From: Sangjin Kim Date: Tue, 31 May 2016 08:39:53 +0000 (-0700) Subject: Revert "Modify modules that need root permission." X-Git-Tag: submit/tizen/20160531.084327^0 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=9395230cf70cc07bfd036f8aa374f5f9443c7983;p=sdk%2Ftarget%2Fsdbd.git Revert "Modify modules that need root permission." This reverts commit c0cc4c69e65107bb2b0f955c2589ca53551c6940. Change-Id: I669f55ba15c9757ef34e5c041b85585633d3a0e8 --- diff --git a/packaging/sdbd.spec b/packaging/sdbd.spec index 6a3da0b..7bde2d9 100644 --- a/packaging/sdbd.spec +++ b/packaging/sdbd.spec @@ -2,7 +2,7 @@ Name: sdbd Summary: SDB daemon -Version: 3.0.12 +Version: 3.0.11 Release: 0 License: Apache-2.0 Summary: SDB daemon diff --git a/packaging/sdbd_device.service b/packaging/sdbd_device.service index 5aaac68..4fe803f 100644 --- a/packaging/sdbd_device.service +++ b/packaging/sdbd_device.service @@ -4,8 +4,6 @@ Requires=tizen-system-env.service After=tmp.mount [Service] -User=sdk -Group=sdk Type=forking EnvironmentFile=-/run/tizen-system-env PIDFile=/tmp/.sdbd.pid diff --git a/packaging/sdbd_emulator.service b/packaging/sdbd_emulator.service index 995d546..3db25cf 100644 --- a/packaging/sdbd_emulator.service +++ b/packaging/sdbd_emulator.service @@ -5,8 +5,6 @@ After=tmp.mount dbus.service #DefaultDependencies=false [Service] -User=sdk -Group=sdk Type=forking Environment=DISPLAY=:0 PIDFile=/tmp/.sdbd.pid diff --git a/src/file_sync_service.c b/src/file_sync_service.c index c15ae10..5fc6642 100644 --- a/src/file_sync_service.c +++ b/src/file_sync_service.c @@ -39,11 +39,42 @@ #define SYNC_TIMEOUT 15 +struct sync_permit_rule +{ + const char *name; + char *regx; + int mode; // 0:push, 1: pull, 2: push&push +}; + +struct sync_permit_rule sdk_sync_permit_rule[] = { + /* 0 */ {"unitest", "", 1}, + /* 1 */ {"codecoverage", "", 1}, + /* 2 */ {"da", "", 1}, + /* end */ {NULL, NULL, 0} +}; + /* The typical default value for the umask is S_IWGRP | S_IWOTH (octal 022). * Before use the DIR_PERMISSION, the process umask value should be set 0 using umask(). */ #define DIR_PERMISSION 0777 +void init_sdk_sync_permit_rule_regx(void) +{ + int ret; + ret = asprintf(&sdk_sync_permit_rule[0].regx, "^((/tmp)|(%s)|(%s))/[a-zA-Z0-9]{10}/data/[a-zA-Z0-9_\\-]{1,50}\\.xml$", APP_INSTALL_PATH_PREFIX1, APP_INSTALL_PATH_PREFIX2); + if(ret < 0) { + D("failed to run asprintf for unittest\n"); + } + ret = asprintf(&sdk_sync_permit_rule[1].regx, "^((/tmp)|(%s)|(%s))/[a-zA-Z0-9]{10}/data/+(.)*\\.gcda$", APP_INSTALL_PATH_PREFIX1, APP_INSTALL_PATH_PREFIX2); + if (ret < 0) { + D("failed to run asprintf for codecoverage\n"); + } + ret = asprintf(&sdk_sync_permit_rule[2].regx, "^(/tmp/da/)*+[a-zA-Z0-9_\\-\\.]{1,50}\\.png$"); + if (ret < 0) { + D("failed to run asprintf for da\n"); + } +} + static void set_syncfile_smack_label(char *src) { char *label_transmuted = NULL; char *label = NULL; @@ -558,6 +589,37 @@ static int do_recv(int s, const char *path, char *buffer) return 0; } +static int verify_sync_rule(const char* path) { + regex_t regex; + int ret; + char buf[PATH_MAX]; + int i=0; + + init_sdk_sync_permit_rule_regx(); + for (i=0; sdk_sync_permit_rule[i].regx != NULL; i++) { + ret = regcomp(®ex, sdk_sync_permit_rule[i].regx, REG_EXTENDED); + if(ret){ + return 0; + } + // execute regular expression + ret = regexec(®ex, path, 0, NULL, 0); + if(!ret){ + regfree(®ex); + D("found matched rule(%s) from %s path\n", sdk_sync_permit_rule[i].name, path); + return 1; + } else if( ret == REG_NOMATCH ){ + // do nothin + } else{ + regerror(ret, ®ex, buf, sizeof(buf)); + D("regex match failed(%s): %s\n",sdk_sync_permit_rule[i].name, buf); + } + } + regfree(®ex); + for (i=0; sdk_sync_permit_rule[i].regx != NULL; i++){ + free(sdk_sync_permit_rule[i].regx); + } + return 0; +} void file_sync_service(int fd, void *cookie) { @@ -622,7 +684,7 @@ void file_sync_service(int fd, void *cookie) D("sync: '%s' '%s'\n", (char*) &msg.req, name); - if (should_drop_privileges()) { + if (should_drop_privileges() && !verify_sync_rule(name)) { set_sdk_user_privileges(); }