Add defense code for wrong use cases

Only Tizen applications and user session daemons can use
storage_get_root_directory(STORAGE_TYPE_INTERNAL, ...).

Change-Id: I107b027a06843bbd88f7a1008f8051b6c5430b79
Signed-off-by: Hyotaek Shim <hyotaek.shim@samsung.com>

diff --git a/src/storage.c b/src/storage.c
index cd3e29a..33bfc8e 100644 (file)
--- a/src/storage.c
+++ b/src/storage.c
@@ -28,6 +28,8 @@
 #include "storage-external.h"
 
 #define BLOCK_CONF_FILE         "/etc/storaged/block.conf"
+#define USER_UID_START         5000
+
 const char *dir_path[STORAGE_DIRECTORY_MAX];
 
 const int tz_id[STORAGE_DIRECTORY_MAX] = {
@@ -123,6 +125,12 @@ API int storage_get_root_directory(int storage_id, char **path)
                return STORAGE_ERROR_INVALID_PARAMETER;
        }
 
+       if (storage_id == STORAGE_TYPE_INTERNAL && getuid() < USER_UID_START) {
+               _E("Only Tizen applications and user session daemons can use \
+                       storage_get_root_directory(STORAGE_TYPE_INTERNAL, ...)");
+               return STORAGE_ERROR_INVALID_PARAMETER;
+       }
+
        /* internal storage */
        DD_LIST_FOREACH(st_int_head, elem, st) {
                if (st->storage_id != storage_id)