From: Pawel Wasowski <p.wasowski2@samsung.com>
Date: Mon, 23 Aug 2021 14:07:59 +0000 (+0200)
Subject: [Common] Add synchronization to privilege checking
X-Git-Tag: submit/tizen/20210901.122723~2
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=207d76b71c2323007d748f3d73b935b2b6d18b79;p=platform%2Fcore%2Fapi%2Fwebapi-plugins.git

[Common] Add synchronization to privilege checking

common::tools::CheckAccess() can be called from multiple threads in the
same time. (This happens in web service apps, which now are running as
separate threads of a single process.)
This commit adds synchronization of the access of this function's static
resources.

[Verification] Code compiles. The code works fine in a single-threaded
app

Change-Id: I4af0715d3605284bf82b2abe207dabe024986d25
Signed-off-by: Pawel Wasowski <p.wasowski2@samsung.com>
---

diff --git a/src/common/tools.cc b/src/common/tools.cc
index 9e9368e9..552af1a1 100644
--- a/src/common/tools.cc
+++ b/src/common/tools.cc
@@ -17,6 +17,7 @@
 #include "common/tools.h"
 
 #include <app_manager.h>
+#include <mutex>
 #include <pkgmgr-info.h>
 #include <privilegemgr/privilege_manager.h>
 #include <sys/stat.h>
@@ -276,6 +277,15 @@ PlatformResult CheckAccess(const std::string& privilege) {
 PlatformResult CheckAccess(const std::vector<std::string>& privileges) {
   ScopeLogger();
 
+  /*
+   * This lock is crucial to avoid concurrent access of static variables in this function and
+   * in AccessControlImpl class.
+   * Concurrent access is likely in web service apps. If multiple are running, each of them is executed in
+   * a thread of the same process.
+   */
+  static std::mutex check_access_mutex;
+  const std::lock_guard<std::mutex> lock{check_access_mutex};
+
   // Local cache of mapped privilege strings. This routine can be called many times, especially
   // during application launch, generating a high overhead of retrieving mapped privileges from
   // the underlying databases. This is especially the case since the same mappings can end up