From: Jeesun Kim Date: Fri, 3 Apr 2015 11:47:40 +0000 (+0900) Subject: Apply cynara(remove security-server) X-Git-Tag: accepted/tizen/mobile/20150409.080808^2 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=refs%2Fchanges%2F20%2F37620%2F4;p=platform%2Fcore%2Fpim%2Fcalendar-service.git Apply cynara(remove security-server) Change-Id: I59e34a4925c442ac51926b3d3910cd895bce0394 --- diff --git a/CMakeLists.txt b/CMakeLists.txt index c349d35..f6fdfc7 100755 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -23,10 +23,9 @@ pkg_check_modules(pkgs REQUIRED alarm-service icu-i18n contacts-service2 - security-server capi-appfw-package-manager libtzplatform-config - ) +) FOREACH(flag ${pkgs_CFLAGS}) SET(EXTRA_CFLAGS "${EXTRA_CFLAGS} ${flag}") diff --git a/calendar-service.manifest b/calendar-service.manifest index db39728..017d22d 100644 --- a/calendar-service.manifest +++ b/calendar-service.manifest @@ -1,35 +1,5 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + + + diff --git a/client/cal_client_ipc.c b/client/cal_client_ipc.c index 5c8094d..4657241 100644 --- a/client/cal_client_ipc.c +++ b/client/cal_client_ipc.c @@ -21,7 +21,6 @@ #include //calloc #include #include //g_type_init -#include #include #include "calendar_service.h" @@ -52,58 +51,9 @@ pims_ipc_h __cal_client_ipc_get_handle(void); void __cal_client_ipc_lock(void); void __cal_client_ipc_unlock(void); -static int __cal_client_ipc_get_cookie_for_access_control(pims_ipc_data_h *indata) -{ - int ret = CALENDAR_ERROR_NONE; - size_t cookie_size =0; - pims_ipc_data_h data; - - cookie_size = security_server_get_cookie_size(); - retvm_if(cookie_size<=0,CALENDAR_ERROR_NOT_PERMITTED,"get cookie_size fail"); - - char cookie[256] = {0,}; - char *e_cookie = NULL; - ret = security_server_request_cookie(cookie, cookie_size); - retvm_if(ret<0,CALENDAR_ERROR_NOT_PERMITTED,"get cookie fail"); - - data = pims_ipc_data_create(0); - retvm_if(data==NULL,CALENDAR_ERROR_OUT_OF_MEMORY,"ipc data created fail!"); - - ret = _cal_ipc_marshal_int(cookie_size, data); - - if (ret != CALENDAR_ERROR_NONE) - { - ERR("ipc marshal fail"); - pims_ipc_data_destroy(data); - return ret; - } - e_cookie = g_base64_encode((const guchar *)cookie, cookie_size); - if (e_cookie == NULL) - { - ERR("base64 encode fail"); - pims_ipc_data_destroy(data); - ret = CALENDAR_ERROR_OUT_OF_MEMORY; - return ret; - } - - ret = _cal_ipc_marshal_char(e_cookie, data); - CAL_FREE(e_cookie); - if (ret != CALENDAR_ERROR_NONE) - { - ERR("ipc marshal fail"); - pims_ipc_data_destroy(data); - return ret; - } - - *indata = data; - - return CALENDAR_ERROR_NONE; -} - API int calendar_connect(void) { int ret = CALENDAR_ERROR_NONE; - pims_ipc_data_h indata = NULL; pims_ipc_data_h outdata = NULL; pims_ipc_h ipc_handle = NULL; @@ -111,26 +61,19 @@ API int calendar_connect(void) _cal_mutex_lock(CAL_MUTEX_CONNECTION); // ipc create - if (calendar_ipc == NULL) - { + if (calendar_ipc == NULL) { ipc_handle = pims_ipc_create(CAL_IPC_SOCKET_PATH); - if (ipc_handle == NULL) - { - if (errno == EACCES) - { + if (ipc_handle == NULL) { + if (errno == EACCES) { ERR("pims_ipc_create() Failed : Permission denied"); ret = CALENDAR_ERROR_PERMISSION_DENIED; - } - else - { + } else { ERR("pims_ipc_create() Failed(%d)", CALENDAR_ERROR_IPC); ret = CALENDAR_ERROR_IPC; } goto ERROR_RETURN; } - } - else - { + } else { calendar_connection_count++; CAL_DBG("calendar already connected = %d",calendar_connection_count); ret = CALENDAR_ERROR_NONE; @@ -138,40 +81,23 @@ API int calendar_connect(void) return ret; } - ret = __cal_client_ipc_get_cookie_for_access_control(&indata); - if( ret != CALENDAR_ERROR_NONE) - { - goto ERROR_RETURN; - } - // ipc call - if (pims_ipc_call(ipc_handle, CAL_IPC_MODULE, CAL_IPC_SERVER_CONNECT, indata, &outdata) != 0) - { + if (pims_ipc_call(ipc_handle, CAL_IPC_MODULE, CAL_IPC_SERVER_CONNECT, NULL, &outdata) != 0) { ERR("pims_ipc_call failed"); - pims_ipc_data_destroy(indata); ret = CALENDAR_ERROR_IPC; goto ERROR_RETURN; } - pims_ipc_data_destroy(indata); - indata = NULL; - - if (outdata) - { + if (outdata) { // check outdata unsigned int size = 0; ret = *(int*) pims_ipc_data_get(outdata,&size); - pims_ipc_data_destroy(outdata); - - if (ret != CALENDAR_ERROR_NONE) - { + if (ret != CALENDAR_ERROR_NONE) { ERR("calendar_connect return (%d)",ret); goto ERROR_RETURN; } - } - else - { + } else { ERR("ipc outdata is NULL"); ret = CALENDAR_ERROR_IPC; goto ERROR_RETURN; @@ -278,56 +204,38 @@ ERROR_RETURN: API int calendar_connect_on_thread(void) { int ret = CALENDAR_ERROR_NONE; - pims_ipc_data_h indata = NULL; pims_ipc_data_h outdata = NULL; CAL_FN_CALL; // ipc create - if (calendar_ipc_thread == NULL) - { + if (calendar_ipc_thread == NULL) { calendar_ipc_thread = pims_ipc_create(CAL_IPC_SOCKET_PATH); - if (calendar_ipc_thread == NULL) - { + if (calendar_ipc_thread == NULL) { if (errno == EACCES) { ERR("pims_ipc_create() Failed(%d)", CALENDAR_ERROR_PERMISSION_DENIED); ret = CALENDAR_ERROR_PERMISSION_DENIED; goto ERROR_RETURN; - } - else { + } else { ERR("pims_ipc_create() Failed(%d)", CALENDAR_ERROR_OUT_OF_MEMORY); ret = CALENDAR_ERROR_OUT_OF_MEMORY; goto ERROR_RETURN; } } - } - else - { + } else { CAL_DBG("calendar already connected"); ret = CALENDAR_ERROR_NONE; goto ERROR_RETURN; } - ret = __cal_client_ipc_get_cookie_for_access_control(&indata); - if( ret != CALENDAR_ERROR_NONE) - { - goto ERROR_RETURN; - } - // ipc call - if (pims_ipc_call(calendar_ipc_thread, CAL_IPC_MODULE, CAL_IPC_SERVER_CONNECT, indata, &outdata) != 0) - { + if (pims_ipc_call(calendar_ipc_thread, CAL_IPC_MODULE, CAL_IPC_SERVER_CONNECT, NULL, &outdata) != 0) { ERR("pims_ipc_call failed"); - pims_ipc_data_destroy(indata); ret = CALENDAR_ERROR_IPC; goto ERROR_RETURN; } - pims_ipc_data_destroy(indata); - indata = NULL; - - if (outdata) - { + if (outdata) { // check outdata unsigned int size = 0; ret = *(int*) pims_ipc_data_get(outdata,&size); diff --git a/include/calendar2.h b/include/calendar2.h deleted file mode 100644 index 0fc09dc..0000000 --- a/include/calendar2.h +++ /dev/null @@ -1,24 +0,0 @@ -/* - * Calendar Service - * - * Copyright (c) 2012 - 2013 Samsung Electronics Co., Ltd. All rights reserved. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ -#ifndef __TIZEN_SOCIAL_CALENDAR2_H__ -#define __TIZEN_SOCIAL_CALENDAR2_H__ - -#include - -#endif /* __TIZEN_SOCIAL_CALENDAR2_H__ */ diff --git a/native/cal_access_control.c b/native/cal_access_control.c index c3a8eb8..e2df78c 100644 --- a/native/cal_access_control.c +++ b/native/cal_access_control.c @@ -19,14 +19,11 @@ #include #include -#include -#include - #include +#include #include #include "calendar_db.h" - #include "cal_internal.h" #include "cal_typedef.h" #include "cal_view.h" @@ -40,17 +37,16 @@ typedef struct { unsigned int thread_id; + pims_ipc_h ipc; char *smack_label; - cal_permission_e permission; int *write_list; -}calendar_permission_info_s; +} calendar_permission_info_s; static GList *__thread_list = NULL; static int have_smack = -1; static calendar_permission_info_s* __cal_access_control_find_permission_info(unsigned int thread_id); -static void __cal_access_control_set_permission_info(unsigned int thread_id, const char *cookie); static void __cal_access_control_disconnected_cb(pims_ipc_h ipc, void *user_data); static calendar_permission_info_s* __cal_access_control_find_permission_info(unsigned int thread_id) @@ -78,10 +74,8 @@ static int __cal_have_smack(void) return have_smack; } -static void __cal_access_control_set_permission_info(unsigned int thread_id, const char *cookie) +static void __cal_access_control_set_permission_info(calendar_permission_info_s *info) { - calendar_permission_info_s *info = NULL; - const char *smack_label; bool smack_enabled = false; if (__cal_have_smack() == 1) @@ -89,28 +83,10 @@ static void __cal_access_control_set_permission_info(unsigned int thread_id, con else INFO("SAMCK disabled"); - info = __cal_access_control_find_permission_info(thread_id); - if(info == NULL) { - ERR("dont' have access info of this thread(%d)", thread_id); - return ; - } - smack_label = info->smack_label; - - if ((smack_label && 0 == strcmp(smack_label, "calendar-service")) || !smack_enabled) { - info->permission |= CAL_PERMISSION_READ; - info->permission |= CAL_PERMISSION_WRITE; - } - else if (cookie) { - if (SECURITY_SERVER_API_SUCCESS == security_server_check_privilege_by_cookie(cookie, "calendar-service::svc", "r")) - info->permission |= CAL_PERMISSION_READ; - if (SECURITY_SERVER_API_SUCCESS == security_server_check_privilege_by_cookie(cookie, "calendar-service::svc", "w")) - info->permission |= CAL_PERMISSION_WRITE; - } - SEC_INFO("Thread(0x%x), info(%p), smack :%s, permission:%d", thread_id, info, smack_label, info->permission); - - CAL_FREE(info->write_list); + free(info->write_list); + info->write_list = NULL; - char query[CAL_DB_SQL_MAX_LEN] = {0,}; + char query[CAL_DB_SQL_MAX_LEN] = {0}; int count = 0; int ret = 0; sqlite3_stmt *stmt; @@ -123,71 +99,63 @@ static void __cal_access_control_set_permission_info(unsigned int thread_id, con ERR("DB get Failed"); return; } - - if (info->permission & CAL_PERMISSION_WRITE) { - info->write_list = calloc(count+1, sizeof(int)); - info->write_list[0] = -1; - } + info->write_list = calloc(count, sizeof(int)); + retm_if(NULL == info->write_list, "calloc() Fail"); + info->write_list[0] = -1; snprintf(query, sizeof(query), "SELECT id, mode, owner_label FROM %s WHERE deleted = 0 ", CAL_TABLE_CALENDAR); stmt = _cal_db_util_query_prepare(query); if (NULL == stmt) { - ERR("DB Failed"); + ERR("_cal_db_util_query_prepare() Fail"); return; } while (CAL_DB_ROW == _cal_db_util_stmt_step(stmt)) { - int id = 0; - int mode = 0; - char *temp = NULL; - - id = sqlite3_column_int(stmt, 0); - mode = sqlite3_column_int(stmt, 1); - temp = (char *)sqlite3_column_text(stmt, 2); - - if ( temp && ( (smack_label && 0 == strcmp(temp, smack_label)) || - ( smack_label && 0 == strcmp(smack_label, "calendar-service") ) ) ) {// owner and calendar-service - if (info->permission & CAL_PERMISSION_WRITE) - info->write_list[write_index++] = id; - } - else { - switch(mode) { - case CALENDAR_BOOK_MODE_NONE: - if (info->permission & CAL_PERMISSION_WRITE) - info->write_list[write_index++] = id; - break; - case CALENDAR_BOOK_MODE_RECORD_READONLY: - default: - break; - } - } - } // while - - if (info->permission & CAL_PERMISSION_WRITE) - info->write_list[write_index] = -1; - + int id = sqlite3_column_int(stmt, 0); + int mode = sqlite3_column_int(stmt, 1); + char temp = (char *)sqlite3_column_text(stmt, 2); + + if (!smack_enabled) // smack disabled + info->write_list[write_index++] = id; + else if (NULL == info->ipc) // calendar-service daemon + info->write_list[write_index++] = id; + else if (info->smack_label && temp && 0 == strcmp(temp, info->smack_label)) // owner + info->write_list[write_index++] = id; + else if (CALENDAR_BOOK_MODE_NONE == mode) + info->write_list[write_index++] = id; + } + info->write_list[write_index] = -1; sqlite3_finalize(stmt); } -void _cal_access_control_set_client_info(const char* smack_label, const char* cookie) +void _cal_access_control_set_client_info(pims_ipc_h ipc, const char *smack_label) { - unsigned int thread_id = (unsigned int)pthread_self(); + unsigned int thread_id = 0; calendar_permission_info_s *info = NULL; _cal_mutex_lock(CAL_MUTEX_ACCESS_CONTROL); + + thread_id = (unsigned int)pthread_self(); info = __cal_access_control_find_permission_info(thread_id); if (NULL == info) { info = calloc(1, sizeof(calendar_permission_info_s)); + if (NULL == info) { + ERR("calloc() Fail"); + _cal_mutex_unlock(CAL_MUTEX_ACCESS_CONTROL); + return; + } __thread_list = g_list_append(__thread_list, info); } info->thread_id = thread_id; - CAL_FREE(info->smack_label); + info->ipc = ipc; + + free(info->smack_label); info->smack_label = SAFE_STRDUP(smack_label); - __cal_access_control_set_permission_info(thread_id, cookie); + __cal_access_control_set_permission_info(info); - // for close DB or free access_control when client is disconnected - pims_ipc_svc_set_client_disconnected_cb(__cal_access_control_disconnected_cb,NULL); + if (info->ipc) + pims_ipc_svc_set_client_disconnected_cb(__cal_access_control_disconnected_cb,NULL); _cal_mutex_unlock(CAL_MUTEX_ACCESS_CONTROL); } @@ -207,54 +175,40 @@ void _cal_access_control_unset_client_info(void) _cal_mutex_unlock(CAL_MUTEX_ACCESS_CONTROL); } -bool _cal_access_control_have_permission(cal_permission_e permission) +bool _cal_access_control_have_permission(pims_ipc_h ipc, cal_permission_e permission) { - calendar_permission_info_s *find = NULL; + have_smack = __cal_have_smack(); + if (have_smack != 1) // smack disabled + return true; - _cal_mutex_lock(CAL_MUTEX_ACCESS_CONTROL); - find = __cal_access_control_find_permission_info(pthread_self()); - if (!find) { - _cal_mutex_unlock(CAL_MUTEX_ACCESS_CONTROL); - return false; - } + if (NULL == ipc) // calendar-service daemon + return true; - if (CAL_PERMISSION_NONE == permission) { - _cal_mutex_unlock(CAL_MUTEX_ACCESS_CONTROL); + if ((CAL_PERMISSION_READ& permission) && !pims_ipc_svc_check_privilege(ipc, CAL_PRIVILEGE_READ)) return false; - } - if ((find->permission & permission) == permission) { - _cal_mutex_unlock(CAL_MUTEX_ACCESS_CONTROL); - return true; - } - - _cal_mutex_unlock(CAL_MUTEX_ACCESS_CONTROL); - ERR("Does not have permission %d, this module has permission %d", - permission, find->permission); + if ((CAL_PERMISSION_WRITE & permission) && !pims_ipc_svc_check_privilege(ipc, CAL_PRIVILEGE_WRITE)) + return false; - return false; + return true; } char* _cal_access_control_get_label(void) { unsigned int thread_id = (unsigned int)pthread_self(); calendar_permission_info_s *info = NULL; - char *tmp = NULL; _cal_mutex_lock(CAL_MUTEX_ACCESS_CONTROL); info = __cal_access_control_find_permission_info(thread_id); - if (info == NULL) { - _cal_mutex_unlock(CAL_MUTEX_ACCESS_CONTROL); - return NULL; + char *smack_label = NULL; + if (info && info->smack_label) { + smack_label = strdup(info->smack_label); } - tmp = SAFE_STRDUP(info->smack_label); _cal_mutex_unlock(CAL_MUTEX_ACCESS_CONTROL); - - return tmp; + return smack_label; } - void _cal_access_control_reset(void) { _cal_mutex_lock(CAL_MUTEX_ACCESS_CONTROL); @@ -263,7 +217,7 @@ void _cal_access_control_reset(void) calendar_permission_info_s *info = NULL; info = cursor->data; if (info) - __cal_access_control_set_permission_info(info->thread_id, NULL); + __cal_access_control_set_permission_info(info); } _cal_mutex_unlock(CAL_MUTEX_ACCESS_CONTROL); } @@ -304,17 +258,19 @@ bool _cal_access_control_have_write_permission(int calendarbook_id) static void __cal_access_control_disconnected_cb(pims_ipc_h ipc, void *user_data) { ENTER(); - calendar_permission_info_s *find = NULL; + calendar_permission_info_s *info = NULL; _cal_mutex_lock(CAL_MUTEX_ACCESS_CONTROL); - find = __cal_access_control_find_permission_info(pthread_self()); - if (find) { - CAL_FREE(find->smack_label); - CAL_FREE(find->write_list); - __thread_list = g_list_remove(__thread_list, find); - free(find); + info = (calendar_permission_info_s *)user_data; + if (info) { + INFO("Thread(0x%x), info(%p)", info->thread_id, info); + free(info->smack_label); + free(info->write_list); + __thread_list = g_list_remove(__thread_list, info); + free(info); } _cal_mutex_unlock(CAL_MUTEX_ACCESS_CONTROL); + // if client did not call disconnect function such as disconnect // DB will be closed in _cal_db_internal_disconnect() _cal_calendar_internal_disconnect(); diff --git a/native/cal_access_control.h b/native/cal_access_control.h index b988314..cb342db 100644 --- a/native/cal_access_control.h +++ b/native/cal_access_control.h @@ -20,17 +20,17 @@ #ifndef __CALENDAR_SVC_ACCESS_CONTROL_H__ #define __CALENDAR_SVC_ACCESS_CONTROL_H__ +#include #include "cal_typedef.h" -void _cal_access_control_set_client_info(const char* smack_label, const char* cookie); -void _cal_access_control_unset_client_info(void); -bool _cal_access_control_have_permission(cal_permission_e permission); +#define CAL_PRIVILEGE_READ "http://tizen.org/privilege/calendar.read" +#define CAL_PRIVILEGE_WRITE "http://tizen.org/privilege/calendar.write" +void _cal_access_control_set_client_info(pims_ipc_h ipc, const char* smack_label); +void _cal_access_control_unset_client_info(void); char* _cal_access_control_get_label(void); - void _cal_access_control_reset(void); // reset read_list, write_list.. bool _cal_access_control_have_write_permission(int calendarbook_id); - int _cal_is_owner(int calendarbook_id); #endif // __CALENDAR_SVC_ACCESS_CONTROL_H__ diff --git a/native/cal_db.c b/native/cal_db.c index 9f05bc8..5879564 100755 --- a/native/cal_db.c +++ b/native/cal_db.c @@ -570,8 +570,6 @@ API int calendar_db_get_changes_by_version(const char* view_uri, int calendar_bo int ret = 0; int is_deleted = 0; - retvm_if(!_cal_access_control_have_permission(CAL_PERMISSION_READ), - CALENDAR_ERROR_PERMISSION_DENIED, "Permission denied : read "); retvm_if(NULL == current_calendar_db_version || NULL == view_uri || NULL == record_list, CALENDAR_ERROR_INVALID_PARAMETER, "Invalid parameter"); @@ -698,8 +696,6 @@ API int calendar_db_get_current_version(int* current_version) int transaction_ver = 0; int ret; - retvm_if(!_cal_access_control_have_permission(CAL_PERMISSION_READ), - CALENDAR_ERROR_PERMISSION_DENIED, "Permission denied : read "); retvm_if(NULL == current_version, CALENDAR_ERROR_INVALID_PARAMETER, "Invalid parameter"); ret = _cal_db_util_query_get_first_int_result(query, NULL, &transaction_ver); @@ -717,8 +713,6 @@ API int calendar_db_insert_record( calendar_record_h record, int* id ) { int ret = CALENDAR_ERROR_NONE; - retvm_if(!_cal_access_control_have_permission(CAL_PERMISSION_WRITE), - CALENDAR_ERROR_PERMISSION_DENIED, "Permission denied : write "); retvm_if(NULL == record, CALENDAR_ERROR_INVALID_PARAMETER, "Invalid parameter"); cal_db_plugin_cb_s* plugin_cb = __cal_db_get_plugin(((cal_record_s *)record)->type); @@ -763,8 +757,6 @@ int _cal_db_get_record( const char* view_uri, int id, calendar_record_h* out_rec API int calendar_db_get_record( const char* view_uri, int id, calendar_record_h* out_record ) { - retvm_if(!_cal_access_control_have_permission(CAL_PERMISSION_READ), - CALENDAR_ERROR_PERMISSION_DENIED, "Permission denied : read "); return _cal_db_get_record(view_uri, id, out_record); } @@ -774,8 +766,6 @@ API int calendar_db_update_record( calendar_record_h record ) cal_record_s *temp=NULL ; int ret = CALENDAR_ERROR_NONE; - retvm_if(!_cal_access_control_have_permission(CAL_PERMISSION_WRITE), - CALENDAR_ERROR_PERMISSION_DENIED, "Permission denied : write "); retvm_if(NULL == record, CALENDAR_ERROR_INVALID_PARAMETER, "Invalid parameter"); temp = (cal_record_s*)(record); @@ -806,8 +796,6 @@ API int calendar_db_delete_record( const char* view_uri, int id ) int ret = CALENDAR_ERROR_NONE; cal_record_type_e type = CAL_RECORD_TYPE_INVALID; - retvm_if(!_cal_access_control_have_permission(CAL_PERMISSION_WRITE), - CALENDAR_ERROR_PERMISSION_DENIED, "Permission denied : write "); retvm_if(NULL == view_uri, CALENDAR_ERROR_INVALID_PARAMETER, "Invalid parameter"); type = _cal_view_get_type(view_uri); @@ -839,8 +827,6 @@ API int calendar_db_get_all_records( const char* view_uri, int offset, int limit cal_record_type_e type = CAL_RECORD_TYPE_INVALID; calendar_list_h list = NULL; - retvm_if(!_cal_access_control_have_permission(CAL_PERMISSION_READ), - CALENDAR_ERROR_PERMISSION_DENIED, "Permission denied : read "); retvm_if(NULL == view_uri, CALENDAR_ERROR_INVALID_PARAMETER, "Invalid parameter"); type = _cal_view_get_type(view_uri); @@ -868,8 +854,6 @@ API int calendar_db_get_records_with_query( calendar_query_h query, int offset, cal_query_s *que = NULL; calendar_list_h list = NULL; - retvm_if(!_cal_access_control_have_permission(CAL_PERMISSION_READ), - CALENDAR_ERROR_PERMISSION_DENIED, "Permission denied : read "); retvm_if(NULL == query, CALENDAR_ERROR_INVALID_PARAMETER, "Invalid parameter"); que = (cal_query_s *)query; @@ -898,8 +882,6 @@ API int calendar_db_clean_after_sync( int calendar_book_id, int calendar_db_ver cal_db_util_error_e dbret = CAL_DB_OK; int len = 0; - retvm_if(!_cal_access_control_have_permission(CAL_PERMISSION_WRITE), - CALENDAR_ERROR_PERMISSION_DENIED, "Permission denied : write "); retvm_if(calendar_book_id < 0, CALENDAR_ERROR_INVALID_PARAMETER, "calendar_id(%d) is Invalid", calendar_book_id); ret = _cal_db_util_begin_trans(); @@ -975,8 +957,6 @@ API int calendar_db_get_count( const char* view_uri, int *out_count ) int ret = CALENDAR_ERROR_NONE; cal_record_type_e type = CAL_RECORD_TYPE_INVALID; - retvm_if(!_cal_access_control_have_permission(CAL_PERMISSION_READ), - CALENDAR_ERROR_PERMISSION_DENIED, "Permission denied : read "); retvm_if(NULL == view_uri, CALENDAR_ERROR_INVALID_PARAMETER, "Invalid parameter"); type = _cal_view_get_type(view_uri); @@ -995,8 +975,6 @@ API int calendar_db_get_count_with_query( calendar_query_h query, int *out_count cal_record_type_e type = CAL_RECORD_TYPE_INVALID; cal_query_s *que = NULL; - retvm_if(!_cal_access_control_have_permission(CAL_PERMISSION_READ), - CALENDAR_ERROR_PERMISSION_DENIED, "Permission denied : read "); retvm_if(NULL == query, CALENDAR_ERROR_INVALID_PARAMETER, "Invalid parameter"); que = (cal_query_s *)query; @@ -1017,8 +995,6 @@ API int calendar_db_insert_records(calendar_list_h list, int** ids, int* count) int *_ids = NULL; int _count = 0; - retvm_if(!_cal_access_control_have_permission(CAL_PERMISSION_WRITE), - CALENDAR_ERROR_PERMISSION_DENIED, "Permission denied : write "); retvm_if(NULL == list, CALENDAR_ERROR_NOT_PERMITTED, "Not permitted"); ret = _cal_db_util_begin_trans(); @@ -1103,8 +1079,6 @@ API int calendar_db_insert_records(calendar_list_h list, int** ids, int* count) API int calendar_db_insert_records_async(calendar_list_h list, calendar_db_insert_result_cb callback, void *user_data) { - retvm_if(!_cal_access_control_have_permission(CAL_PERMISSION_WRITE), - CALENDAR_ERROR_PERMISSION_DENIED, "Permission denied : write "); retvm_if(NULL == list, CALENDAR_ERROR_INVALID_PARAMETER, "Invalid parameter"); #ifdef CAL_NATIVE @@ -1194,8 +1168,6 @@ API int calendar_db_update_records( calendar_list_h list) int count = 0; int ret = CALENDAR_ERROR_NONE; - retvm_if(!_cal_access_control_have_permission(CAL_PERMISSION_WRITE), - CALENDAR_ERROR_PERMISSION_DENIED, "Permission denied : write "); retvm_if(NULL == list, CALENDAR_ERROR_INVALID_PARAMETER, "Invalid parameter"); ret = _cal_db_util_begin_trans(); @@ -1264,8 +1236,6 @@ API int calendar_db_update_records( calendar_list_h list) API int calendar_db_update_records_async( calendar_list_h list, calendar_db_result_cb callback, void *user_data) { - retvm_if(!_cal_access_control_have_permission(CAL_PERMISSION_WRITE), - CALENDAR_ERROR_PERMISSION_DENIED, "Permission denied : write "); #ifdef CAL_NATIVE if (callback != NULL) @@ -1345,8 +1315,6 @@ API int calendar_db_update_records_async( calendar_list_h list, calendar_db_resu API int calendar_db_delete_records(const char* view_uri, int record_id_array[], int count) { - retvm_if(!_cal_access_control_have_permission(CAL_PERMISSION_WRITE), - CALENDAR_ERROR_PERMISSION_DENIED, "Permission denied : write "); retvm_if(NULL == view_uri, CALENDAR_ERROR_INVALID_PARAMETER, "Invalid parameter"); retvm_if(NULL == record_id_array, CALENDAR_ERROR_INVALID_PARAMETER, "Invalid parameter"); retvm_if(count <= 0, CALENDAR_ERROR_INVALID_PARAMETER, "Invalid parameter"); @@ -1378,8 +1346,6 @@ API int calendar_db_delete_records(const char* view_uri, int record_id_array[], API int calendar_db_delete_records_async(const char* view_uri, int ids[], int count, calendar_db_result_cb callback, void *user_data) { - retvm_if(!_cal_access_control_have_permission(CAL_PERMISSION_WRITE), - CALENDAR_ERROR_PERMISSION_DENIED, "Permission denied : write "); retvm_if(NULL == view_uri, CALENDAR_ERROR_INVALID_PARAMETER, "Invalid parameter"); retvm_if(NULL == ids, CALENDAR_ERROR_INVALID_PARAMETER, "Invalid parameter"); retvm_if(count <= 0, CALENDAR_ERROR_INVALID_PARAMETER, "Invalid parameter"); @@ -1443,8 +1409,6 @@ API int calendar_db_insert_vcalendars(const char* vcalendar_stream, int **record int i = 0; int *ids = NULL; - retvm_if(!_cal_access_control_have_permission(CAL_PERMISSION_WRITE), - CALENDAR_ERROR_PERMISSION_DENIED, "Permission denied : write "); retvm_if(NULL == vcalendar_stream, CALENDAR_ERROR_INVALID_PARAMETER, "Invalid parameter"); retvm_if(NULL == record_id_array, CALENDAR_ERROR_INVALID_PARAMETER, "Invalid parameter"); retvm_if(NULL == count, CALENDAR_ERROR_INVALID_PARAMETER, "Invalid parameter"); @@ -1519,8 +1483,6 @@ API int calendar_db_insert_vcalendars(const char* vcalendar_stream, int **record API int calendar_db_insert_vcalendars_async(const char* vcalendar_stream, calendar_db_insert_result_cb callback, void *user_data) { int ret = CALENDAR_ERROR_NONE; - retvm_if(!_cal_access_control_have_permission(CAL_PERMISSION_WRITE), - CALENDAR_ERROR_PERMISSION_DENIED, "Permission denied : write "); retvm_if(NULL == vcalendar_stream, CALENDAR_ERROR_INVALID_PARAMETER, "Invalid parameter"); retvm_if(NULL == callback, CALENDAR_ERROR_INVALID_PARAMETER, "Invalid parameter"); @@ -1550,8 +1512,6 @@ API int calendar_db_replace_vcalendars(const char* vcalendar_stream, int *record int list_count = 0; int i = 0; - retvm_if(!_cal_access_control_have_permission(CAL_PERMISSION_WRITE), - CALENDAR_ERROR_PERMISSION_DENIED, "Permission denied : write "); retvm_if(NULL == vcalendar_stream, CALENDAR_ERROR_INVALID_PARAMETER, "Invalid parameter"); retvm_if(NULL == record_id_array, CALENDAR_ERROR_INVALID_PARAMETER, "Invalid parameter"); retvm_if(count <= 0, CALENDAR_ERROR_INVALID_PARAMETER, "Invalid parameter"); @@ -1672,8 +1632,6 @@ API int calendar_db_replace_vcalendars(const char* vcalendar_stream, int *record API int calendar_db_replace_vcalendars_async(const char* vcalendar_stream, int *record_id_array, int count, calendar_db_result_cb callback, void *user_data) { int ret = CALENDAR_ERROR_NONE; - retvm_if(!_cal_access_control_have_permission(CAL_PERMISSION_WRITE), - CALENDAR_ERROR_PERMISSION_DENIED, "Permission denied : write "); retvm_if(NULL == vcalendar_stream, CALENDAR_ERROR_INVALID_PARAMETER, "Invalid parameter"); retvm_if(NULL == callback, CALENDAR_ERROR_INVALID_PARAMETER, "Invalid parameter"); retvm_if(NULL == record_id_array, CALENDAR_ERROR_INVALID_PARAMETER, "Invalid parameter"); @@ -1712,8 +1670,6 @@ API int calendar_db_replace_record(calendar_record_h record, int record_id) cal_record_s *temp=NULL ; int ret = CALENDAR_ERROR_NONE; - retvm_if(!_cal_access_control_have_permission(CAL_PERMISSION_WRITE), - CALENDAR_ERROR_PERMISSION_DENIED, "Permission denied : write "); retvm_if(NULL == record, CALENDAR_ERROR_INVALID_PARAMETER, "Invalid parameter"); retvm_if(record_id < 0, CALENDAR_ERROR_INVALID_PARAMETER, "Invalid parameter"); @@ -1745,8 +1701,6 @@ API int calendar_db_replace_records(calendar_list_h list, int *ids, int count) int i; int ret = CALENDAR_ERROR_NONE; - retvm_if(!_cal_access_control_have_permission(CAL_PERMISSION_WRITE), - CALENDAR_ERROR_PERMISSION_DENIED, "Permission denied : write "); retvm_if(NULL == list, CALENDAR_ERROR_INVALID_PARAMETER, "Invalid parameter"); retvm_if(NULL == ids, CALENDAR_ERROR_INVALID_PARAMETER, "Invalid parameter"); retvm_if(count <= 0, CALENDAR_ERROR_INVALID_PARAMETER, "Invalid parameter"); @@ -1797,8 +1751,6 @@ API int calendar_db_replace_records_async(calendar_list_h record_list, int *reco { int ret = CALENDAR_ERROR_NONE; - retvm_if(!_cal_access_control_have_permission(CAL_PERMISSION_WRITE), - CALENDAR_ERROR_PERMISSION_DENIED, "Permission denied : write "); retvm_if(NULL == record_list, CALENDAR_ERROR_INVALID_PARAMETER, "Invalid parameter"); retvm_if(NULL == callback, CALENDAR_ERROR_INVALID_PARAMETER, "Invalid parameter"); retvm_if(NULL == record_id_array, CALENDAR_ERROR_INVALID_PARAMETER, "Invalid parameter"); @@ -1841,8 +1793,6 @@ API int calendar_db_replace_records_async(calendar_list_h record_list, int *reco API int calendar_db_get_last_change_version(int* last_version) { - retvm_if(!_cal_access_control_have_permission(CAL_PERMISSION_READ), - CALENDAR_ERROR_PERMISSION_DENIED, "Permission denied : read "); retvm_if(NULL == last_version, CALENDAR_ERROR_INVALID_PARAMETER, "Invalid parameter"); *last_version = _cal_db_util_get_transaction_ver(); return CALENDAR_ERROR_NONE; @@ -1857,8 +1807,6 @@ API int calendar_db_get_changes_exception_by_version(const char* view_uri, int o int ret = 0; int is_deleted = 0; - retvm_if(!_cal_access_control_have_permission(CAL_PERMISSION_READ), - CALENDAR_ERROR_PERMISSION_DENIED, "Permission denied : read "); retvm_if(NULL == view_uri || NULL == record_list || original_event_id <= 0, CALENDAR_ERROR_INVALID_PARAMETER, "Invalid parameter"); diff --git a/packaging/calendar-service.spec b/packaging/calendar-service.spec index 4a5c928..24c80fd 100644 --- a/packaging/calendar-service.spec +++ b/packaging/calendar-service.spec @@ -24,11 +24,11 @@ BuildRequires: pkgconfig(icu-i18n) BuildRequires: pkgconfig(capi-base-common) BuildRequires: pkgconfig(contacts-service2) BuildRequires: pkgconfig(pims-ipc) -BuildRequires: pkgconfig(security-server) BuildRequires: pkgconfig(capi-appfw-package-manager) BuildRequires: pkgconfig(accounts-svc) BuildRequires: pkgconfig(capi-appfw-application) BuildRequires: pkgconfig(libtzplatform-config) +BuildRequires: pkgconfig(libsmack) %description DB library for calendar diff --git a/server/CMakeLists.txt b/server/CMakeLists.txt index 41d60cc..a9ceae9 100755 --- a/server/CMakeLists.txt +++ b/server/CMakeLists.txt @@ -89,7 +89,8 @@ pkg_check_modules(calserver_pkgs REQUIRED accounts-svc capi-appfw-application libtzplatform-config - ) + libsmack +) FOREACH(flag ${calserver_pkgs_CFLAGS}) SET(EXTRA_CFLAGS "${EXTRA_CFLAGS} ${flag}") diff --git a/server/cal_server.c b/server/cal_server.c index cdca48a..f358164 100644 --- a/server/cal_server.c +++ b/server/cal_server.c @@ -330,7 +330,7 @@ static int __server_main(void) } // access_control - _cal_access_control_set_client_info("calendar-service", NULL); + _cal_access_control_set_client_info(NULL, NULL); ret = account_subscribe_create(&cal_account_h); if (ACCOUNT_ERROR_NONE == ret) { diff --git a/server/cal_server_contacts.c b/server/cal_server_contacts.c index 625ae64..12b1907 100644 --- a/server/cal_server_contacts.c +++ b/server/cal_server_contacts.c @@ -650,7 +650,7 @@ static gpointer __cal_server_contacts_sync_main(gpointer user_data) ret = calendar_connect(); if (CALENDAR_ERROR_NONE != ret) break; - _cal_access_control_set_client_info("calendar-service", NULL); + _cal_access_control_set_client_info(NULL, NULL); while(1) { if (__cal_server_contacts_sync() == false) { diff --git a/server/cal_server_ipc.c b/server/cal_server_ipc.c index d061166..d55aa45 100644 --- a/server/cal_server_ipc.c +++ b/server/cal_server_ipc.c @@ -19,7 +19,7 @@ #include #include // malloc_trim -#include +#include #include "calendar_service.h" #include "calendar_db.h" @@ -37,81 +37,31 @@ void _cal_server_ipc_connect(pims_ipc_h ipc, pims_ipc_data_h indata, pims_ipc_data_h *outdata, void *userdata) { int ret = CALENDAR_ERROR_NONE; - char *smack_label = NULL; - char *cookie = NULL; - - if (indata) - { - int cookie_size = 0; - char *buf = NULL; - gsize buf_len; - // Access control : get cookie from indata - ret = _cal_ipc_unmarshal_int(indata, &cookie_size); - if (ret != CALENDAR_ERROR_NONE) - { - ERR("_cal_ipc_unmarshal_int fail"); - goto ERROR_RETURN; - } - - if (cookie_size <= 0) - { - ERR("cookie size is %d", cookie_size); - ret = CALENDAR_ERROR_IPC; - goto ERROR_RETURN; - } - - ret = _cal_ipc_unmarshal_char(indata, &buf); - if (ret != CALENDAR_ERROR_NONE) - { - ERR("_cal_ipc_unmarshal_char fail"); - goto ERROR_RETURN; - } - cookie = (char*)g_base64_decode((const gchar*)buf, &buf_len); - CAL_FREE(buf); - smack_label = security_server_get_smacklabel_cookie(cookie); - if (NULL == smack_label) - { - ERR("security_server_get_smacklabel_cookie fail"); - ret = CALENDAR_ERROR_SYSTEM; - CAL_FREE(cookie); - goto ERROR_RETURN; - } - } - else - { - ERR("There is no indata fail"); - ret = CALENDAR_ERROR_SYSTEM; - goto ERROR_RETURN; - } ret = calendar_connect(); if (ret == CALENDAR_ERROR_NONE) { - _cal_access_control_set_client_info(smack_label, cookie); + char *smack_label = NULL; + if (0 != pims_ipc_svc_get_smack_label(ipc, &smack_label)) + ERR("pims_ipc_svc_get_smack_label() Fail"); + _cal_access_control_set_client_info(ipc, smack_label); } -ERROR_RETURN: if (outdata) { *outdata = pims_ipc_data_create(0); if (!*outdata) { ERR("pims_ipc_data_create fail"); - goto DATA_FREE; + return; } if (pims_ipc_data_put(*outdata,(void*)&ret,sizeof(int)) != 0) { pims_ipc_data_destroy(*outdata); *outdata = NULL; ERR("pims_ipc_data_put fail"); - goto DATA_FREE; + return; } - } - else { + } else { ERR("outdata is NULL"); } - -DATA_FREE: - CAL_FREE(cookie); - CAL_FREE(smack_label); - return; } void _cal_server_ipc_disconnect(pims_ipc_h ipc, pims_ipc_data_h indata, pims_ipc_data_h *outdata, void *userdata) @@ -162,7 +112,7 @@ void _cal_server_ipc_check_permission(pims_ipc_h ipc, pims_ipc_data_h indata, goto ERROR_RETURN; } - result = _cal_access_control_have_permission(permission); + result = _cal_access_control_have_permission(ipc, permission); ERROR_RETURN: *outdata = pims_ipc_data_create(0); @@ -193,23 +143,24 @@ void _cal_server_ipc_db_insert_record(pims_ipc_h ipc, pims_ipc_data_h indata, pi calendar_record_h record = NULL; int id = 0; - if (indata) - { + if (indata) { ret = _cal_ipc_unmarshal_record(indata,&record); - if (ret != CALENDAR_ERROR_NONE) - { + if (ret != CALENDAR_ERROR_NONE) { ERR("_cal_ipc_unmarshal_record fail"); record = NULL; goto ERROR_RETURN; } - } - else - { + } else { ret = CALENDAR_ERROR_INVALID_PARAMETER; ERR("_cal_server_ipc_db_insert_record fail"); goto ERROR_RETURN; } + if (false == _cal_access_control_have_permission(ipc, CAL_PRIVILEGE_WRITE)) { + ret = CALENDAR_ERROR_PERMISSION_DENIED; + goto ERROR_RETURN; + } + ret = calendar_db_insert_record(record, &id); if (outdata) @@ -313,6 +264,11 @@ void _cal_server_ipc_db_get_record(pims_ipc_h ipc, pims_ipc_data_h indata, pims_ goto ERROR_RETURN; } + if (false == _cal_access_control_have_permission(ipc, CAL_PRIVILEGE_READ)) { + ret = CALENDAR_ERROR_PERMISSION_DENIED; + goto ERROR_RETURN; + } + ret = calendar_db_get_record(view_uri,id,&record); ERROR_RETURN: @@ -374,6 +330,11 @@ void _cal_server_ipc_db_update_record(pims_ipc_h ipc, pims_ipc_data_h indata, pi goto ERROR_RETURN; } + if (false == _cal_access_control_have_permission(ipc, CAL_PRIVILEGE_WRITE)) { + ret = CALENDAR_ERROR_PERMISSION_DENIED; + goto ERROR_RETURN; + } + ret = calendar_db_update_record(record); ERROR_RETURN: @@ -444,6 +405,11 @@ void _cal_server_ipc_db_delete_record(pims_ipc_h ipc, pims_ipc_data_h indata, pi goto ERROR_RETURN; } + if (false == _cal_access_control_have_permission(ipc, CAL_PRIVILEGE_WRITE)) { + ret = CALENDAR_ERROR_PERMISSION_DENIED; + goto ERROR_RETURN; + } + ret = calendar_db_delete_record(view_uri,id); ERROR_RETURN: @@ -520,6 +486,11 @@ void _cal_server_ipc_db_get_all_records(pims_ipc_h ipc, pims_ipc_data_h indata, goto ERROR_RETURN; } + if (false == _cal_access_control_have_permission(ipc, CAL_PRIVILEGE_READ)) { + ret = CALENDAR_ERROR_PERMISSION_DENIED; + goto ERROR_RETURN; + } + ret = calendar_db_get_all_records(view_uri,offset,limit,&list); if (outdata) @@ -623,6 +594,11 @@ void _cal_server_ipc_db_get_records_with_query(pims_ipc_h ipc, pims_ipc_data_h i goto ERROR_RETURN; } + if (false == _cal_access_control_have_permission(ipc, CAL_PRIVILEGE_READ)) { + ret = CALENDAR_ERROR_PERMISSION_DENIED; + goto ERROR_RETURN; + } + ret = calendar_db_get_records_with_query(query,offset,limit,&list); if (outdata) @@ -720,6 +696,11 @@ void _cal_server_ipc_db_clean_after_sync(pims_ipc_h ipc, pims_ipc_data_h indata, goto ERROR_RETURN; } + if (false == _cal_access_control_have_permission(ipc, CAL_PRIVILEGE_WRITE)) { + ret = CALENDAR_ERROR_PERMISSION_DENIED; + goto ERROR_RETURN; + } + ret = calendar_db_clean_after_sync(calendar_book_id, calendar_db_version); ERROR_RETURN: @@ -769,6 +750,11 @@ void _cal_server_ipc_db_get_count(pims_ipc_h ipc, pims_ipc_data_h indata, pims_i goto ERROR_RETURN; } + if (false == _cal_access_control_have_permission(ipc, CAL_PRIVILEGE_READ)) { + ret = CALENDAR_ERROR_PERMISSION_DENIED; + goto ERROR_RETURN; + } + ret = calendar_db_get_count(view_uri,&count); if (outdata) @@ -851,6 +837,11 @@ void _cal_server_ipc_db_get_count_with_query(pims_ipc_h ipc, pims_ipc_data_h ind goto ERROR_RETURN; } + if (false == _cal_access_control_have_permission(ipc, CAL_PRIVILEGE_READ)) { + ret = CALENDAR_ERROR_PERMISSION_DENIED; + goto ERROR_RETURN; + } + ret = calendar_db_get_count_with_query(query,&count); if (outdata) @@ -937,6 +928,11 @@ void _cal_server_ipc_db_insert_records(pims_ipc_h ipc, pims_ipc_data_h indata, p goto ERROR_RETURN; } + if (false == _cal_access_control_have_permission(ipc, CAL_PRIVILEGE_WRITE)) { + ret = CALENDAR_ERROR_PERMISSION_DENIED; + goto ERROR_RETURN; + } + ret = calendar_db_insert_records(list, &ids, &id_count); if (outdata) @@ -1046,6 +1042,11 @@ void _cal_server_ipc_db_update_records(pims_ipc_h ipc, pims_ipc_data_h indata, p goto ERROR_RETURN; } + if (false == _cal_access_control_have_permission(ipc, CAL_PRIVILEGE_WRITE)) { + ret = CALENDAR_ERROR_PERMISSION_DENIED; + goto ERROR_RETURN; + } + ret = calendar_db_update_records(list); if (outdata) @@ -1154,6 +1155,11 @@ void _cal_server_ipc_db_delete_records(pims_ipc_h ipc, pims_ipc_data_h indata, p goto ERROR_RETURN; } + if (false == _cal_access_control_have_permission(ipc, CAL_PRIVILEGE_WRITE)) { + ret = CALENDAR_ERROR_PERMISSION_DENIED; + goto ERROR_RETURN; + } + ret = calendar_db_delete_records(uri,ids,count); if (outdata) @@ -1253,6 +1259,11 @@ void _cal_server_ipc_db_get_changes_by_version(pims_ipc_h ipc, pims_ipc_data_h i goto ERROR_RETURN; } + if (false == _cal_access_control_have_permission(ipc, CAL_PRIVILEGE_READ)) { + ret = CALENDAR_ERROR_PERMISSION_DENIED; + goto ERROR_RETURN; + } + ret = calendar_db_get_changes_by_version(view_uri,calendar_book_id,calendar_db_version,&record_list,¤t_calendar_db_version); if (outdata) @@ -1327,8 +1338,15 @@ void _cal_server_ipc_db_get_current_version(pims_ipc_h ipc, pims_ipc_data_h inda int ret = CALENDAR_ERROR_NONE; int calendar_db_version = 0; + if (false == _cal_access_control_have_permission(ipc, CAL_PRIVILEGE_READ)) { + ret = CALENDAR_ERROR_PERMISSION_DENIED; + return; + goto ERROR_RETURN; + } + ret = calendar_db_get_current_version(&calendar_db_version); +ERROR_RETURN: if (outdata) { *outdata = pims_ipc_data_create(0); @@ -1383,6 +1401,11 @@ void _cal_server_ipc_db_insert_vcalendars(pims_ipc_h ipc, pims_ipc_data_h indata goto ERROR_RETURN; } + if (false == _cal_access_control_have_permission(ipc, CAL_PRIVILEGE_WRITE)) { + ret = CALENDAR_ERROR_PERMISSION_DENIED; + goto ERROR_RETURN; + } + ret = calendar_db_insert_vcalendars(stream, &ids, &count); if (ret != CALENDAR_ERROR_NONE) @@ -1518,6 +1541,11 @@ void _cal_server_ipc_db_replace_vcalendars(pims_ipc_h ipc, pims_ipc_data_h indat goto ERROR_RETURN; } + if (false == _cal_access_control_have_permission(ipc, CAL_PRIVILEGE_WRITE)) { + ret = CALENDAR_ERROR_PERMISSION_DENIED; + goto ERROR_RETURN; + } + ret = calendar_db_replace_vcalendars(stream, ids, count); if (ret != CALENDAR_ERROR_NONE) @@ -1617,6 +1645,11 @@ void _cal_server_ipc_db_replace_record(pims_ipc_h ipc, pims_ipc_data_h indata, p goto ERROR_RETURN; } + if (false == _cal_access_control_have_permission(ipc, CAL_PRIVILEGE_WRITE)) { + ret = CALENDAR_ERROR_PERMISSION_DENIED; + goto ERROR_RETURN; + } + ret = calendar_db_replace_record(record, id); ERROR_RETURN: @@ -1704,6 +1737,11 @@ void _cal_server_ipc_db_replace_records(pims_ipc_h ipc, pims_ipc_data_h indata, goto ERROR_RETURN; } + if (false == _cal_access_control_have_permission(ipc, CAL_PRIVILEGE_WRITE)) { + ret = CALENDAR_ERROR_PERMISSION_DENIED; + goto ERROR_RETURN; + } + ret = calendar_db_replace_records(list, ids, count); if (outdata) @@ -1806,6 +1844,11 @@ void _cal_server_ipc_db_changes_exception(pims_ipc_h ipc, pims_ipc_data_h indata goto ERROR_RETURN; } + if (false == _cal_access_control_have_permission(ipc, CAL_PRIVILEGE_READ)) { + ret = CALENDAR_ERROR_PERMISSION_DENIED; + goto ERROR_RETURN; + } + ret = calendar_db_get_changes_exception_by_version(view_uri,original_event_id,calendar_db_version,&record_list); if (outdata)