From: Kim Gunsoo Date: Thu, 20 Oct 2016 04:59:50 +0000 (+0900) Subject: Adds error handling when a change of user privilege has failed. X-Git-Tag: submit/tizen/20170104.060414~3^2 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=fc5ae2a5431e479d1328f79b2da485f1b3ce0df3;p=sdk%2Ftarget%2Fsdbd.git Adds error handling when a change of user privilege has failed. - When the authority to change the shell and sync service process has failed, add the error handling. Change-Id: I78a5ee314cad9a881a16dc7817ab6c85e11f0d57 Signed-off-by: Kim Gunsoo --- diff --git a/src/file_sync_service.c b/src/file_sync_service.c index 5fc6642..bd0bf98 100644 --- a/src/file_sync_service.c +++ b/src/file_sync_service.c @@ -685,7 +685,10 @@ void file_sync_service(int fd, void *cookie) D("sync: '%s' '%s'\n", (char*) &msg.req, name); if (should_drop_privileges() && !verify_sync_rule(name)) { - set_sdk_user_privileges(); + if (getuid() != g_sdk_user_id && set_sdk_user_privileges() < 0) { + fail_message(fd, "failed to set SDK user privileges."); + goto fail; + } } switch(msg.req.id) { diff --git a/src/sdb.c b/src/sdb.c index f257a0f..d421ba7 100644 --- a/src/sdb.c +++ b/src/sdb.c @@ -1538,14 +1538,17 @@ int set_sdk_user_privileges() { if (sdbd_set_groups() < 0) { D("set groups failed (errno: %d)\n", errno); + return -1; } if (setgid(g_sdk_group_id) != 0) { D("set group id failed (errno: %d)\n", errno); + return -1; } if (setuid(g_sdk_user_id) != 0) { D("set user id failed (errno: %d)\n", errno); + return -1; } if (chdir(g_sdk_home_dir) < 0) { diff --git a/src/services.c b/src/services.c index b6d960a..2478680 100644 --- a/src/services.c +++ b/src/services.c @@ -493,7 +493,10 @@ static int create_subprocess(const char *cmd, pid_t *pid, char * const argv[], c // do nothing D("sdb: executes root commands!!:%s\n", argv[2]); } else { - set_sdk_user_privileges(); + if (getuid() != g_sdk_user_id && set_sdk_user_privileges() < 0) { + fprintf(stderr, "failed to set SDK user privileges\n"); + exit(-1); + } } } redirect_and_exec(pts, cmd, argv, envp);