From: Kyungwook Tak <k.tak@samsung.com>
Date: Wed, 4 May 2016 05:08:34 +0000 (+0900)
Subject: File removal on server side
X-Git-Tag: accepted/tizen/common/20160614.143943^2~159
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=refs%2Fchanges%2F28%2F68428%2F2;p=platform%2Fupstream%2Fcsr-framework.git

File removal on server side

No client credential check needed for file removal

Change-Id: I4e241c6eec5231a0dc53ed868cdaf1b973f1e21e
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
---

diff --git a/packaging/csr-framework.spec b/packaging/csr-framework.spec
index 946d287..49839ff 100644
--- a/packaging/csr-framework.spec
+++ b/packaging/csr-framework.spec
@@ -233,10 +233,10 @@ fi
 %manifest %{service_name}-test.manifest
 %{ro_data_dir}/license/%{name}-test
 %{ro_data_dir}/license/%{name}-test.BSL-1.0
-%{bin_dir}/%{service_name}-test
-%{bin_dir}/%{service_name}-internal-test
-%{bin_dir}/%{service_name}-popup-test
-%{bin_dir}/%{service_name}-threadpool-test
+%attr(-, %{service_user}, %{service_group}) %{bin_dir}/%{service_name}-test
+%attr(-, %{service_user}, %{service_group}) %{bin_dir}/%{service_name}-internal-test
+%attr(-, %{service_user}, %{service_group}) %{bin_dir}/%{service_name}-popup-test
+%attr(-, %{service_user}, %{service_group}) %{bin_dir}/%{service_name}-threadpool-test
 # test resources
-%dir %{test_dir}
-%{test_dir}/*
+%dir %attr(-, %{service_user}, %{service_group}) %{test_dir}
+%attr(-, %{service_user}, %{service_group}) %{test_dir}/*
diff --git a/packaging/csr-test.manifest.in b/packaging/csr-test.manifest.in
index 346b90a..270a1a4 100644
--- a/packaging/csr-test.manifest.in
+++ b/packaging/csr-test.manifest.in
@@ -6,7 +6,7 @@
 			<smack request="device::app_logging" type="rw" />
 			<smack request="sys-assert::core" type="rwxat" />
 			<smack request="systemd" type="rx" />
-			<smack request="csr" type="rwxat" />
+			<smack request="@SERVICE_NAME@" type="rwxat" />
 			<smack request="sdbd" type="rx" />
 			<smack request="pkgmgr::db" type="rwx" />
 		</request>
@@ -14,6 +14,7 @@
 			<smack permit="_" type="rx" />
 			<smack permit="pkgmgr" type="rx" />
 			<smack permit="pkgmgr-server" type="rx" />
+			<smack permit="@SERVICE_NAME@" type="rwxat" />
 		</permit>
 	</define>
 	<request>
diff --git a/packaging/csr.manifest.in b/packaging/csr.manifest.in
index c785f42..d889c37 100644
--- a/packaging/csr.manifest.in
+++ b/packaging/csr.manifest.in
@@ -17,8 +17,6 @@
 			<smack request="pulseaudio" type="w" />
 			<smack request="sdbd" type="rx" />
 			<smack request="pkgmgr::db" type="rwx" />
-
-			<smack request="csr-test" type="rwxat" />
 		</request>
 		<permit>
 			<smack permit="_" type="rx" />
diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt
index b51e2c9..6d702db 100755
--- a/src/CMakeLists.txt
+++ b/src/CMakeLists.txt
@@ -24,7 +24,6 @@ PKG_CHECK_MODULES(${TARGET_CSR_SERVER}_DEP
 	sqlite3
 	glib-2.0
 	pkgmgr
-	libsmack
 )
 
 SET(${TARGET_CSR_SERVER}_SRCS
diff --git a/src/framework/service/access-control.cpp b/src/framework/service/access-control.cpp
index f98902a..c85408e 100644
--- a/src/framework/service/access-control.cpp
+++ b/src/framework/service/access-control.cpp
@@ -21,52 +21,14 @@
  */
 #include "service/access-control.h"
 
-#include <memory>
-#include <cstring>
-#include <sys/smack.h>
-
-#include "common/audit/logger.h"
-#include "common/exception.h"
-#include "service/fs-utils.h"
+#include <unistd.h>
 
 namespace Csr {
 
-namespace {
-
-bool hasPermToWriteDac(const Credential &cred, const std::string &filepath)
-{
-	auto statptr = getStat(filepath);
-	return (cred.uid == statptr->st_uid && (statptr->st_mode & S_IWUSR)) ||
-		   (cred.gid == statptr->st_gid && (statptr->st_mode & S_IWGRP)) ||
-		   (statptr->st_mode & S_IWOTH);
-}
-
-bool hasPermToWriteMac(const Credential &cred, const std::string &filepath)
-{
-	char *label = nullptr;
-	int ret = smack_getlabel(filepath.c_str(), &label, SMACK_LABEL_ACCESS);
-	if (ret != 0)
-		ThrowExc(InternalError, "get smack label failed from file: " << filepath <<
-				 " ret: " << ret);
-
-	std::unique_ptr<char, void(*)(void *)> labelptr(label, ::free);
-
-	ret = smack_have_access(cred.label.c_str(), label, "w");
-	if (ret == -1)
-		ThrowExc(InternalError, "smack_have_access err on file: " << filepath <<
-				 " errno: " << errno);
-
-	return ret == 1;
-}
-
-} // namespace anonymous
-
-bool hasPermToRemove(const Credential &cred, const std::string &filepath)
+bool hasPermToRemove(const std::string &filepath)
 {
 	auto parent = filepath.substr(0, filepath.find_last_of('/'));
-
-	return hasPermToWriteDac(cred, parent) && hasPermToWriteMac(cred, parent);
-
+	return access(parent.c_str(), W_OK) == 0;
 }
 
 }
diff --git a/src/framework/service/access-control.h b/src/framework/service/access-control.h
index 4b938b7..f6d00a0 100644
--- a/src/framework/service/access-control.h
+++ b/src/framework/service/access-control.h
@@ -23,11 +23,9 @@
 
 #include <string>
 
-#include "common/credential.h"
-
 namespace Csr {
 
 // filepath should be absolute and not ended with '/'
-bool hasPermToRemove(const Credential &cred, const std::string &filepath);
+bool hasPermToRemove(const std::string &filepath);
 
 }
diff --git a/src/framework/service/logic.cpp b/src/framework/service/logic.cpp
index e6f05e0..1ef9990 100644
--- a/src/framework/service/logic.cpp
+++ b/src/framework/service/logic.cpp
@@ -65,8 +65,7 @@ RawBuffer exceptionGuard(const std::function<RawBuffer()> &func,
 
 } // namespace anonymous
 
-Logic::Logic(ThreadPool &pool) :
-	m_workqueue(pool),
+Logic::Logic() :
 	m_cs(new CsLoader(CS_ENGINE_PATH)),
 	m_wp(new WpLoader(WP_ENGINE_PATH)),
 	m_db(new Db::Manager(RW_DBSPACE "/.csr.db", RO_DBSPACE))
@@ -286,29 +285,16 @@ RawBuffer Logic::scanFile(const CsContext &context, const std::string &filepath)
 	EXCEPTION_GUARD_END
 }
 
-RawBuffer Logic::getScannableFiles(const Credential &cred, const std::string &dir)
+RawBuffer Logic::getScannableFiles(const std::string &dir)
 {
 	EXCEPTION_GUARD_START
 
 	auto lastScanTime = m_db->getLastScanTime(dir, m_csDataVersion);
 
-	StrSet filesetForClient;
-	auto filesetForServer = std::make_shared<StrSet>();
+	FsVisitorPtr visitor;
 
 	try {
-		auto visitor = FsVisitor::create(dir, lastScanTime);
-
-		if (visitor == nullptr)
-			return BinaryQueue::Serialize(CSR_ERROR_INVALID_PARAMETER, StrSet()).pop();
-
-		while (auto file = visitor->next()) {
-			DEBUG("In dir[" << dir << "], Scannable file[" << file->getPath() << "]");
-
-			if (hasPermToRemove(cred, file->getPath()))
-				filesetForClient.insert(file->getPath());
-			else
-				filesetForServer->insert(file->getPath());
-		}
+		visitor = FsVisitor::create(dir, lastScanTime);
 	} catch (const FileDoNotExist &) {
 		WARN("Directory isn't exist: " << dir << " return success with empty file set "
 			 "to skip it softly.");
@@ -319,47 +305,28 @@ RawBuffer Logic::getScannableFiles(const Credential &cred, const std::string &di
 		return BinaryQueue::Serialize(CSR_ERROR_NONE, StrSet()).pop();
 	}
 
+	StrSet fileset;
+
+	while (auto file = visitor->next()) {
+		if (hasPermToRemove(file->getPath())) {
+			DEBUG("Scannable file[" << file->getPath() << "]");
+			fileset.insert(file->getPath());
+		}
+	}
+
 	if (lastScanTime != -1) {
 		// for case: scan history exist and not modified.
 		for (auto &row : m_db->getDetectedMalwares(dir))
-			filesetForClient.insert(row->targetName);
+			fileset.insert(row->targetName);
 	}
 
-	// no fileset for server-only or dir is scanning in background already.. just skip
-	if (filesetForServer->empty() || m_scanningDirs.count(dir) != 0)
-		return BinaryQueue::Serialize(CSR_ERROR_NONE, filesetForClient).pop();
-
 	// update last scan time before start.
 	// to set scan time early is safe because file which is modified between
 	// scan start time and end time will be traversed by FsVisitor and re-scanned
 	// being compared to start time as modified since.
 	m_db->insertLastScanTime(dir, time(nullptr), m_csDataVersion);
 
-	m_workqueue.submit([this, dir, filesetForServer]() {
-		{
-			std::lock_guard<std::mutex> l(this->m_mutex);
-			this->m_scanningDirs.insert(dir);
-		}
-
-		// TODO: how to set default option of scan on cloud?
-		// ask user -> not ask user
-		// message -> none because not ask user
-		// core usage -> default
-		CsContext context;
-
-		for (auto file : *filesetForServer) {
-			// results are registered to db automatically
-			// so need not to handle returned data
-			this->scanFileHelper(context, file);
-		}
-
-		{
-			std::lock_guard<std::mutex> l(this->m_mutex);
-			this->m_scanningDirs.erase(dir);
-		}
-	});
-
-	return BinaryQueue::Serialize(CSR_ERROR_NONE, filesetForClient).pop();
+	return BinaryQueue::Serialize(CSR_ERROR_NONE, fileset).pop();
 
 	EXCEPTION_GUARD_CLOSER(ret)
 
diff --git a/src/framework/service/logic.h b/src/framework/service/logic.h
index a4264d5..2e9f3fb 100644
--- a/src/framework/service/logic.h
+++ b/src/framework/service/logic.h
@@ -43,14 +43,14 @@ namespace Csr {
 
 class Logic {
 public:
-	Logic(ThreadPool &);
+	Logic();
 	virtual ~Logic();
 
 	void submit(std::function<void()> &&task);
 
 	RawBuffer scanData(const CsContext &context, const RawBuffer &data);
 	RawBuffer scanFile(const CsContext &context, const std::string &filepath);
-	RawBuffer getScannableFiles(const Credential &cred, const std::string &dir);
+	RawBuffer getScannableFiles(const std::string &dir);
 	RawBuffer judgeStatus(const std::string &filepath, csr_cs_action_e action);
 	RawBuffer getDetected(const std::string &filepath);
 	RawBuffer getDetectedList(const StrSet &dirSet);
@@ -69,11 +69,6 @@ private:
 	static csr_wp_user_response_e getUserResponse(const WpContext &,
 			const std::string &url, const WpResult &);
 
-	// internal task submit to thread pool for background scanning
-	ThreadPool &m_workqueue;
-	std::mutex m_mutex;
-	StrSet m_scanningDirs;
-
 	std::shared_ptr<CsLoader> m_cs;
 	std::shared_ptr<WpLoader> m_wp;
 	std::unique_ptr<Db::Manager> m_db;
diff --git a/src/framework/service/server-service.cpp b/src/framework/service/server-service.cpp
index 9970371..34eb990 100644
--- a/src/framework/service/server-service.cpp
+++ b/src/framework/service/server-service.cpp
@@ -35,9 +35,7 @@
 namespace Csr {
 
 ServerService::ServerService(const std::string &address) :
-	Service(address),
-	m_workqueue(2, 10),
-	m_logic(m_workqueue)
+	Service(address), m_workqueue(2, 10)
 {
 }
 
@@ -45,7 +43,7 @@ ServerService::~ServerService()
 {
 }
 
-RawBuffer ServerService::process(const ConnShPtr &conn, RawBuffer &data)
+RawBuffer ServerService::process(const ConnShPtr &, RawBuffer &data)
 {
 	CommandId id;
 
@@ -74,7 +72,7 @@ RawBuffer ServerService::process(const ConnShPtr &conn, RawBuffer &data)
 		std::string dir;
 		q.Deserialize(dir);
 
-		return m_logic.getScannableFiles(conn->getCredential(), dir);
+		return m_logic.getScannableFiles(dir);
 	}
 
 	case CommandId::JUDGE_STATUS: {
diff --git a/test/test-api-content-screening-async.cpp b/test/test-api-content-screening-async.cpp
index b795646..fb6a1b4 100644
--- a/test/test-api-content-screening-async.cpp
+++ b/test/test-api-content-screening-async.cpp
@@ -190,9 +190,10 @@ BOOST_AUTO_TEST_CASE(scan_dir_positive)
 	l.unlock();
 
 	ASSERT_IF(testCtx.completedCnt, 1);
-	ASSERT_IF(testCtx.scannedCnt + testCtx.detectedCnt, 8);
+	ASSERT_IF(testCtx.detectedCnt, 0);
 	ASSERT_IF(testCtx.cancelledCnt, 0);
 	ASSERT_IF(testCtx.errorCnt, 0);
+	ASSERT_IF(testCtx.scannedCnt == 8 || testCtx.scannedCnt == 0, true); // in case of delta
 
 	EXCEPTION_GUARD_END
 }
@@ -226,9 +227,10 @@ BOOST_AUTO_TEST_CASE(scan_dirs_positive)
 	l.unlock();
 
 	ASSERT_IF(testCtx.completedCnt, 1);
-	ASSERT_IF(testCtx.scannedCnt + testCtx.detectedCnt, 8);
+	ASSERT_IF(testCtx.detectedCnt, 0);
 	ASSERT_IF(testCtx.cancelledCnt, 0);
 	ASSERT_IF(testCtx.errorCnt, 0);
+	ASSERT_IF(testCtx.scannedCnt == 8 || testCtx.scannedCnt == 0, true); // in case of delta
 
 	EXCEPTION_GUARD_END
 }