From: sungwook79.park Date: Mon, 13 Jan 2025 01:53:08 +0000 (+0900) Subject: Adopt cynara api to check privilege X-Git-Tag: accepted/tizen/unified/20250519.121257~1^2 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=60be18b9dcff20a9b8643c4bec0b5e4421e0558a;p=platform%2Fcore%2Fuifw%2Fvoice-control.git Adopt cynara api to check privilege Change-Id: If6be9d37967c4e12882865f8e4ed8d1b7f09c943 Signed-off-by: sungwook79.park --- diff --git a/CMakeLists.txt b/CMakeLists.txt index c525efc..deec380 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -47,7 +47,7 @@ INCLUDE_DIRECTORIES("${CMAKE_SOURCE_DIR}/include") INCLUDE(FindPkgConfig) pkg_check_modules(pkgs REQUIRED aul buxton2 capi-appfw-app-control capi-appfw-app-manager capi-base-common capi-media-audio-io capi-media-sound-manager ecore-wl2 - capi-system-info cynara-client cynara-session db-util dlog ecore glib-2.0 json-glib-1.0 libgum libtzplatform-config libxml-2.0 sqlite3 vconf gmock bundle rpc-port + capi-system-info cynara-client cynara-session cynara-creds-self db-util dlog ecore glib-2.0 json-glib-1.0 libgum libtzplatform-config libxml-2.0 sqlite3 vconf gmock bundle rpc-port ) diff --git a/client/vc.c b/client/vc.c index 7530069..1a7796c 100644 --- a/client/vc.c +++ b/client/vc.c @@ -19,6 +19,7 @@ #include #include #include +#include #include #include #include @@ -112,30 +113,31 @@ static int __check_privilege_initialize() static int __check_privilege(const char* uid, const char * privilege) { - FILE *fp = NULL; - char label_path[1024] = "/proc/self/attr/current"; - char smack_label[1024] = {'\0',}; + char *client_identification = NULL; + char *session = NULL; + int ret; if (!p_cynara) { - return false; //LCOV_EXCL_LINE + return false; } - fp = fopen(label_path, "r"); - if (fp != NULL) { - if (0 >= fread(smack_label, 1, sizeof(smack_label), fp)) - SLOG(LOG_ERROR, TAG_VCC, "[ERROR] fail to fread"); //LCOV_EXCL_LINE - - fclose(fp); + if (cynara_creds_self_get_client(CLIENT_METHOD_DEFAULT, &client_identification) != CYNARA_API_SUCCESS) { + SLOG(LOG_ERROR, TAG_VCC, "Failed to get client."); + return false; } - pid_t pid = getpid(); - char *session = cynara_session_from_pid(pid); - int ret = cynara_check(p_cynara, smack_label, session, uid, privilege); - SLOG(LOG_DEBUG, TAG_VCC, "[Client]cynara_check returned %d(%s)", ret, (CYNARA_API_ACCESS_ALLOWED == ret) ? "Allowed" : "Denied"); - FREE(session); + session = cynara_session_from_pid(getpid()); + ret = cynara_check(p_cynara, client_identification, session, uid, privilege); - if (ret != CYNARA_API_ACCESS_ALLOWED) - return false; //LCOV_EXCL_LINE + free(session); + session = NULL; + free(client_identification); + client_identification = NULL; + + if (ret != CYNARA_API_ACCESS_ALLOWED) { + SLOG(LOG_DEBUG, TAG_VCC, "[Client]cynara_check returned %d(Denied)", ret); + return false; + } return true; } diff --git a/client/vc_mgr.c b/client/vc_mgr.c index 0d6659e..2afe109 100644 --- a/client/vc_mgr.c +++ b/client/vc_mgr.c @@ -19,6 +19,7 @@ #include #include #include +#include #include #include @@ -155,34 +156,31 @@ static int __check_privilege_initialize() static int __check_privilege(const char* uid, const char * privilege) { - FILE *fp = NULL; - char label_path[1024] = "/proc/self/attr/current"; - char smack_label[1024] = {'\0',}; + char *client_identification = NULL; + char *session = NULL; + int ret; if (!p_cynara) { - SLOG(LOG_ERROR, TAG_VCM, "[ERROR] p_cynara is NULL"); return false; } - fp = fopen(label_path, "r"); - if (fp != NULL) { - if (fread(smack_label, 1, sizeof(smack_label), fp) <= 0) - SLOG(LOG_ERROR, TAG_VCM, "[ERROR] fail to fread"); - - fclose(fp); + if (cynara_creds_self_get_client(CLIENT_METHOD_DEFAULT, &client_identification) != CYNARA_API_SUCCESS) { + SLOG(LOG_ERROR, TAG_VCM, "Failed to get client."); + return false; } - pid_t pid = getpid(); - char *session = cynara_session_from_pid(pid); - int ret = cynara_check(p_cynara, smack_label, session, uid, privilege); + session = cynara_session_from_pid(getpid()); + ret = cynara_check(p_cynara, client_identification, session, uid, privilege); + free(session); session = NULL; + free(client_identification); + client_identification = NULL; if (ret != CYNARA_API_ACCESS_ALLOWED) { - SLOG(LOG_INFO, TAG_VCM, "[Client]cynara_check returned %d(Denied), p_cynara(%p), label(%s), session(%s), uid(%s), priv(%s)", ret, p_cynara, smack_label, session, uid, privilege); + SLOG(LOG_DEBUG, TAG_VCM, "[Client]cynara_check returned %d(Denied)", ret); return false; } - return true; } diff --git a/common/vc_command.c b/common/vc_command.c index 1a13a6a..0dd1cd6 100644 --- a/common/vc_command.c +++ b/common/vc_command.c @@ -19,6 +19,7 @@ #include #include #include +#include #include #include #include @@ -109,31 +110,31 @@ static int __check_privilege_initialize() static int __check_privilege(const char* uid, const char * privilege) { - FILE *fp = NULL; - char label_path[1024] = "/proc/self/attr/current"; - char smack_label[1024] = {'\0',}; + char *client_identification = NULL; + char *session = NULL; + int ret; if (!p_cynara) { return false; } - fp = fopen(label_path, "r"); - if (fp != NULL) { - if (0 >= fread(smack_label, 1, sizeof(smack_label), fp)) - SLOG(LOG_ERROR, TAG_VCCMD, "[ERROR] fail to fread"); - - fclose(fp); + if (cynara_creds_self_get_client(CLIENT_METHOD_DEFAULT, &client_identification) != CYNARA_API_SUCCESS) { + SLOG(LOG_ERROR, TAG_VCCMD, "Failed to get client."); + return false; } - pid_t pid = getpid(); - char *session = cynara_session_from_pid(pid); - int ret = cynara_check(p_cynara, smack_label, session, uid, privilege); - SLOG(LOG_DEBUG, TAG_VCCMD, "[Client]cynara_check returned %d(%s)", ret, (CYNARA_API_ACCESS_ALLOWED == ret) ? "Allowed" : "Denied"); - if (session) - free(session); + session = cynara_session_from_pid(getpid()); + ret = cynara_check(p_cynara, client_identification, session, uid, privilege); - if (ret != CYNARA_API_ACCESS_ALLOWED) + free(session); + session = NULL; + free(client_identification); + client_identification = NULL; + + if (ret != CYNARA_API_ACCESS_ALLOWED) { + SLOG(LOG_DEBUG, TAG_VCCMD, "[Client]cynara_check returned %d(Denied)", ret); return false; + } return true; } diff --git a/packaging/voice-control.spec b/packaging/voice-control.spec index 9f190e6..7ec5689 100644 --- a/packaging/voice-control.spec +++ b/packaging/voice-control.spec @@ -20,6 +20,7 @@ BuildRequires: pkgconfig(capi-media-sound-manager) BuildRequires: pkgconfig(capi-system-info) BuildRequires: pkgconfig(cynara-client) BuildRequires: pkgconfig(cynara-session) +BuildRequires: pkgconfig(cynara-creds-self) BuildRequires: pkgconfig(db-util) BuildRequires: pkgconfig(dlog) BuildRequires: pkgconfig(ecore) diff --git a/server/vce.c b/server/vce.c index 4ce0c9e..d8b73d2 100644 --- a/server/vce.c +++ b/server/vce.c @@ -18,6 +18,7 @@ #include #include #include +#include #include #include "vcd_tidl.h" #include "vcd_main.h" @@ -72,31 +73,31 @@ static int __check_privilege_initialize() static int __check_privilege(const char* uid, const char * privilege) { - FILE *fp = NULL; - char label_path[1024] = "/proc/self/attr/current"; - char smack_label[1024] = {'\0',}; + char *client_identification = NULL; + char *session = NULL; + int ret; if (!p_cynara) { return false; } - fp = fopen(label_path, "r"); - if (fp != NULL) { - if (0 >= fread(smack_label, 1, sizeof(smack_label), fp)) - SLOG(LOG_ERROR, TAG_VCD, "[ERROR] fail to fread"); - - fclose(fp); + if (cynara_creds_self_get_client(CLIENT_METHOD_DEFAULT, &client_identification) != CYNARA_API_SUCCESS) { + SLOG(LOG_ERROR, TAG_VCD, "Failed to get client."); + return false; } - pid_t pid = getpid(); - char *session = cynara_session_from_pid(pid); - int ret = cynara_check(p_cynara, smack_label, session, uid, privilege); - SLOG(LOG_INFO, TAG_VCD, "[Client]cynara_check returned %d(%s)", ret, (CYNARA_API_ACCESS_ALLOWED == ret) ? "Allowed" : "Denied"); - if (session) - free(session); + session = cynara_session_from_pid(getpid()); + ret = cynara_check(p_cynara, client_identification, session, uid, privilege); - if (ret != CYNARA_API_ACCESS_ALLOWED) + free(session); + session = NULL; + free(client_identification); + client_identification = NULL; + + if (ret != CYNARA_API_ACCESS_ALLOWED) { + SLOG(LOG_DEBUG, TAG_VCD, "[Client]cynara_check returned %d(Denied)", ret); return false; + } return true; } diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt index b2e4c8b..ad077d7 100644 --- a/tests/CMakeLists.txt +++ b/tests/CMakeLists.txt @@ -41,6 +41,7 @@ SET_TARGET_PROPERTIES(${UNITTEST_VC} PROPERTIES --wrap=cynara_initialize,\ --wrap=cynara_finish,\ --wrap=cynara_session_from_pid,\ +--wrap=cynara_creds_self_get_client,\ --wrap=cynara_check") INSTALL(FILES ${CMAKE_SOURCE_DIR}/tests/${PKGNAME}.xml DESTINATION ${TZ_SYS_RO_PACKAGES}) diff --git a/tests/src/cynara_mock.cpp b/tests/src/cynara_mock.cpp index ff6e88f..7919314 100644 --- a/tests/src/cynara_mock.cpp +++ b/tests/src/cynara_mock.cpp @@ -32,3 +32,8 @@ EXPORT_API char *__wrap_cynara_session_from_pid(pid_t pid) { return strdup("session"); } + +EXPORT_API int __wrap_cynara_creds_self_get_client(enum cynara_client_creds method, char **client) +{ + return 0; +} \ No newline at end of file diff --git a/tests/src/cynara_mock.h b/tests/src/cynara_mock.h index 1becb42..ce9e7e1 100644 --- a/tests/src/cynara_mock.h +++ b/tests/src/cynara_mock.h @@ -3,6 +3,7 @@ #include #include +#include #ifdef __cplusplus extern "C" { @@ -80,6 +81,7 @@ int __wrap_cynara_check(cynara* c, const char* client, const char* client_sessio const char* privilege); char *__wrap_cynara_session_from_pid(pid_t pid); +int __wrap_cynara_creds_self_get_client(enum cynara_client_creds method, char **client); #ifdef __cplusplus }