pa_log_debug("%s: %s", string, buf);
}
-bool cynara_check_privilege(int fd, const char *privilege) {
+bool cynara_check_privilege(int fd, const char *privilege, pid_t allowed_pid) {
cynara *p_cynara = NULL;
cynara_configuration *p_conf = NULL;
int ret = 0;
- int result = false;
+ bool result = false;
char *user = NULL;
char *client = NULL;
char *session = NULL;
- int pid = 0;
+ pid_t pid = 0;
ret = cynara_configuration_create(&p_conf);
cynara_log("cynara_configuration_create()", ret);
goto CLEANUP;
}
+ if (pid == allowed_pid) {
+ pa_log_info("identical to allowed pid");
+ result = true;
+ goto CLEANUP;
+ }
+
ret = cynara_creds_socket_get_client(fd, CLIENT_METHOD_DEFAULT, &client);
cynara_log("cynara_creds_socket_get_client()", ret);
if (ret != CYNARA_API_SUCCESS) {
return;
}
- CHECK_VALIDITY(c->pstream, cynara_check_privilege(_get_connection_out_fd(c), privilege), tag, PA_ERR_ACCESS);
+ CHECK_VALIDITY(c->pstream, cynara_check_privilege(_get_connection_out_fd(c), privilege, -1), tag, PA_ERR_ACCESS);
pa_pstream_send_simple_ack(c->pstream, tag);
}
#endif
pa_log_info("is virtual stream : %s, is remote stream : %s", pa_yes_no(is_virtual_stream), pa_yes_no(is_remote_stream));
if (!is_virtual_stream && !is_remote_stream)
- CHECK_VALIDITY(c->pstream, cynara_check_privilege(_get_connection_out_fd(c), RECORDER_PRIVILEGE), tag, PA_ERR_ACCESS);
+ CHECK_VALIDITY(c->pstream, cynara_check_privilege(_get_connection_out_fd(c), RECORDER_PRIVILEGE, -1), tag, PA_ERR_ACCESS);
#endif
p = pa_proplist_new();
pa_pstream_send_simple_ack(c->pstream, tag);
}
+#ifdef TIZEN_SECURITY
+static pid_t get_pid_to_skip(pa_sink_input *si, pa_source_output *so) {
+ int32_t pid = 0;
+ const char *pid_str = NULL;
+
+ if (si)
+ pid_str = pa_proplist_gets(si->proplist, PA_PROP_APPLICATION_PROCESS_ID);
+ else if (so)
+ pid_str = pa_proplist_gets(so->proplist, PA_PROP_APPLICATION_PROCESS_ID);
+
+ if (!pid_str || pa_atoi(pid_str, &pid) == -1)
+ return -1;
+
+ return (pid_t)pid;
+}
+#endif
+
static void command_set_volume(
pa_pdispatch *pd,
uint32_t command,
CHECK_VALIDITY(c->pstream, !name || pa_namereg_is_valid_name_or_wildcard(name, command == PA_COMMAND_SET_SINK_VOLUME ? PA_NAMEREG_SINK : PA_NAMEREG_SOURCE), tag, PA_ERR_INVALID);
CHECK_VALIDITY(c->pstream, (idx != PA_INVALID_INDEX) ^ (name != NULL), tag, PA_ERR_INVALID);
CHECK_VALIDITY(c->pstream, pa_cvolume_valid(&volume), tag, PA_ERR_INVALID);
-#ifdef TIZEN_SECURITY
- CHECK_VALIDITY(c->pstream, cynara_check_privilege(_get_connection_out_fd(c), VOLUME_SET_PRIVILEGE),
- tag, PA_ERR_ACCESS);
-#endif
switch (command) {
-
case PA_COMMAND_SET_SINK_VOLUME:
if (idx != PA_INVALID_INDEX)
sink = pa_idxset_get_by_index(c->protocol->core->sinks, idx);
}
CHECK_VALIDITY(c->pstream, si || so || sink || source, tag, PA_ERR_NOENTITY);
-
+#ifdef TIZEN_SECURITY
+ CHECK_VALIDITY(c->pstream, cynara_check_privilege(_get_connection_out_fd(c), VOLUME_SET_PRIVILEGE, get_pid_to_skip(si, so)),
+ tag, PA_ERR_ACCESS);
+#endif
client_name = pa_strnull(pa_proplist_gets(c->client->proplist, PA_PROP_APPLICATION_PROCESS_BINARY));
if (sink) {
CHECK_VALIDITY(c->pstream, !name || pa_namereg_is_valid_name_or_wildcard(name, command == PA_COMMAND_SET_SINK_MUTE ? PA_NAMEREG_SINK : PA_NAMEREG_SOURCE), tag, PA_ERR_INVALID);
CHECK_VALIDITY(c->pstream, (idx != PA_INVALID_INDEX) ^ (name != NULL), tag, PA_ERR_INVALID);
#ifdef TIZEN_SECURITY
- CHECK_VALIDITY(c->pstream, cynara_check_privilege(_get_connection_out_fd(c), VOLUME_SET_PRIVILEGE),
+ CHECK_VALIDITY(c->pstream, cynara_check_privilege(_get_connection_out_fd(c), VOLUME_SET_PRIVILEGE, -1),
tag, PA_ERR_ACCESS);
#endif