From: Unsung Lee <unsung.lee@samsung.com>
Date: Fri, 10 Jan 2025 09:00:21 +0000 (+0900)
Subject: privilege: Replace the code that accesses the attr with the cynara API
X-Git-Tag: accepted/tizen/unified/20250115.124150~1
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=0c6bf5daa37eb9cd9544d45ebd95bbe706fa5dc0;p=platform%2Fcore%2Fsystem%2Fpass.git

privilege: Replace the code that accesses the attr with the cynara API

Replace the code that directly accesses /proc/self/attr/current
with a cynara API called cynara_creds_self_get_client.
This is because, direct accessing to /proc/self/attr/current is invalid when SMACK is disabled.

Change-Id: I5b99e5af4ad6be446a52ea6f0caa03720826e2ed
Signed-off-by: Unsung Lee <unsung.lee@samsung.com>
---

diff --git a/lib/CMakeLists.txt b/lib/CMakeLists.txt
index fd2f3d1..7026c2e 100644
--- a/lib/CMakeLists.txt
+++ b/lib/CMakeLists.txt
@@ -19,6 +19,7 @@ SET(PKG_MODULES
 	glib-2.0
 	cynara-client
 	cynara-session
+	cynara-creds-self
 )
 
 INCLUDE(FindPkgConfig)
diff --git a/packaging/pass.spec b/packaging/pass.spec
index 4fb2a86..fd5caf3 100644
--- a/packaging/pass.spec
+++ b/packaging/pass.spec
@@ -31,6 +31,7 @@ BuildRequires:  pkgconfig(json-c)
 BuildRequires:  pkgconfig(hal-api-power)
 BuildRequires:  pkgconfig(cynara-client)
 BuildRequires:  pkgconfig(cynara-session)
+BuildRequires:  pkgconfig(cynara-creds-self)
 
 %description
 PASS  (Power-Aware System Service)
diff --git a/src/util/privilege.c b/src/util/privilege.c
index 59d8dc9..43259e6 100644
--- a/src/util/privilege.c
+++ b/src/util/privilege.c
@@ -23,6 +23,7 @@
 
 #include <cynara-client.h>
 #include <cynara-session.h>
+#include <cynara-creds-self.h>
 
 #include <util/log.h>
 #include <util/common.h>
@@ -33,10 +34,9 @@ extern char *program_invocation_name;
 int privilege_get_privilege_supported(const char *privilege_name, bool *privilege_supported)
 {
 	cynara *cynara = NULL;
-	FILE *fp = NULL;
 	char uid[16];
 	char *session = NULL;
-	char smack_label[BUFF_MAX] = {0, };
+	char *smack_label = NULL;
 	int ret;
 
 	if (!privilege_supported)
@@ -48,15 +48,10 @@ int privilege_get_privilege_supported(const char *privilege_name, bool *privileg
 		return -EPERM;
 	}
 
-	fp = fopen("/proc/self/attr/current", "r");
-	if (fp != NULL) {
-		int ch = 0;
-		int idx = 0;
-		while (EOF != (ch = fgetc(fp))) {
-			smack_label[idx] = ch;
-			idx++;
-		}
-		fclose(fp);
+	if (cynara_creds_self_get_client(CLIENT_METHOD_DEFAULT, &smack_label) != CYNARA_API_SUCCESS) {
+		_E("Failed to get smack label by cynara_creds_self_get_client()");
+		*privilege_supported = false;
+		return -EPERM;
 	}
 
 	pid_t pid = getpid();
@@ -69,6 +64,8 @@ int privilege_get_privilege_supported(const char *privilege_name, bool *privileg
 		free(session);
 	if (cynara)
 		cynara_finish(cynara);
+	if (smack_label)
+		free(smack_label);
 	if (ret != CYNARA_API_ACCESS_ALLOWED) {
 		_W("'%s' privilege is not supported on %s",
 				privilege_name, program_invocation_name);
diff --git a/tests/integration-test/CMakeLists.txt b/tests/integration-test/CMakeLists.txt
index 2918a86..c407c97 100644
--- a/tests/integration-test/CMakeLists.txt
+++ b/tests/integration-test/CMakeLists.txt
@@ -27,6 +27,7 @@ pkg_check_modules(gtest_pkgs REQUIRED
 	hal-api-power
 	cynara-client
 	cynara-session
+	cynara-creds-self
 	libudev
 )
 
diff --git a/tools/resource-monitor/CMakeLists.txt b/tools/resource-monitor/CMakeLists.txt
index 8746e13..2abd4c6 100644
--- a/tools/resource-monitor/CMakeLists.txt
+++ b/tools/resource-monitor/CMakeLists.txt
@@ -20,6 +20,7 @@ pkg_check_modules(gtest_pkgs REQUIRED
 	json-c
 	cynara-client
 	cynara-session
+	cynara-creds-self
 )
 
 FOREACH(flag ${gtest_pkgs_CFLAGS})