From: Tomasz Swierczek <t.swierczek@samsung.com>
Date: Thu, 15 Nov 2018 08:59:13 +0000 (+0100)
Subject: Protect security_manager_app_has_privilege with privilege check
X-Git-Tag: submit/tizen/20181122.101858~1
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=d0a62a8018392cb2485a373b6fe3430f09d42a89;p=platform%2Fcore%2Fsecurity%2Fsecurity-manager.git

Protect security_manager_app_has_privilege with privilege check

This API serves similar data like fetching policy but wasn't protected
with privilege check. This change introduces the same entry checks.

Change-Id: I3fb2be619d05ebc770fd5c3b994baa13ff07c2a0
---

diff --git a/src/common/include/service_impl.h b/src/common/include/service_impl.h
index cabeef06..d213f1e8 100644
--- a/src/common/include/service_impl.h
+++ b/src/common/include/service_impl.h
@@ -215,6 +215,7 @@ public:
     /**
      * Process checking application's privilege access based on app_name
      *
+     * @param[in]  creds credentials of the caller
      * @param[in]  appName application identifier
      * @param[in]  privilege privilege name
      * @param[in]  uid user identifier
@@ -222,7 +223,7 @@ public:
      *
      * @return API return code, as defined in protocols.h
      */
-    int appHasPrivilege(std::string appName, std::string privilege, uid_t uid, bool &result);
+    int appHasPrivilege(const Credentials &creds, const std::string appName, const std::string privilege, uid_t uid, bool &result);
 
     /**
      * Process applying private path sharing between applications.
diff --git a/src/common/service_impl.cpp b/src/common/service_impl.cpp
index 035f75e0..d8d9f9ec 100644
--- a/src/common/service_impl.cpp
+++ b/src/common/service_impl.cpp
@@ -1691,13 +1691,20 @@ int ServiceImpl::policyGroupsForUid(uid_t uid, std::vector<gid_t> &groups)
 }
 
 int ServiceImpl::appHasPrivilege(
-        std::string appName,
-        std::string privilege,
+        const Credentials &creds,
+        const std::string appName,
+        const std::string privilege,
         uid_t uid,
         bool &result)
 {
     try {
         std::string appProcessLabel = getAppProcessLabel(appName);
+        if ((appProcessLabel != creds.label || creds.uid != uid)
+            && !authenticate(creds, PRIVILEGE_POLICY_USER)
+            && !authenticate(creds, PRIVILEGE_PERMISSION_CHECK)) {
+            LogError("Not enough privilege to access other process policies");
+            return SECURITY_MANAGER_ERROR_ACCESS_DENIED;
+        }
         std::string uidStr = std::to_string(uid);
         result = m_cynara.check(appProcessLabel, privilege, uidStr, "");
         LogDebug("result = " << result);
diff --git a/src/include/app-runtime.h b/src/include/app-runtime.h
index fa9078e4..c51e6269 100644
--- a/src/include/app-runtime.h
+++ b/src/include/app-runtime.h
@@ -201,6 +201,12 @@ int security_manager_identify_app_from_cynara_client(const char *client, char **
  * - 0: access denied
  * - 1: access granted
  *
+ * Required privileges:
+ * for checking policy for the caller application process:
+ * - none
+ * for checking policy for other application process:
+ * - http://tizen.org/privilege/notexist or http://tizen.org/privilege/permission.check
+ *
  * \param[in]  app_id     Application identifier
  * \param[in]  privilege  Privilege name
  * \param[in]  uid        User identifier
diff --git a/src/server/service/include/service.h b/src/server/service/include/service.h
index b4db1547..5805cf0d 100644
--- a/src/server/service/include/service.h
+++ b/src/server/service/include/service.h
@@ -178,8 +178,9 @@ private:
      *
      * @param  recv   Raw received data buffer
      * @param  send   Raw data buffer to be sent
+     * @param  creds  credentials of the requesting process
      */
-    void processAppHasPrivilege(MessageBuffer &recv, MessageBuffer &send);
+    void processAppHasPrivilege(MessageBuffer &recv, MessageBuffer &send, const Credentials &creds);
 
     /**
      * Process applying private path sharing between applications.
diff --git a/src/server/service/service.cpp b/src/server/service/service.cpp
index 9a169b59..cfcaedbf 100644
--- a/src/server/service/service.cpp
+++ b/src/server/service/service.cpp
@@ -134,7 +134,7 @@ bool Service::processOne(const ConnectionID &conn, MessageBuffer &buffer,
                     break;
                 case SecurityModuleCall::APP_HAS_PRIVILEGE:
                     LogDebug("call_type: SecurityModuleCall::APP_HAS_PRIVILEGE");
-                    processAppHasPrivilege(buffer, send);
+                    processAppHasPrivilege(buffer, send, creds);
                     break;
                 case SecurityModuleCall::APP_APPLY_PRIVATE_SHARING:
                     LogDebug("call_type: SecurityModuleCall::APP_APPLY_PRIVATE_SHARING");
@@ -387,7 +387,7 @@ void Service::processGroupsForUid(MessageBuffer &recv, MessageBuffer &send)
     }
 }
 
-void Service::processAppHasPrivilege(MessageBuffer &recv, MessageBuffer &send)
+void Service::processAppHasPrivilege(MessageBuffer &recv, MessageBuffer &send, const Credentials &creds)
 {
     std::string appName;
     std::string privilege;
@@ -398,7 +398,7 @@ void Service::processAppHasPrivilege(MessageBuffer &recv, MessageBuffer &send)
     Deserialization::Deserialize(recv, uid);
 
     bool result;
-    int ret = serviceImpl.appHasPrivilege(appName, privilege, uid, result);
+    int ret = serviceImpl.appHasPrivilege(creds, appName, privilege, uid, result);
 
     Serialization::Serialize(send, ret);
     if (ret == SECURITY_MANAGER_SUCCESS)