From: jusung son Date: Mon, 21 May 2018 09:57:47 +0000 (+0900) Subject: Add sender validation check X-Git-Tag: accepted/tizen/unified/20180523.144259~4 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=refs%2Fchanges%2F17%2F179717%2F4;p=platform%2Fcore%2Fappfw%2Fwatchface-complication.git Add sender validation check Change-Id: I5fd469503c50250e16e1bab78d94c5348361ed0f Signed-off-by: jusung son --- diff --git a/watchface-common/watchface-util.cc b/watchface-common/watchface-util.cc old mode 100755 new mode 100644 index 0898fea..dfb063d --- a/watchface-common/watchface-util.cc +++ b/watchface-common/watchface-util.cc @@ -127,6 +127,19 @@ out: return ret; } + std::string GetSenderAppid(GDBusConnection *conn, const std::string& sender_name) { + int ret = 0; + char buffer[MAX_PACKAGE_STR_SIZE + 1] = {0, }; + int pid = GetSenderPid(conn, sender_name); + + ret = aul_app_get_appid_bypid(pid, buffer, sizeof(buffer)); + if (ret != AUL_R_OK) { + LOGE("Failed to get the sender ID: (%s) (%d)", sender_name.c_str(), pid); + return std::string(); + } + return std::string(buffer); + } + int GetSenderPid(GDBusConnection *conn, const std::string& sender_name) { GDBusMessage *msg = NULL; GDBusMessage *reply = NULL; @@ -167,8 +180,7 @@ out: bool CheckSender(const char* sender_app_id, const std::string& sender_name, - GDBusConnection* conn, - int* sender_pid) { + GDBusConnection* conn) { int ret = 0; char buffer[MAX_PACKAGE_STR_SIZE] = {0, }; int pid = GetSenderPid(conn, sender_name); @@ -183,7 +195,6 @@ out: LOGE("invalid appid : (%s) (%s)", buffer, sender_app_id); return false; } - *sender_pid = pid; return true; } diff --git a/watchface-common/watchface-util.h b/watchface-common/watchface-util.h old mode 100755 new mode 100644 index 5c30296..b930429 --- a/watchface-common/watchface-util.h +++ b/watchface-common/watchface-util.h @@ -28,10 +28,10 @@ namespace watchface_complication { std::string& sender_name, std::string& sender_appid); int GetSenderPid(GDBusConnection *conn, const std::string& sender_name); + std::string GetSenderAppid(GDBusConnection *conn, const std::string& sender_name); bool CheckSender(const char* sender_app_id, const std::string& sender_name, - GDBusConnection* conn, - int* sender_pid); + GDBusConnection* conn); bool CheckComplicationType(int type); } } /* namespace watchface_complication */ diff --git a/watchface-complication-provider/complication-provider-implementation.h b/watchface-complication-provider/complication-provider-implementation.h index d3a31f1..369fd7d 100644 --- a/watchface-complication-provider/complication-provider-implementation.h +++ b/watchface-complication-provider/complication-provider-implementation.h @@ -55,11 +55,10 @@ class ComplicationProvider::Impl : ComplicationConnector::IEventListener { class SenderInfo { public: SenderInfo(const std::string& sender_name, const char* sender_app_id, - int watcher_id, int pid); + int watcher_id); int CheckPrivilege(std::list& required_privileges, GDBusConnection* connection); bool CheckAppid(const std::string& Appid); int GetWatcherID(); - int GetPID(); provider_cynara_result GetPrivilegeResult(); void SetPrivilegeResult(provider_cynara_result result); @@ -67,7 +66,6 @@ class ComplicationProvider::Impl : ComplicationConnector::IEventListener { std::string sender_name_; std::string sender_app_id_; int watcher_id_; - int pid_; std::list sender_privileges_; provider_cynara_result privilege_result_; }; diff --git a/watchface-complication-provider/complication-provider.cc b/watchface-complication-provider/complication-provider.cc index 16981a4..13fdd91 100644 --- a/watchface-complication-provider/complication-provider.cc +++ b/watchface-complication-provider/complication-provider.cc @@ -58,10 +58,9 @@ ComplicationProvider::Impl::Impl(ComplicationProvider* parent, ComplicationProvider::Impl::SenderInfo::SenderInfo(const std::string& sender_name, const char* sender_app_id, - int watcher_id, - int pid) + int watcher_id) : sender_name_(sender_name), sender_app_id_(sender_app_id), - watcher_id_(watcher_id), pid_(pid), privilege_result_(COMPLICATION_CYNARA_UNKNOWN) { + watcher_id_(watcher_id), privilege_result_(COMPLICATION_CYNARA_UNKNOWN) { } int ComplicationProvider::Impl::SenderInfo::CheckPrivilege(std::list& required_privileges, @@ -100,10 +99,6 @@ int ComplicationProvider::Impl::SenderInfo::GetWatcherID() { return watcher_id_; } -int ComplicationProvider::Impl::SenderInfo::GetPID() { - return pid_; -} - provider_cynara_result ComplicationProvider::Impl::SenderInfo::GetPrivilegeResult() { return privilege_result_; } @@ -151,11 +146,10 @@ void ComplicationProvider::Impl::OnSignal(GDBusConnection* connection, if (sender_info == sender_info_.end()) { char* sender_app_id = NULL; int watcher_id; - int pid; g_variant_get_child(parameters, 0, "&s", &sender_app_id); if (sender_app_id == NULL || - !util::CheckSender(sender_app_id, sender_name, connection, &pid)) { + !util::CheckSender(sender_app_id, sender_name, connection)) { LOGE("sender_app_id %s", sender_app_id); return; } @@ -163,7 +157,7 @@ void ComplicationProvider::Impl::OnSignal(GDBusConnection* connection, watcher_id = ComplicationConnector::GetInst().Watch( std::string(sender_app_id), this); - si = new SenderInfo(sender_name, sender_app_id, watcher_id, pid); + si = new SenderInfo(sender_name, sender_app_id, watcher_id); sender_info_[sender_name] = si; LOGI("create new sender_info_ "); } diff --git a/watchface-complication-provider/watchface-complication-provider.cc b/watchface-complication-provider/watchface-complication-provider.cc old mode 100755 new mode 100644 diff --git a/watchface-complication/CMakeLists.txt b/watchface-complication/CMakeLists.txt index 660a6ef..2ab7f37 100644 --- a/watchface-complication/CMakeLists.txt +++ b/watchface-complication/CMakeLists.txt @@ -37,6 +37,7 @@ INCLUDE_DIRECTORIES(${CMAKE_CURRENT_SOURCE_DIR}/../watchface-common/include) INCLUDE_DIRECTORIES(${CMAKE_CURRENT_SOURCE_DIR}/include) AUX_SOURCE_DIRECTORY(${CMAKE_CURRENT_SOURCE_DIR} SOURCES) +AUX_SOURCE_DIRECTORY(${CMAKE_CURRENT_SOURCE_DIR}/../watchface-common SOURCES) ADD_LIBRARY (${PROJECT_NAME} SHARED ${SOURCES}) SET_TARGET_PROPERTIES(${PROJECT_NAME} PROPERTIES SOVERSION ${VERSION_MAJOR}) SET_TARGET_PROPERTIES(${PROJECT_NAME} PROPERTIES VERSION ${VERSION}) diff --git a/watchface-complication/complication-implementation.h b/watchface-complication/complication-implementation.h index 2523c4b..c6498bc 100644 --- a/watchface-complication/complication-implementation.h +++ b/watchface-complication/complication-implementation.h @@ -21,6 +21,7 @@ #include #include +#include #include #include @@ -93,6 +94,7 @@ class Complication::Impl : ComplicationConnector::IEventListener { static const std::string provider_type_key_; IEditable::EditableState ed_state_ = Complete; guint periodic_timer_ = 0; + std::map sender_info_; }; } // namespace watchface_complication diff --git a/watchface-complication/complication.cc b/watchface-complication/complication.cc index 1a94398..e36b5ad 100644 --- a/watchface-complication/complication.cc +++ b/watchface-complication/complication.cc @@ -23,6 +23,8 @@ #include "watchface-complication/complication.h" #include "watchface-complication/complication-implementation.h" +#include "watchface-common/watchface-util.h" +#include "watchface-complication-internal.h" #ifdef LOG_TAG #undef LOG_TAG @@ -73,7 +75,14 @@ Complication::Impl::~Impl() { } void Complication::Impl::OnVanish(const std::string& name) { + auto sender_info = sender_info_.find(name); + auto si = sender_info->second; + if (sender_info == sender_info_.end()) + return; + + ComplicationConnector::GetInst().UnWatch(si); + sender_info_.erase(name); } void Complication::Impl::OnAppear(const std::string& name, @@ -91,13 +100,37 @@ void Complication::Impl::OnSignal(GDBusConnection* connection, int type; int complication_id; bundle_raw *raw = NULL; + LOGI("signal_name: %s , %s ", signal_name.c_str(), sender_name.c_str()); + + auto sender_info = sender_info_.find(sender_name); + if (sender_info == sender_info_.end()) { + std::string sender_appid = util::GetSenderAppid(connection, sender_name); + if (sender_appid.empty()) { + LOGI("invalid sender_appid"); + return; + } + std::string provider_appid = DBManager::GetProviderAppId(cur_provider_id_.c_str()); + if (provider_appid.empty()) { + LOGI("invalid provider_appid"); + return; + } + if (provider_appid.compare(sender_appid) != 0) { + LOGI("invalid sender_appid %s", sender_appid.c_str()); + return; + } + + int watcher_id = ComplicationConnector::GetInst().Watch( + sender_appid, this); + sender_info_[sender_name] = watcher_id; + } - LOGI("signal_name: %s", signal_name.c_str()); if (signal_name.compare(ComplicationConnector::GetInst().GetCmdStr( ComplicationConnector::CompUpdated)) == 0) { g_variant_get(parameters, "(&sii&s)", &provider_id, &type, &complication_id, &raw); - if (complication_id != complication_id_ || type != cur_type_) { + if (complication_id != complication_id_ + || type != cur_type_ + || strcmp(cur_provider_id_.c_str(), provider_id) != 0) { LOGI("It's not mine %d:%d, %d:%d", complication_id, complication_id_, type, cur_type_); return; @@ -111,6 +144,11 @@ void Complication::Impl::OnSignal(GDBusConnection* connection, } } else if (signal_name.compare(ComplicationConnector::GetInst().GetCmdStr( ComplicationConnector::CompNotifyDataUpdate)) == 0) { + g_variant_get(parameters, "(&s)", &provider_id); + if (strcmp(cur_provider_id_.c_str(), provider_id) != 0) { + LOGI("It's not mine %s", provider_id); + return; + } parent_->OnNotifyDataUpdate(); } } diff --git a/watchface-complication/editables-container-event-interface.h b/watchface-complication/editables-container-event-interface.h index 7c686de..5567f46 100644 --- a/watchface-complication/editables-container-event-interface.h +++ b/watchface-complication/editables-container-event-interface.h @@ -30,7 +30,8 @@ class EXPORT_API IEditablesContainerEvent { public: virtual void OnRequestEdit(const std::string& appid, std::list> e_list) = 0; - virtual void OnSetupReply(int editable_id, std::unique_ptr context) = 0; + virtual void OnSetupReply(const std::string& appid, int editable_id, + std::unique_ptr context) = 0; }; } // namespace watchface_complication diff --git a/watchface-complication/editables-container-implementation.h b/watchface-complication/editables-container-implementation.h index 2e40357..a888150 100644 --- a/watchface-complication/editables-container-implementation.h +++ b/watchface-complication/editables-container-implementation.h @@ -61,6 +61,7 @@ class EditablesContainer::Impl : ComplicationConnector::IEventListener { EditablesContainer* parent_; int subscribe_id_; std::string editor_id_; + std::string sender_name_; int watcher_id_ = -1; std::list> ed_list_; }; diff --git a/watchface-complication/editables-container.cc b/watchface-complication/editables-container.cc index ad3db30..3073247 100644 --- a/watchface-complication/editables-container.cc +++ b/watchface-complication/editables-container.cc @@ -22,6 +22,8 @@ #include "watchface-complication/editables-container.h" #include "watchface-complication/editables-container-implementation.h" +#include "watchface-complication-internal.h" +#include "watchface-common/watchface-util.h" #ifdef LOG_TAG #undef LOG_TAG @@ -54,14 +56,27 @@ void EditablesContainer::Impl::OnSignal(GDBusConnection* connection, char* editor_id = NULL; std::shared_ptr updated_data; - LOGI("signal_name: %s", signal_name.c_str()); + LOGI("signal_name: %s ,%s", signal_name.c_str(), sender_name.c_str()); if (signal_name.compare( ComplicationConnector::GetInst().GetCmdStr( ComplicationConnector::EditableEditReady)) == 0) { - ed_list_.clear(); g_variant_get(parameters, "(&s)", &editor_id); + std::string sender_appid = util::GetSenderAppid(connection, sender_name); + + if (sender_appid.empty()) { + LOGI("invalid sender_appid"); + return; + } + if (strcmp(sender_appid.c_str(), editor_id) != 0) { + LOGI("invalid editor_id %s, %s", sender_appid.c_str(), editor_id); + return; + } + + ed_list_.clear(); LOGI("editor_id: %s", editor_id); + editor_id_ = std::string(editor_id); + sender_name_ = sender_name; parent_->OnEditReady(editor_id_); } else if (signal_name.compare( @@ -72,6 +87,11 @@ void EditablesContainer::Impl::OnSignal(GDBusConnection* connection, char *context = NULL; std::string ctx_str; + if (sender_name_.compare(sender_name) != 0) { + LOGE("invalid sender_name %s", sender_name.c_str()); + return; + } + g_variant_get(parameters, "(iis)", &selected_idx, &editable_id, &context); LOGI("preview selected_idx, editable_id, state: %d, %d", selected_idx, editable_id); @@ -91,6 +111,9 @@ void EditablesContainer::Impl::OnSignal(GDBusConnection* connection, } else if (signal_name.compare( ComplicationConnector::GetInst().GetCmdStr( ComplicationConnector::EditableEditComplete)) == 0) { + if (sender_name_.compare(sender_name) != 0) + return; + for (auto& i : ed_list_) { i.get()->SetState(IEditable::Complete); i.get()->SetCurDataIdx(i.get()->GetCurDataIdx()); @@ -101,6 +124,10 @@ void EditablesContainer::Impl::OnSignal(GDBusConnection* connection, } } else if (signal_name.compare(ComplicationConnector::GetInst().GetCmdStr( ComplicationConnector::EditableEditCancel)) == 0) { + if (sender_name_.compare(sender_name) != 0) { + LOGE("invalid sender_name %s", sender_name.c_str()); + return; + } CancelEditing(); } } diff --git a/watchface-complication/include/watchface-editable.h b/watchface-complication/include/watchface-editable.h old mode 100755 new mode 100644 diff --git a/watchface-complication/watchface-complication.cc b/watchface-complication/watchface-complication.cc old mode 100755 new mode 100644 diff --git a/watchface-complication/watchface-editable.cc b/watchface-complication/watchface-editable.cc old mode 100755 new mode 100644 diff --git a/watchface-editor/CMakeLists.txt b/watchface-editor/CMakeLists.txt index 2ab0b2e..452ad8d 100644 --- a/watchface-editor/CMakeLists.txt +++ b/watchface-editor/CMakeLists.txt @@ -14,6 +14,8 @@ pkg_check_modules(watchface-editor REQUIRED bundle dlog capi-appfw-app-control + aul + cynara-client ) FOREACH(flag ${watchface-editor_CFLAGS}) @@ -31,6 +33,7 @@ INCLUDE_DIRECTORIES(${CMAKE_CURRENT_SOURCE_DIR}/../) INCLUDE_DIRECTORIES(${CMAKE_CURRENT_SOURCE_DIR}/include) AUX_SOURCE_DIRECTORY(${CMAKE_CURRENT_SOURCE_DIR} SOURCES) +AUX_SOURCE_DIRECTORY(${CMAKE_CURRENT_SOURCE_DIR}/../watchface-common SOURCES) ADD_LIBRARY (${PROJECT_NAME} SHARED ${SOURCES}) SET_TARGET_PROPERTIES(${PROJECT_NAME} PROPERTIES SOVERSION ${VERSION_MAJOR}) diff --git a/watchface-editor/editables-editor.cc b/watchface-editor/editables-editor.cc index 8476b27..19dd344 100644 --- a/watchface-editor/editables-editor.cc +++ b/watchface-editor/editables-editor.cc @@ -22,6 +22,7 @@ #include "watchface-editor/editables-editor.h" #include "watchface-editor/editables-editor-implementation.h" #include "watchface-complication/received-editable.h" +#include "watchface-common/watchface-util.h" #ifdef LOG_TAG #undef LOG_TAG @@ -62,6 +63,9 @@ void EditablesEditor::Impl::OnSignal(GDBusConnection* connection, char *appid = NULL; bundle_raw *raw = NULL; std::list> e_list; + std::string sender_appid = util::GetSenderAppid(connection, sender_name); + if (sender_appid.empty()) + return; LOGI("signal_name: %s", signal_name.c_str()); if (signal_name.compare( @@ -69,7 +73,13 @@ void EditablesEditor::Impl::OnSignal(GDBusConnection* connection, ComplicationConnector::EditableEditRequest)) == 0) { g_variant_get(parameters, "(&s&s)", &appid, &raw); LOGI("appid: %s", appid); - edit_appid_ = std::string(appid); + + if (edit_appid_.compare(sender_appid) != 0 || + edit_appid_.compare(appid) != 0) { + LOGE("edit_appid %s, sender_appid: %s, appid : %s ", edit_appid_.c_str(), + sender_appid.c_str(), appid); + return; + } bundle* data = bundle_decode(raw, strlen((char*)raw)); const char **str_arr = NULL; @@ -91,11 +101,12 @@ void EditablesEditor::Impl::OnSignal(GDBusConnection* connection, int edit_id; char* raw_str; g_variant_get(parameters, "(i&s)", &edit_id, &raw_str); - parent_->OnSetupReply(edit_id, std::unique_ptr(new Bundle(std::string(raw_str)))); + parent_->OnSetupReply(sender_appid, edit_id, std::unique_ptr(new Bundle(std::string(raw_str)))); } } -void EditablesEditor::OnSetupReply(int editable_id, std::unique_ptr context) { +void EditablesEditor::OnSetupReply(const std::string& appid, + int editable_id, std::unique_ptr context) { } @@ -172,6 +183,7 @@ int EditablesEditor::NotifyEditReady(std::string appid) { ComplicationConnector::GetInst().GetCmdStr( ComplicationConnector::EditableEditReady), g_variant_new("(s)", ComplicationConnector::GetInst().GetAppId().c_str())); + impl_->edit_appid_ = appid; return WATCHFACE_COMPLICATION_ERROR_NONE; } diff --git a/watchface-editor/editables-editor.h b/watchface-editor/editables-editor.h index 39be883..adb0019 100644 --- a/watchface-editor/editables-editor.h +++ b/watchface-editor/editables-editor.h @@ -33,7 +33,8 @@ class EXPORT_API EditablesEditor : IEditablesContainerEvent { virtual ~EditablesEditor(); void OnRequestEdit(const std::string& appid, std::list> e_list) override; - void OnSetupReply(int editable_id, std::unique_ptr context) override; + void OnSetupReply(const std::string& appid, + int editable_id, std::unique_ptr context) override; int EditPreview(IEditable& ed, int cur_data_idx); int EditComplete(); int EditCancel(); diff --git a/watchface-editor/include/watchface-editor.h b/watchface-editor/include/watchface-editor.h old mode 100755 new mode 100644 diff --git a/watchface-editor/watchface-editor.cc b/watchface-editor/watchface-editor.cc index 5145824..6212179 100644 --- a/watchface-editor/watchface-editor.cc +++ b/watchface-editor/watchface-editor.cc @@ -51,15 +51,26 @@ class CallbackInfo { class SetupCallbackInfo { public: - SetupCallbackInfo(watchface_editor_setup_result_cb cb, void* user_data) - : cb_(cb), user_data_(user_data) { + SetupCallbackInfo(std::string& setup_appid, int editable_id, + watchface_editor_setup_result_cb cb, void* user_data) + : setup_appid_(setup_appid), editable_id_(editable_id), + cb_(cb), user_data_(user_data) { + } + + void Invoke(bundle* new_context) { + cb_(editable_id_, new_context, user_data_); } - void Invoke(int editable_id, bundle* new_context) { - cb_(editable_id, new_context, user_data_); + bool CompareInfo(const std::string& setup_appid, int editable_id) { + if (editable_id == editable_id_ && setup_appid_.compare(setup_appid) == 0) + return true; + + return false; } private: + std::string setup_appid_; + int editable_id_; watchface_editor_setup_result_cb cb_; void* user_data_; }; @@ -87,23 +98,24 @@ class EditablesEditorStub : public EditablesEditor { LOGI("request edit!! %s", appid.c_str()); } - void OnSetupReply(int editable_id, std::unique_ptr context) override { - - for (auto& i : e_list_) { - LOGI("Setup reply!! %d, %d", i.get()->GetEditableId(), editable_id); - if (i.get()->GetEditableId() == editable_id) { - for (auto& j : setup_cb_list_) { - j->Invoke(i.get()->GetEditableId(), context.get()->GetRaw()); - } + void OnSetupReply(const std::string& appid, + int editable_id, std::unique_ptr context) override { + LOGI("Setup reply!! %s, %d", appid.c_str(), editable_id); + for (auto& i : setup_cb_list_) { + if (i.get()->CompareInfo(appid, editable_id)) { + i.get()->Invoke(context.get()->GetRaw()); + setup_cb_list_.remove(i); + return; } } + LOGE("Not exist callback info"); } void AddSetupCallbackInfo(SetupCallbackInfo* ci) { setup_cb_list_.emplace_back(ci); } - void RemoveCallbackInfo(SetupCallbackInfo* ci) { + void RemoveSetupCallbackInfo(SetupCallbackInfo* ci) { for (auto& i : setup_cb_list_) { if (i.get() == ci) { setup_cb_list_.remove(i); @@ -400,7 +412,7 @@ extern "C" EXPORT_API int watchface_editor_launch_setup_app( if (__stub == nullptr) __stub = std::unique_ptr(new EditablesEditorStub()); - auto ci = new SetupCallbackInfo(cb, user_data); + auto ci = new SetupCallbackInfo(appid, ed->GetEditableId(), cb, user_data); __stub->AddSetupCallbackInfo(ci); return WATCHFACE_COMPLICATION_ERROR_NONE;