From: jaekuk, lee Date: Mon, 13 Jun 2016 12:49:22 +0000 (+0900) Subject: Revert "change the download-provider permission from root to web_fw" X-Git-Tag: accepted/tizen/common/20160613.145048^0 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=0c95be3d76955b42d0ab45b42b1a2f59c4beb421;p=platform%2Fframework%2Fweb%2Fdownload-provider.git Revert "change the download-provider permission from root to web_fw" This reverts commit aec384948ca516b84d53750bc9501f4fc584aa92 Change-Id: I7cd75b31c1498f870ce5528dc99115f15510b1c7 Signed-off-by: jaekuk, lee --- diff --git a/packaging/download-provider.spec b/packaging/download-provider.spec index 01d4c67..ccf9113 100755 --- a/packaging/download-provider.spec +++ b/packaging/download-provider.spec @@ -1,7 +1,7 @@ %define _ux_define tizen2.3 Name: download-provider Summary: Download the contents in background -Version: 2.1.56 +Version: 2.1.55 Release: 0 Group: Development/Libraries License: Apache-2.0 @@ -9,7 +9,6 @@ Source0: %{name}-%{version}.tar.gz Requires(post): libdevice-node Requires(post): sqlite Requires(post): connman -Requires: security-config BuildRequires: cmake BuildRequires: pkgconfig(dlog) BuildRequires: pkgconfig(gobject-2.0) @@ -196,16 +195,12 @@ ln -s ../download-provider.socket %{buildroot}/lib/systemd/system/sockets.target #make notify dir in post section for smack mkdir %{TZ_SYS_DATA}/download-provider mkdir -p %{_notifydir} -chown -R web_fw:web_fw %{_notifydir} chsmack -a 'System::Shared' %{_notifydir} -chsmack -t %{_notifydir} +chsmack -t %{_notifydir} mkdir -p --mode=0700 %{_databasedir} -chown -R web_fw:web_fw %{_databasedir} #chsmack -a 'download-provider' %{_databasedir} mkdir -p --mode=0700 %{_database_client_dir} #chsmack -a 'download-provider' %{_database_client_dir} -chown -R web_fw:web_fw %{_database_client_dir} -chown -R web_fw:web_fw %{_data_install_path} %files %defattr(-,root,root,-) diff --git a/provider/download-provider-plugin-download-agent.c b/provider/download-provider-plugin-download-agent.c index f65f86b..abba454 100755 --- a/provider/download-provider-plugin-download-agent.c +++ b/provider/download-provider-plugin-download-agent.c @@ -216,7 +216,9 @@ static int __set_file_permission_to_client(dp_client_slots_fmt *slot, dp_request if (lstat_info.st_mode == fstat_info.st_mode && lstat_info.st_ino == fstat_info.st_ino && lstat_info.st_dev == fstat_info.st_dev) { - if (fchown(fd, cred.uid, cred.gid) != 0) { + if ((fchown(fd, cred.uid, cred.gid) != 0) || + (fchmod(fd, S_IRUSR | S_IWUSR | + S_IRGRP | S_IROTH) != 0)) { TRACE_ERROR("[ERROR][%d] permission user:%d group:%d", request->id, cred.uid, cred.gid); errorcode = DP_ERROR_PERMISSION_DENIED; @@ -238,6 +240,26 @@ static int __set_file_permission_to_client(dp_client_slots_fmt *slot, dp_request TRACE_ERROR("lstat call failed"); errorcode = DP_ERROR_PERMISSION_DENIED; } + if (errorcode == DP_ERROR_NONE && dp_smack_is_mounted() == 1) { + // get smack_label from sql + char *smack_label = dp_db_get_client_smack_label(slot->pkgname); + if (smack_label == NULL) { + TRACE_SECURE_ERROR("[SMACK][%d] no label", request->id); + errorcode = DP_ERROR_PERMISSION_DENIED; + } else { + size_t len = str - (saved_path); + char *dir_path = (char *)calloc(len + 1, sizeof(char)); + if (dir_path != NULL) { + strncpy(dir_path, saved_path, len); + errorcode = dp_smack_set_label(smack_label, dir_path, saved_path); + free(dir_path); + } else { + TRACE_ERROR("[ERROR] calloc"); + errorcode = DP_ERROR_OUT_OF_MEMORY; + } + free(smack_label); + } + } return errorcode; } diff --git a/systemd/download-provider.service b/systemd/download-provider.service index 732d017..4286283 100755 --- a/systemd/download-provider.service +++ b/systemd/download-provider.service @@ -3,9 +3,6 @@ Description=Download provider service After=check-mount.service [Service] -User=web_fw -Group=web_fw -SupplementaryGroups=priv_mediastorage Type=simple ExecStart=/usr/bin/download-provider MemoryLimit=100M