Check privilege in app_context_set_event_cb

Change-Id: I5b850d2faa85f8b938b19561c859273e6eb2c033
Signed-off-by: Myungki Lee <mk5004.lee@samsung.com>

diff --git a/CMakeLists.txt b/CMakeLists.txt
index 0da6617..2f8edd0 100644 (file)
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -13,7 +13,8 @@ pkg_check_modules(PKGS REQUIRED
        aul
        pkgmgr
        pkgmgr-info
-       glib-2.0)
+       glib-2.0
+       cynara-client)
 FOREACH(FLAGS ${PKGS_CFLAGS})
        SET(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} ${FLAGS}")
 ENDFOREACH(FLAGS)

diff --git a/packaging/capi-appfw-app-manager.spec b/packaging/capi-appfw-app-manager.spec
index 1812c6a..a9d9aa2 100644 (file)
--- a/packaging/capi-appfw-app-manager.spec
+++ b/packaging/capi-appfw-app-manager.spec
@@ -13,6 +13,7 @@ BuildRequires:  pkgconfig(pkgmgr)
 BuildRequires:  pkgconfig(pkgmgr-info)
 BuildRequires:  pkgconfig(capi-base-common)
 BuildRequires:  pkgconfig(glib-2.0)
+BuildRequires:  pkgconfig(cynara-client)
 Requires(post): /sbin/ldconfig
 Requires(postun): /sbin/ldconfig
 

diff --git a/src/app_context.c b/src/app_context.c
index 7d6878e..695a683 100644 (file)
--- a/src/app_context.c
+++ b/src/app_context.c
@@ -529,9 +529,19 @@ static int app_context_terminated_event_cb(pid_t pid, void *data)
 
 int app_context_set_event_cb(app_manager_app_context_event_cb callback, void *user_data)
 {
+       int ret;
+
        if (callback == NULL)
                return app_manager_error(APP_MANAGER_ERROR_INVALID_PARAMETER, __FUNCTION__, NULL);
 
+       ret = app_manager_check_privilege(PRIVILEGE_PKGMGR_INFO);
+       if (ret != APP_MANAGER_ERROR_NONE) {
+               if (ret == APP_MANAGER_ERROR_PERMISSION_DENIED)
+                       return app_manager_error(APP_MANAGER_ERROR_PERMISSION_DENIED, __FUNCTION__, NULL);
+               else
+                       return app_manager_error(APP_MANAGER_ERROR_IO_ERROR, __FUNCTION__, NULL);
+       }
+
        app_context_lock_event_cb_context();
 
        if (event_cb_context == NULL) {

diff --git a/src/app_manager.c b/src/app_manager.c
index fdd35a6..2aaa4e2 100644 (file)
--- a/src/app_manager.c
+++ b/src/app_manager.c
@@ -19,9 +19,11 @@
 #include <stdlib.h>
 #include <string.h>
 #include <unistd.h>
+#include <fcntl.h>
 
 #include <aul.h>
 #include <dlog.h>
+#include <cynara-client.h>
 
 #include "app_manager.h"
 #include "app_manager_internal.h"
@@ -32,6 +34,7 @@
 
 #define LOG_TAG "CAPI_APPFW_APP_MANAGER"
 
+#define SMACK_LABEL_LEN 255
 
 static const char* app_manager_error_to_string(app_manager_error_e error)
 {
@@ -52,6 +55,8 @@ static const char* app_manager_error_to_string(app_manager_error_e error)
                return "Invalid package";
        case APP_MANAGER_ERROR_NOT_SUPPORTED:
                return "Not supported";
+       case APP_MANAGER_ERROR_PERMISSION_DENIED:
+               return "Permission denied";
        default:
                return "Unknown";
        }
@@ -67,6 +72,67 @@ int app_manager_error(app_manager_error_e error, const char* function, const cha
        return error;
 }
 
+int app_manager_check_privilege(char *privilege)
+{
+       cynara *p_cynara;
+       int fd;
+       int ret;
+
+       char client[SMACK_LABEL_LEN + 1] = "";
+       char uid[10] = {0,};
+       char *client_session = "";
+
+       if (privilege == NULL) {
+               LOGE("invalid parameter");
+               return APP_MANAGER_ERROR_INVALID_PARAMETER;
+       }
+
+       ret = cynara_initialize(&p_cynara, NULL);
+       if (ret != CYNARA_API_SUCCESS) {
+               LOGE("cynara_initialize [%d] failed!", ret);
+               return APP_MANAGER_ERROR_IO_ERROR;
+       }
+
+       fd = open("/proc/self/attr/current", O_RDONLY);
+       if (fd < 0) {
+               LOGE("open [%d] failed!", errno);
+               ret = APP_MANAGER_ERROR_IO_ERROR;
+               goto out;
+       }
+
+       ret = read(fd, client, SMACK_LABEL_LEN);
+       if (ret < 0) {
+               LOGE("read [%d] failed!", errno);
+               close(fd);
+               ret = APP_MANAGER_ERROR_IO_ERROR;
+               goto out;
+       }
+
+       close(fd);
+
+       snprintf(uid, 10, "%d", getuid());
+
+       ret = cynara_check(p_cynara, client, client_session, uid, privilege);
+       if (ret != CYNARA_API_ACCESS_ALLOWED) {
+               LOGE("cynara access check [%d] failed!", ret);
+
+               if (ret == CYNARA_API_ACCESS_DENIED)
+                       ret = APP_MANAGER_ERROR_PERMISSION_DENIED;
+               else
+                       ret = APP_MANAGER_ERROR_IO_ERROR;
+
+               goto out;
+       }
+
+       ret = APP_MANAGER_ERROR_NONE;
+
+out:
+       if (p_cynara)
+               cynara_finish(p_cynara);
+
+       return ret;
+}
+
 API int app_manager_set_app_context_event_cb(app_manager_app_context_event_cb callback, void *user_data)
 {
        int retval = app_context_set_event_cb(callback, user_data);

diff --git a/src/app_manager_internal.h b/src/app_manager_internal.h
index 7a5a596..d7185f6 100644 (file)
--- a/src/app_manager_internal.h
+++ b/src/app_manager_internal.h
@@ -36,6 +36,8 @@ extern "C" {
  * @{
  */
 
+#define PRIVILEGE_PKGMGR_INFO "http://tizen.org/privilege/packagemanager.info"
+
 int app_manager_error(app_manager_error_e error, const char* function, const char *description);
 
 int app_context_foreach_app_context(app_manager_app_context_cb callback, void *user_data);
@@ -52,6 +54,7 @@ int app_info_foreach_app_info(app_manager_app_info_cb callback, void *user_data)
 
 int app_info_get_app_info(const char *app_id, app_info_h *app_info);
 
+int app_manager_check_privilege(char *privilege);
 /**
  * @}
  */