From: Inhong Han <inhong1.han@samsung.com>
Date: Tue, 7 Jan 2025 01:44:29 +0000 (+0900)
Subject: Improved privilege checking using alternative API
X-Git-Tag: accepted/tizen/unified/20250107.102107~1
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=94acbc413dcbb63bf402a7a329d228064078fd73;p=platform%2Fcore%2Fuifw%2Fcapi-ui-sticker.git

Improved privilege checking using alternative API

Change-Id: I125b7d2d5369a7cd1be38643664040027e1daf44
---

diff --git a/CMakeLists.txt b/CMakeLists.txt
index fc4f40e..e0f7082 100755
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -25,6 +25,7 @@ pkg_check_modules(pkgs REQUIRED
     libtzplatform-config
     cynara-client
     cynara-session
+    cynara-creds-self
     capi-appfw-app-common
     capi-appfw-package-manager
     sqlite3
diff --git a/client/sticker_consumer.c b/client/sticker_consumer.c
index cf3448d..9530c12 100644
--- a/client/sticker_consumer.c
+++ b/client/sticker_consumer.c
@@ -21,6 +21,7 @@
 #include <cynara-client.h>
 #include <cynara-error.h>
 #include <cynara-session.h>
+#include <cynara-creds-self.h>
 
 #include "sticker_consumer.h"
 #include "sticker_consumer_main.h"
@@ -45,28 +46,30 @@ static int _cynara_initialize()
 static int _check_privilege(const char *uid, const char *privilege)
 {
     int ret;
-    FILE *fp = NULL;
-    char label_path[1024] = "/proc/self/attr/current";
-    char smack_label[1024] = {'\0',};
+    char *client_identification = NULL;
 
     if (!p_cynara) {
         return -1;
     }
 
-    fp = fopen(label_path, "r");
-    if (fp != NULL) {
-        ret = fread(smack_label, 1, sizeof(smack_label), fp);
-        if (ret <= 0)
-            LOGE("Failed to fread");
-
-        fclose(fp);
+    if (cynara_creds_self_get_client(CLIENT_METHOD_DEFAULT, &client_identification) != CYNARA_API_SUCCESS) {
+        LOGW("Failed to get client");
+        return -1;
     }
 
     pid_t pid = getpid();
     char *session = cynara_session_from_pid(pid);
-    ret = cynara_check(p_cynara, smack_label, session, uid, privilege);
-    if (session)
+    ret = cynara_check(p_cynara, client_identification, session, uid, privilege);
+
+    if (session) {
         free(session);
+        session = NULL;
+    }
+
+    if (client_identification) {
+        free(client_identification);
+        client_identification = NULL;
+    }
 
     if (ret != CYNARA_API_ACCESS_ALLOWED) {
         LOGE("Access denied. The result of cynara_check() : %d.", ret); //LCOV_EXCL_LINE
@@ -85,7 +88,7 @@ static void _cynara_deinitialize()
 }
 
 static int _sticker_check_privilege() {
-    char uid[16];
+    char uid[16] = {0,};
     int ret = STICKER_ERROR_NONE;
 
     if (_cynara_initialize() != CYNARA_API_SUCCESS)
diff --git a/packaging/capi-ui-sticker.spec b/packaging/capi-ui-sticker.spec
index 4094936..1de3e15 100644
--- a/packaging/capi-ui-sticker.spec
+++ b/packaging/capi-ui-sticker.spec
@@ -15,6 +15,7 @@ BuildRequires:  pkgconfig(capi-appfw-event)
 BuildRequires:  pkgconfig(capi-system-info)
 BuildRequires:  pkgconfig(cynara-client)
 BuildRequires:  pkgconfig(cynara-session)
+BuildRequires:  pkgconfig(cynara-creds-self)
 BuildRequires:  pkgconfig(dbus-1)
 BuildRequires:  pkgconfig(dlog)
 BuildRequires:  pkgconfig(gio-2.0)