From: Seonah Moon <seonah1.moon@samsung.com>
Date: Thu, 5 Jul 2018 02:15:00 +0000 (+0900)
Subject: Add privilege check
X-Git-Tag: submit/tizen/20180709.015112^0
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=d1c771859887595fe9fb6ddfc1c9c82021f6a35c;p=platform%2Fcore%2Fapi%2Fsoftap.git

Add privilege check

Change-Id: I33c507db68c756abae86c7b0869fac805774b704
---

diff --git a/CMakeLists.txt b/CMakeLists.txt
index be11558..8ced952 100755
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -9,7 +9,7 @@ SET(PREFIX ${CMAKE_INSTALL_PREFIX})
 SET(INC_DIR include)
 INCLUDE_DIRECTORIES(${INC_DIR})
 
-SET(dependents "dlog gio-2.0 gio-unix-2.0 glib-2.0 capi-base-common dbus-1 vconf libssl capi-system-info")
+SET(dependents "dlog gio-2.0 gio-unix-2.0 glib-2.0 capi-base-common dbus-1 vconf libssl capi-system-info cynara-client")
 
 SET(CMAKE_BUILD_TYPE "Release")
 
diff --git a/include/softap_private.h b/include/softap_private.h
index 16a0502..933fef8 100644
--- a/include/softap_private.h
+++ b/include/softap_private.h
@@ -253,6 +253,7 @@ typedef struct {
 	time_t tm;						/**< connection time */
 } __softap_client_h;
 
+int _softap_check_permission(void);
 void _softap_add_handle(softap_h handle);
 void _softap_remove_handle(softap_h handle);
 bool _softap_check_handle(softap_h handle);
diff --git a/packaging/capi-network-softap.spec b/packaging/capi-network-softap.spec
index 08a5956..e31c8cb 100644
--- a/packaging/capi-network-softap.spec
+++ b/packaging/capi-network-softap.spec
@@ -1,6 +1,6 @@
 Name:		capi-network-softap
 Summary:	Softap Framework
-Version:	0.0.22
+Version:	0.0.23
 Release:	1
 Group:		System/Network
 License:	Apache-2.0
@@ -13,6 +13,7 @@ BuildRequires:	pkgconfig(gio-2.0)
 BuildRequires:	pkgconfig(vconf)
 BuildRequires:	pkgconfig(libssl)
 BuildRequires:	pkgconfig(capi-system-info)
+BuildRequires:	pkgconfig(cynara-client)
 BuildRequires:	cmake
 Requires(post):		/sbin/ldconfig
 Requires(postun):	/sbin/ldconfig
diff --git a/src/softap.c b/src/softap.c
index a067fc3..0ba581c 100755
--- a/src/softap.c
+++ b/src/softap.c
@@ -791,6 +791,9 @@ API int softap_create(softap_h *softap)
 {
 	DBG("+");
 	CHECK_FEATURE_SUPPORTED(SOFTAP_FEATURE);
+	_retvm_if(_softap_check_permission() != SOFTAP_ERROR_NONE,
+			SOFTAP_ERROR_PERMISSION_DENIED,
+			"permission denied!");
 	_retvm_if(softap == NULL, SOFTAP_ERROR_INVALID_PARAMETER,
 			"parameter(softap) is NULL\n");
 
@@ -893,6 +896,9 @@ API int softap_destroy(softap_h softap)
 {
 	DBG("+");
 	CHECK_FEATURE_SUPPORTED(SOFTAP_FEATURE);
+	_retvm_if(_softap_check_permission() != SOFTAP_ERROR_NONE,
+			SOFTAP_ERROR_PERMISSION_DENIED,
+			"permission denied!");
 	_retvm_if(softap == NULL, SOFTAP_ERROR_INVALID_PARAMETER,
 			"parameter(softap) is NULL\n");
 
@@ -1007,6 +1013,9 @@ API int softap_is_enabled(softap_h softap, bool *enable)
 {
 	DBG("+");
 	CHECK_FEATURE_SUPPORTED(SOFTAP_FEATURE);
+	_retvm_if(_softap_check_permission() != SOFTAP_ERROR_NONE,
+			SOFTAP_ERROR_PERMISSION_DENIED,
+			"permission denied!");
 	_retvm_if(softap == NULL, SOFTAP_ERROR_INVALID_PARAMETER,
 			"parameter(softap) is NULL");
 	_retvm_if(enable == NULL, SOFTAP_ERROR_INVALID_PARAMETER,
@@ -1030,6 +1039,9 @@ API int softap_get_mac_address(softap_h softap, char **mac_address)
 {
 	DBG("+");
 	CHECK_FEATURE_SUPPORTED(SOFTAP_FEATURE);
+	_retvm_if(_softap_check_permission() != SOFTAP_ERROR_NONE,
+			SOFTAP_ERROR_PERMISSION_DENIED,
+			"permission denied!");
 	_retvm_if(softap == NULL, SOFTAP_ERROR_INVALID_PARAMETER,
 			"parameter(softap) is NULL\n");
 	_retvm_if(mac_address == NULL, SOFTAP_ERROR_INVALID_PARAMETER,
@@ -1079,6 +1091,9 @@ API int softap_get_network_interface_name(softap_h softap, char **interface_name
 {
 	DBG("+");
 	CHECK_FEATURE_SUPPORTED(SOFTAP_FEATURE);
+	_retvm_if(_softap_check_permission() != SOFTAP_ERROR_NONE,
+			SOFTAP_ERROR_PERMISSION_DENIED,
+			"permission denied!");
 	_retvm_if(softap == NULL, SOFTAP_ERROR_INVALID_PARAMETER,
 			"parameter(softap) is NULL\n");
 	_retvm_if(interface_name == NULL, SOFTAP_ERROR_INVALID_PARAMETER,
@@ -1103,6 +1118,9 @@ API int softap_set_ip_address(softap_h softap, softap_address_family_e address_f
 {
 	DBG("+");
 	CHECK_FEATURE_SUPPORTED(SOFTAP_FEATURE);
+	_retvm_if(_softap_check_permission() != SOFTAP_ERROR_NONE,
+			SOFTAP_ERROR_PERMISSION_DENIED,
+			"permission denied!");
 	_retvm_if(softap == NULL, SOFTAP_ERROR_INVALID_PARAMETER,
 			"parameter(softap) is NULL\n");
 	_retvm_if(ip_address == NULL, SOFTAP_ERROR_INVALID_PARAMETER,
@@ -1132,6 +1150,9 @@ API int softap_get_ip_address(softap_h softap, softap_address_family_e address_f
 {
 	DBG("+");
 	CHECK_FEATURE_SUPPORTED(SOFTAP_FEATURE);
+	_retvm_if(_softap_check_permission() != SOFTAP_ERROR_NONE,
+			SOFTAP_ERROR_PERMISSION_DENIED,
+			"permission denied!");
 	_retvm_if(softap == NULL, SOFTAP_ERROR_INVALID_PARAMETER,
 			"parameter(softap) is NULL\n");
 	_retvm_if(ip_address == NULL, SOFTAP_ERROR_INVALID_PARAMETER,
@@ -1172,6 +1193,9 @@ API int softap_get_gateway_address(softap_h softap, softap_address_family_e addr
 {
 	DBG("+");
 	CHECK_FEATURE_SUPPORTED(SOFTAP_FEATURE);
+	_retvm_if(_softap_check_permission() != SOFTAP_ERROR_NONE,
+			SOFTAP_ERROR_PERMISSION_DENIED,
+			"permission denied!");
 	_retvm_if(softap == NULL, SOFTAP_ERROR_INVALID_PARAMETER,
 			"parameter(softap) is NULL\n");
 	_retvm_if(gateway_address == NULL, SOFTAP_ERROR_INVALID_PARAMETER,
@@ -1194,6 +1218,9 @@ API int softap_get_subnet_mask(softap_h softap, softap_address_family_e address_
 {
 	DBG("+");
 	CHECK_FEATURE_SUPPORTED(SOFTAP_FEATURE);
+	_retvm_if(_softap_check_permission() != SOFTAP_ERROR_NONE,
+			SOFTAP_ERROR_PERMISSION_DENIED,
+			"permission denied!");
 	_retvm_if(softap == NULL, SOFTAP_ERROR_INVALID_PARAMETER,
 			"parameter(softap) is NULL\n");
 	_retvm_if(subnet_mask == NULL, SOFTAP_ERROR_INVALID_PARAMETER,
@@ -1235,12 +1262,22 @@ API int softap_foreach_connected_clients(softap_h softap, softap_connected_clien
 	GVariant *value = NULL;
 	gchar *key = NULL;
 	int interface = 0;
+	int ret = 0;
 
 	result = g_dbus_proxy_call_sync(sa->client_bus_proxy, "get_station_info",
 			NULL, G_DBUS_CALL_FLAGS_NONE,
 			-1, sa->cancellable, &error);
-	if (error)
+
+	if (error) {
 		ERR("g_dbus_proxy_call_sync is failed and error is %s\n", error->message);
+		if (error->code == G_DBUS_ERROR_ACCESS_DENIED)
+			ret = SOFTAP_ERROR_PERMISSION_DENIED;
+		else
+			ret = SOFTAP_ERROR_OPERATION_FAILED;
+
+		g_error_free(error);
+		return ret;
+	}
 	g_variant_get(result, "(a(a{sv}))", &outer_iter);
 
 	while (g_variant_iter_loop(outer_iter, "(@a{sv})", &station)) {
@@ -1309,6 +1346,9 @@ API int softap_foreach_connected_clients(softap_h softap, softap_connected_clien
 API int softap_set_enabled_cb(softap_h softap, softap_enabled_cb callback, void *user_data)
 {
 	CHECK_FEATURE_SUPPORTED(SOFTAP_FEATURE);
+	_retvm_if(_softap_check_permission() != SOFTAP_ERROR_NONE,
+			SOFTAP_ERROR_PERMISSION_DENIED,
+			"permission denied!");
 	_retvm_if(softap == NULL, SOFTAP_ERROR_INVALID_PARAMETER,
 			"parameter(softap) is NULL\n");
 	_retvm_if(callback == NULL, SOFTAP_ERROR_INVALID_PARAMETER,
@@ -1325,6 +1365,9 @@ API int softap_set_enabled_cb(softap_h softap, softap_enabled_cb callback, void
 API int softap_unset_enabled_cb(softap_h softap)
 {
 	CHECK_FEATURE_SUPPORTED(SOFTAP_FEATURE);
+	_retvm_if(_softap_check_permission() != SOFTAP_ERROR_NONE,
+			SOFTAP_ERROR_PERMISSION_DENIED,
+			"permission denied!");
 	_retvm_if(softap == NULL, SOFTAP_ERROR_INVALID_PARAMETER,
 			"parameter(softap) is NULL\n");
 
@@ -1339,6 +1382,9 @@ API int softap_unset_enabled_cb(softap_h softap)
 API int softap_set_disabled_cb(softap_h softap, softap_disabled_cb callback, void *user_data)
 {
 	CHECK_FEATURE_SUPPORTED(SOFTAP_FEATURE);
+	_retvm_if(_softap_check_permission() != SOFTAP_ERROR_NONE,
+			SOFTAP_ERROR_PERMISSION_DENIED,
+			"permission denied!");
 	_retvm_if(softap == NULL, SOFTAP_ERROR_INVALID_PARAMETER,
 			"parameter(softap) is NULL\n");
 	_retvm_if(callback == NULL, SOFTAP_ERROR_INVALID_PARAMETER,
@@ -1355,6 +1401,9 @@ API int softap_set_disabled_cb(softap_h softap, softap_disabled_cb callback, voi
 API int softap_unset_disabled_cb(softap_h softap)
 {
 	CHECK_FEATURE_SUPPORTED(SOFTAP_FEATURE);
+	_retvm_if(_softap_check_permission() != SOFTAP_ERROR_NONE,
+			SOFTAP_ERROR_PERMISSION_DENIED,
+			"permission denied!");
 	_retvm_if(softap == NULL, SOFTAP_ERROR_INVALID_PARAMETER,
 			"parameter(softap) is NULL\n");
 
@@ -1369,6 +1418,9 @@ API int softap_unset_disabled_cb(softap_h softap)
 API int softap_set_client_connection_state_changed_cb(softap_h softap, softap_client_connection_state_changed_cb callback, void *user_data)
 {
 	CHECK_FEATURE_SUPPORTED(SOFTAP_FEATURE);
+	_retvm_if(_softap_check_permission() != SOFTAP_ERROR_NONE,
+			SOFTAP_ERROR_PERMISSION_DENIED,
+			"permission denied!");
 	_retvm_if(softap == NULL, SOFTAP_ERROR_INVALID_PARAMETER,
 			"parameter(softap) is NULL\n");
 	_retvm_if(callback == NULL, SOFTAP_ERROR_INVALID_PARAMETER,
@@ -1385,6 +1437,9 @@ API int softap_set_client_connection_state_changed_cb(softap_h softap, softap_cl
 API int softap_unset_client_connection_state_changed_cb(softap_h softap)
 {
 	CHECK_FEATURE_SUPPORTED(SOFTAP_FEATURE);
+	_retvm_if(_softap_check_permission() != SOFTAP_ERROR_NONE,
+			SOFTAP_ERROR_PERMISSION_DENIED,
+			"permission denied!");
 	_retvm_if(softap == NULL, SOFTAP_ERROR_INVALID_PARAMETER,
 			"parameter(softap) is NULL\n");
 
@@ -1400,6 +1455,9 @@ API int softap_unset_client_connection_state_changed_cb(softap_h softap)
 API int softap_set_security_type_changed_cb(softap_h softap, softap_security_type_changed_cb callback, void *user_data)
 {
 	CHECK_FEATURE_SUPPORTED(SOFTAP_FEATURE);
+	_retvm_if(_softap_check_permission() != SOFTAP_ERROR_NONE,
+			SOFTAP_ERROR_PERMISSION_DENIED,
+			"permission denied!");
 	_retvm_if(softap == NULL, SOFTAP_ERROR_INVALID_PARAMETER,
 			"parameter(softap) is NULL\n");
 	_retvm_if(callback == NULL, SOFTAP_ERROR_INVALID_PARAMETER,
@@ -1416,6 +1474,9 @@ API int softap_set_security_type_changed_cb(softap_h softap, softap_security_typ
 API int softap_unset_security_type_changed_cb(softap_h softap)
 {
 	CHECK_FEATURE_SUPPORTED(SOFTAP_FEATURE);
+	_retvm_if(_softap_check_permission() != SOFTAP_ERROR_NONE,
+			SOFTAP_ERROR_PERMISSION_DENIED,
+			"permission denied!");
 	_retvm_if(softap == NULL, SOFTAP_ERROR_INVALID_PARAMETER,
 			"parameter(softap) is NULL\n");
 
@@ -1430,6 +1491,9 @@ API int softap_unset_security_type_changed_cb(softap_h softap)
 API int softap_set_ssid_visibility_changed_cb(softap_h softap, softap_ssid_visibility_changed_cb callback, void *user_data)
 {
 	CHECK_FEATURE_SUPPORTED(SOFTAP_FEATURE);
+	_retvm_if(_softap_check_permission() != SOFTAP_ERROR_NONE,
+			SOFTAP_ERROR_PERMISSION_DENIED,
+			"permission denied!");
 	_retvm_if(softap == NULL, SOFTAP_ERROR_INVALID_PARAMETER,
 			"parameter(softap) is NULL\n");
 	_retvm_if(callback == NULL, SOFTAP_ERROR_INVALID_PARAMETER,
@@ -1446,6 +1510,9 @@ API int softap_set_ssid_visibility_changed_cb(softap_h softap, softap_ssid_visib
 API int softap_unset_ssid_visibility_changed_cb(softap_h softap)
 {
 	CHECK_FEATURE_SUPPORTED(SOFTAP_FEATURE);
+	_retvm_if(_softap_check_permission() != SOFTAP_ERROR_NONE,
+			SOFTAP_ERROR_PERMISSION_DENIED,
+			"permission denied!");
 	_retvm_if(softap == NULL, SOFTAP_ERROR_INVALID_PARAMETER,
 			"parameter(softap) is NULL\n");
 
@@ -1460,6 +1527,9 @@ API int softap_unset_ssid_visibility_changed_cb(softap_h softap)
 API int softap_set_passphrase_changed_cb(softap_h softap, softap_passphrase_changed_cb callback, void *user_data)
 {
 	CHECK_FEATURE_SUPPORTED(SOFTAP_FEATURE);
+	_retvm_if(_softap_check_permission() != SOFTAP_ERROR_NONE,
+			SOFTAP_ERROR_PERMISSION_DENIED,
+			"permission denied!");
 	_retvm_if(softap == NULL, SOFTAP_ERROR_INVALID_PARAMETER,
 			"parameter(softap) is NULL\n");
 	_retvm_if(callback == NULL, SOFTAP_ERROR_INVALID_PARAMETER,
@@ -1476,6 +1546,9 @@ API int softap_set_passphrase_changed_cb(softap_h softap, softap_passphrase_chan
 API int softap_unset_passphrase_changed_cb(softap_h softap)
 {
 	CHECK_FEATURE_SUPPORTED(SOFTAP_FEATURE);
+	_retvm_if(_softap_check_permission() != SOFTAP_ERROR_NONE,
+			SOFTAP_ERROR_PERMISSION_DENIED,
+			"permission denied!");
 	_retvm_if(softap == NULL, SOFTAP_ERROR_INVALID_PARAMETER,
 			"parameter(softap) is NULL\n");
 
@@ -1490,6 +1563,9 @@ API int softap_unset_passphrase_changed_cb(softap_h softap)
 API int softap_set_security_type(softap_h softap, softap_security_type_e type)
 {
 	CHECK_FEATURE_SUPPORTED(SOFTAP_FEATURE);
+	_retvm_if(_softap_check_permission() != SOFTAP_ERROR_NONE,
+			SOFTAP_ERROR_PERMISSION_DENIED,
+			"permission denied!");
 	_retvm_if(softap == NULL, SOFTAP_ERROR_INVALID_PARAMETER,
 			"parameter(softap) is NULL\n");
 
@@ -1523,6 +1599,9 @@ API int softap_set_security_type(softap_h softap, softap_security_type_e type)
 API int softap_get_security_type(softap_h softap, softap_security_type_e *type)
 {
 	CHECK_FEATURE_SUPPORTED(SOFTAP_FEATURE);
+	_retvm_if(_softap_check_permission() != SOFTAP_ERROR_NONE,
+			SOFTAP_ERROR_PERMISSION_DENIED,
+			"permission denied!");
 	_retvm_if(softap == NULL, SOFTAP_ERROR_INVALID_PARAMETER,
 				"parameter(softap) is NULL\n");
 	_retvm_if(type == NULL, SOFTAP_ERROR_INVALID_PARAMETER,
@@ -1534,6 +1613,9 @@ API int softap_get_security_type(softap_h softap, softap_security_type_e *type)
 API int softap_set_ssid(softap_h softap, const char *ssid)
 {
 	CHECK_FEATURE_SUPPORTED(SOFTAP_FEATURE);
+	_retvm_if(_softap_check_permission() != SOFTAP_ERROR_NONE,
+			SOFTAP_ERROR_PERMISSION_DENIED,
+			"permission denied!");
 	_retvm_if(softap == NULL, SOFTAP_ERROR_INVALID_PARAMETER,
 			"parameter(softap) is NULL\n");
 	_retvm_if(ssid == NULL, SOFTAP_ERROR_INVALID_PARAMETER,
@@ -1565,6 +1647,9 @@ API int softap_set_ssid(softap_h softap, const char *ssid)
 API int softap_get_ssid(softap_h softap, char **ssid)
 {
 	CHECK_FEATURE_SUPPORTED(SOFTAP_FEATURE);
+	_retvm_if(_softap_check_permission() != SOFTAP_ERROR_NONE,
+			SOFTAP_ERROR_PERMISSION_DENIED,
+			"permission denied!");
 	_retvm_if(softap == NULL, SOFTAP_ERROR_INVALID_PARAMETER,
 			"parameter(softap) is NULL\n");
 	_retvm_if(ssid == NULL, SOFTAP_ERROR_INVALID_PARAMETER,
@@ -1608,6 +1693,9 @@ API int softap_get_ssid(softap_h softap, char **ssid)
 API int softap_set_ssid_visibility(softap_h softap, bool visible)
 {
 	CHECK_FEATURE_SUPPORTED(SOFTAP_FEATURE);
+	_retvm_if(_softap_check_permission() != SOFTAP_ERROR_NONE,
+			SOFTAP_ERROR_PERMISSION_DENIED,
+			"permission denied!");
 	_retvm_if(softap == NULL, SOFTAP_ERROR_INVALID_PARAMETER,
 			"parameter(softap) is NULL\n");
 
@@ -1629,6 +1717,9 @@ API int softap_set_ssid_visibility(softap_h softap, bool visible)
 API int softap_get_ssid_visibility(softap_h softap, bool *visible)
 {
 	CHECK_FEATURE_SUPPORTED(SOFTAP_FEATURE);
+	_retvm_if(_softap_check_permission() != SOFTAP_ERROR_NONE,
+			SOFTAP_ERROR_PERMISSION_DENIED,
+			"permission denied!");
 	_retvm_if(softap == NULL, SOFTAP_ERROR_INVALID_PARAMETER,
 			"parameter(softap) is NULL\n");
 	_retvm_if(visible == NULL, SOFTAP_ERROR_INVALID_PARAMETER,
@@ -1640,6 +1731,9 @@ API int softap_get_ssid_visibility(softap_h softap, bool *visible)
 API int softap_set_passphrase(softap_h softap, const char *passphrase)
 {
 	CHECK_FEATURE_SUPPORTED(SOFTAP_FEATURE);
+	_retvm_if(_softap_check_permission() != SOFTAP_ERROR_NONE,
+			SOFTAP_ERROR_PERMISSION_DENIED,
+			"permission denied!");
 	_retvm_if(softap == NULL, SOFTAP_ERROR_INVALID_PARAMETER,
 			"parameter(softap) is NULL\n");
 	_retvm_if(passphrase == NULL, SOFTAP_ERROR_INVALID_PARAMETER,
@@ -1665,6 +1759,9 @@ API int softap_set_passphrase(softap_h softap, const char *passphrase)
 API int softap_get_passphrase(softap_h softap, char **passphrase)
 {
 	CHECK_FEATURE_SUPPORTED(SOFTAP_FEATURE);
+	_retvm_if(_softap_check_permission() != SOFTAP_ERROR_NONE,
+			SOFTAP_ERROR_PERMISSION_DENIED,
+			"permission denied!");
 	_retvm_if(softap == NULL, SOFTAP_ERROR_INVALID_PARAMETER,
 			"parameter(softap) is NULL\n");
 	_retvm_if(passphrase == NULL, SOFTAP_ERROR_INVALID_PARAMETER,
@@ -1773,6 +1870,9 @@ API int softap_set_wps_pin(softap_h softap, const char *wps_pin)
 API int softap_get_vendor_element(softap_h softap, char **vendor_element)
 {
 	CHECK_FEATURE_SUPPORTED(SOFTAP_FEATURE);
+	_retvm_if(_softap_check_permission() != SOFTAP_ERROR_NONE,
+			SOFTAP_ERROR_PERMISSION_DENIED,
+			"permission denied!");
 	_retvm_if(softap == NULL, SOFTAP_ERROR_INVALID_PARAMETER,
 			"parameter(softap) is NULL\n");
 	_retvm_if(vendor_element == NULL, SOFTAP_ERROR_INVALID_PARAMETER,
@@ -1798,6 +1898,9 @@ API int softap_get_vendor_element(softap_h softap, char **vendor_element)
 API int softap_set_vendor_element(softap_h softap, const char *vendor_element)
 {
 	CHECK_FEATURE_SUPPORTED(SOFTAP_FEATURE);
+	_retvm_if(_softap_check_permission() != SOFTAP_ERROR_NONE,
+			SOFTAP_ERROR_PERMISSION_DENIED,
+			"permission denied!");
 	_retvm_if(softap == NULL, SOFTAP_ERROR_INVALID_PARAMETER,
 			"parameter(softap) is NULL\n");
 	_retvm_if(vendor_element == NULL, SOFTAP_ERROR_INVALID_PARAMETER,
@@ -1820,6 +1923,9 @@ API int softap_set_vendor_element(softap_h softap, const char *vendor_element)
 API int softap_set_channel(softap_h softap, int channel)
 {
 	CHECK_FEATURE_SUPPORTED(SOFTAP_FEATURE);
+	_retvm_if(_softap_check_permission() != SOFTAP_ERROR_NONE,
+			SOFTAP_ERROR_PERMISSION_DENIED,
+			"permission denied!");
 	_retvm_if(softap == NULL, SOFTAP_ERROR_INVALID_PARAMETER,
 			"parameter(softap) is NULL\n");
 
@@ -1833,6 +1939,9 @@ API int softap_set_channel(softap_h softap, int channel)
 API int softap_get_channel(softap_h softap, int *channel)
 {
 	CHECK_FEATURE_SUPPORTED(SOFTAP_FEATURE);
+	_retvm_if(_softap_check_permission() != SOFTAP_ERROR_NONE,
+			SOFTAP_ERROR_PERMISSION_DENIED,
+			"permission denied!");
 	_retvm_if(softap == NULL, SOFTAP_ERROR_INVALID_PARAMETER,
 				"parameter(softap) is NULL\n");
 	_retvm_if(channel == NULL, SOFTAP_ERROR_INVALID_PARAMETER,
@@ -1844,6 +1953,9 @@ API int softap_get_channel(softap_h softap, int *channel)
 API int softap_set_mode(softap_h softap, softap_wireless_mode_e mode)
 {
 	CHECK_FEATURE_SUPPORTED(SOFTAP_FEATURE);
+	_retvm_if(_softap_check_permission() != SOFTAP_ERROR_NONE,
+			SOFTAP_ERROR_PERMISSION_DENIED,
+			"permission denied!");
 	_retvm_if(softap == NULL, SOFTAP_ERROR_INVALID_PARAMETER,
 			"parameter(softap) is NULL\n");
 
@@ -1856,6 +1968,9 @@ API int softap_set_mode(softap_h softap, softap_wireless_mode_e mode)
 API int softap_get_mode(softap_h softap, softap_wireless_mode_e *mode)
 {
 	CHECK_FEATURE_SUPPORTED(SOFTAP_FEATURE);
+	_retvm_if(_softap_check_permission() != SOFTAP_ERROR_NONE,
+			SOFTAP_ERROR_PERMISSION_DENIED,
+			"permission denied!");
 	_retvm_if(softap == NULL, SOFTAP_ERROR_INVALID_PARAMETER,
 			"parameter(softap) is NULL\n");
 	_retvm_if(mode == NULL, SOFTAP_ERROR_INVALID_PARAMETER,
diff --git a/src/softap_private.c b/src/softap_private.c
index 4c93f3f..ee06d09 100755
--- a/src/softap_private.c
+++ b/src/softap_private.c
@@ -15,15 +15,24 @@
 */
 
 #include <glib.h>
+#include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
 #include <system_info.h>
+#include <cynara-client.h>
+
 #include "softap_private.h"
 
+#define SOFTAP_PRIVILEGE "http://tizen.org/privilege/softap"
+#define SMACK_LABEL_LEN 255
+
 static __thread bool is_feature_checked = 0;
 static __thread bool feature_supported = 0;
 static __thread GSList *softap_handle_list = NULL;
 
+static __thread bool is_privilege_checked = 0;
+static __thread bool access_allowed = 0;
+
 int _softap_check_feature_supported(const char *key)
 {
 	if (!is_feature_checked) {
@@ -46,6 +55,48 @@ int _softap_check_feature_supported(const char *key)
 	return SOFTAP_ERROR_NONE;
 }
 
+int _softap_check_permission(void)
+{
+	FILE *fd;
+	int ret;
+	char smack_label[SMACK_LABEL_LEN + 1] = {0, };
+	char uid[10] = {0, };
+	char *client_session = "";
+	cynara *p_cynara;
+
+	if (is_privilege_checked)
+		return access_allowed ? SOFTAP_ERROR_NONE : SOFTAP_ERROR_PERMISSION_DENIED;
+
+	if (CYNARA_API_SUCCESS != cynara_initialize(&p_cynara, NULL))
+		return SOFTAP_ERROR_PERMISSION_DENIED;
+
+	bzero(smack_label, SMACK_LABEL_LEN + 1);
+
+	fd = fopen("/proc/self/attr/current", "r");
+	if (fd == NULL)
+		return SOFTAP_ERROR_PERMISSION_DENIED;
+
+	ret = fread(smack_label, SMACK_LABEL_LEN, 1, fd);
+	if (ferror(fd)) {
+		ERR("Failed to read /proc/self/attr/current\n");
+		fclose(fd);
+		return SOFTAP_ERROR_PERMISSION_DENIED;
+	}
+	fclose(fd);
+
+	snprintf(uid, sizeof(uid), "%d", getuid());
+
+	ret = cynara_check(p_cynara, smack_label, client_session, uid, SOFTAP_PRIVILEGE);
+	cynara_finish(p_cynara);
+
+	is_privilege_checked = true;
+	access_allowed = (ret == CYNARA_API_ACCESS_ALLOWED) ? true : false;
+
+	DBG("check permission[%s/%d]", SOFTAP_PRIVILEGE, access_allowed);
+
+	return access_allowed ? SOFTAP_ERROR_NONE : SOFTAP_ERROR_PERMISSION_DENIED;
+}
+
 void _softap_add_handle(softap_h handle)
 {
 	softap_handle_list = g_slist_append(softap_handle_list, handle);