Add uid checking logic for APP_GET_APPID_BYPID

This patch prevents non-Tizen application from querying itself.

Change-Id: Ice4bb29f2e581de3814d4d7477ea8d0820def44f
Signed-off-by: Changgyu Choi <changyu.choi@samsung.com>

diff --git a/src/lib/amd_app_status.c b/src/lib/amd_app_status.c
index 2c562cf946738d7de3e65c7c46db7fa8c9f3f5a2..741c555b30380cf53a7e374aeb7ba07302c51ce7 100644 (file)
--- a/src/lib/amd_app_status.c
+++ b/src/lib/amd_app_status.c
@@ -1786,6 +1786,17 @@ static int __dispatch_app_get_appid_by_pid(request_h req)
        }
 
        pid = atoi(pid_str);
+       pid_t caller_pid = _request_get_pid(req);
+       if (pid == caller_pid) {
+               uid_t uid = _request_get_uid(req);
+               if (uid < REGULAR_UID_MIN) {
+                       _E("pid(%d) is not an application", pid);
+                       aul_sock_send_raw_with_fd(_request_remove_fd(req),
+                                       APP_GET_INFO_ERROR, NULL, 0, AUL_SOCK_NOREPLY);
+                       return -1;
+               }
+       }
+
        ret = _app_status_get_appid_bypid(_request_remove_fd(req), pid);
        _D("app_status_get_appid_bypid : %d : %d", pid, ret);