From: Minje Ahn <minje.ahn@samsung.com>
Date: Mon, 29 Feb 2016 00:15:05 +0000 (+0900)
Subject: Add privilege checker
X-Git-Tag: submit/tizen/20160229.004619^0
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=1deb8094ffcb0c744c8f54979a4e5005a1408aa2;p=platform%2Fcore%2Fapi%2Fmedia-controller.git

Add privilege checker

Change-Id: Ie2c767cf078228305d09613d74d6f2f3a34b3f6c
Signed-off-by: Minje Ahn <minje.ahn@samsung.com>
---

diff --git a/packaging/capi-media-controller.spec b/packaging/capi-media-controller.spec
index 9578850..8f60832 100755
--- a/packaging/capi-media-controller.spec
+++ b/packaging/capi-media-controller.spec
@@ -1,6 +1,6 @@
 Name:       capi-media-controller
 Summary:    A media controller library in Tizen Native API
-Version:    0.0.13
+Version:    0.0.14
 Release:    1
 Group:      Multimedia/API
 License:    Apache-2.0
diff --git a/src/media_controller_ipc.c b/src/media_controller_ipc.c
index 0adc70c..df34401 100755
--- a/src/media_controller_ipc.c
+++ b/src/media_controller_ipc.c
@@ -25,16 +25,12 @@
 #define MC_SVC_NAME "mediacontroller"
 
 /* This checks if service daemon is running */
-static gboolean __is_service_activated()
+static int __is_service_activated()
 {
-	gboolean ret = FALSE;
+	int  ret = MEDIA_CONTROLLER_ERROR_NONE;
 	ret = mc_ipc_send_message_to_server(MC_MSG_SERVER_CONNECTION, MC_SERVER_CONNECTION_MSG);
-	if (ret != MEDIA_CONTROLLER_ERROR_NONE) {
-		mc_error("Failed to mc_ipc_send_message_to_server [%d]", ret);
-		return FALSE;
-	}
 
-	return TRUE;
+	return ret;
 }
 
 static char *__make_key_for_map(const char *main_key, const char *sub_key)
@@ -387,9 +383,15 @@ int mc_ipc_service_connect(void)
 	struct sockaddr_un serv_addr;
 	unsigned int retrycount = 0;
 
-	if (__is_service_activated() == TRUE) {
+	 ret = __is_service_activated();
+
+	if (ret == MEDIA_CONTROLLER_ERROR_NONE) {
 		mc_debug("service is already running!");
-		return MEDIA_CONTROLLER_ERROR_NONE;
+		return ret;
+	}
+	else if (ret == MEDIA_CONTROLLER_ERROR_PERMISSION_DENIED) {
+		mc_error("Permission deny!");
+		return ret;
 	}
 
 	/*Create Socket*/
@@ -411,7 +413,7 @@ int mc_ipc_service_connect(void)
 
 	mc_ipc_delete_client_socket(&sock_info);
 
-	while ((__is_service_activated() == FALSE) && (retrycount++ < MAX_WAIT_COUNT)) {
+	while ((__is_service_activated() != MEDIA_CONTROLLER_ERROR_NONE) && (retrycount++ < MAX_WAIT_COUNT)) {
 		MC_MILLISEC_SLEEP(200);
 		mc_error("[No-Error] retry count [%d]", retrycount);
 	}
diff --git a/svc/media_controller_svc.c b/svc/media_controller_svc.c
index aa65779..e7ab9af 100755
--- a/svc/media_controller_svc.c
+++ b/svc/media_controller_svc.c
@@ -218,6 +218,21 @@ gboolean _mc_read_service_request_tcp_socket(GIOChannel *src, GIOCondition condi
 			}
 		}
 	} else if (recv_msg.msg_type == MC_MSG_SERVER_CONNECTION) {
+		ret = mc_cynara_check(&creds, MC_CLIENT_PRIVILEGE);
+		if (ret != MEDIA_CONTROLLER_ERROR_NONE) {
+			mc_error("permission is denied![%d]", ret);
+			ret = mc_cynara_check(&creds, MC_SERVER_PRIVILEGE);
+			if (ret != MEDIA_CONTROLLER_ERROR_NONE) {
+				mc_error("permission is denied![%d]", ret);
+
+				send_msg = MEDIA_CONTROLLER_ERROR_PERMISSION_DENIED;
+				goto ERROR;
+			}
+		}
+
+		MC_SAFE_FREE(creds.uid);
+		MC_SAFE_FREE(creds.smack);
+
 		if (recv_msg.msg_size > 0) {
 			if (strncmp(recv_msg.msg, MC_SERVER_CONNECTION_MSG, recv_msg.msg_size) == 0) {
 				if (g_connection_cnt == -1)