From: Heeyong Song <heeyong.song@samsung.com>
Date: Wed, 25 May 2016 04:51:44 +0000 (+0900)
Subject: [widget-viewer-dali] Add the permission check
X-Git-Tag: accepted/tizen/common/20160602.140059~2^2
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=refs%2Fchanges%2F11%2F71311%2F1;p=platform%2Fcore%2Fappfw%2Fwidget-viewer.git

[widget-viewer-dali] Add the permission check

Change-Id: Ie3c9f75409d3cec256343087d2051300d360fa9c
---

diff --git a/widget_viewer_dali/CMakeLists.txt b/widget_viewer_dali/CMakeLists.txt
index bd84efc..f54d71a 100644
--- a/widget_viewer_dali/CMakeLists.txt
+++ b/widget_viewer_dali/CMakeLists.txt
@@ -18,6 +18,7 @@ pkg_check_modules(viewer_dali REQUIRED
 	dali-adaptor
 	dali-toolkit
 	pepper-dali
+	cynara-client
 )
 
 SET(BUILD_SOURCE
diff --git a/widget_viewer_dali/internal/widget_view_manager/widget_view_manager_impl.cpp b/widget_viewer_dali/internal/widget_view_manager/widget_view_manager_impl.cpp
index 4f9ef78..5a30951 100644
--- a/widget_viewer_dali/internal/widget_view_manager/widget_view_manager_impl.cpp
+++ b/widget_viewer_dali/internal/widget_view_manager/widget_view_manager_impl.cpp
@@ -24,6 +24,10 @@
 // EXTERNAL INCLUDES
 #include <dali/integration-api/debug.h>
 #include <system_info.h>
+#include <cynara-client.h>
+#include <stdio.h>
+#include <fcntl.h>
+#include <unistd.h>
 #include <widget_errno.h>
 #include <widget_instance.h>
 
@@ -39,11 +43,13 @@ namespace Internal
 namespace
 {
 
+#define SMACK_LABEL_LENGTH 255
+
 #if defined(DEBUG_ENABLED)
 Integration::Log::Filter* gWidgetViewManagerLogging  = Integration::Log::Filter::New( Debug::Verbose, false, "LOG_WIDGET_VIEW_MANAGER" );
 #endif
 
-static inline bool IsWidgetFeatureEnabled()
+static bool IsWidgetFeatureEnabled()
 {
   static bool feature = false;
   static bool retrieved = false;
@@ -63,6 +69,52 @@ static inline bool IsWidgetFeatureEnabled()
   return feature;
 }
 
+static bool CheckPrivilege( const char* privilege )
+{
+  cynara* cynara;
+  int fd = 0;
+  int ret = 0;
+  char subjectLabel[SMACK_LABEL_LENGTH + 1] = "";
+  char uid[10] = { 0, };
+  const char* clientSession = "";
+
+  ret = cynara_initialize( &cynara, NULL );
+  if( ret != CYNARA_API_SUCCESS )
+  {
+    return false;
+  }
+
+  fd = open( "/proc/self/attr/current", O_RDONLY );
+  if( fd < 0 )
+  {
+    cynara_finish( cynara );
+    return false;
+  }
+
+  ret = read( fd, subjectLabel, SMACK_LABEL_LENGTH );
+  if( ret < 0 )
+  {
+    close( fd );
+    cynara_finish( cynara );
+    return false;
+  }
+
+  close( fd );
+
+  snprintf( uid, 10, "%d", getuid() );
+
+  ret = cynara_check( cynara, subjectLabel, clientSession, uid, privilege );
+  if( ret != CYNARA_API_ACCESS_ALLOWED )
+  {
+    cynara_finish( cynara );
+    return false;
+  }
+
+  cynara_finish( cynara );
+
+  return true;
+}
+
 } // unnamed namespace
 
 WidgetViewManagerPtr WidgetViewManager::New( Application application, const std::string& name )
@@ -97,6 +149,12 @@ int WidgetViewManager::Initialize( Application application, const std::string& n
     return WIDGET_ERROR_NOT_SUPPORTED;
   }
 
+  if( !CheckPrivilege( "http://tizen.org/privilege/widget.viewer" ) )
+  {
+    DALI_LOG_INFO( gWidgetViewManagerLogging, Debug::Verbose, "WidgetViewManager::Initialize: Privilege error.\n" );
+    return WIDGET_ERROR_PERMISSION_DENIED;
+  }
+
   // create compositor
   mCompositor = Pepper::Compositor::New( application, name );