System::Privileged", attr, len))
return 1;
return 0;
projects / platform / core / system / deviced.git / commitdiff