From: Hyotaek Shim <hyotaek.shim@samsung.com>
Date: Fri, 13 Apr 2018 05:52:29 +0000 (+0900)
Subject: Add defense code for wrong use cases
X-Git-Tag: accepted/tizen/unified/20180413.151930^0
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=refs%2Fchanges%2F81%2F175881%2F2;p=platform%2Fcore%2Fsystem%2Flibstorage.git

Add defense code for wrong use cases
Only Tizen applications and user session daemons can use
storage_get_root_directory(STORAGE_TYPE_INTERNAL, ...).

Change-Id: I107b027a06843bbd88f7a1008f8051b6c5430b79
Signed-off-by: Hyotaek Shim <hyotaek.shim@samsung.com>
---

diff --git a/src/storage.c b/src/storage.c
index cd3e29a..33bfc8e 100644
--- a/src/storage.c
+++ b/src/storage.c
@@ -28,6 +28,8 @@
 #include "storage-external.h"
 
 #define BLOCK_CONF_FILE         "/etc/storaged/block.conf"
+#define USER_UID_START		5000
+
 const char *dir_path[STORAGE_DIRECTORY_MAX];
 
 const int tz_id[STORAGE_DIRECTORY_MAX] = {
@@ -123,6 +125,12 @@ API int storage_get_root_directory(int storage_id, char **path)
 		return STORAGE_ERROR_INVALID_PARAMETER;
 	}
 
+	if (storage_id == STORAGE_TYPE_INTERNAL && getuid() < USER_UID_START) {
+		_E("Only Tizen applications and user session daemons can use \
+			storage_get_root_directory(STORAGE_TYPE_INTERNAL, ...)");
+		return STORAGE_ERROR_INVALID_PARAMETER;
+	}
+
 	/* internal storage */
 	DD_LIST_FOREACH(st_int_head, elem, st) {
 		if (st->storage_id != storage_id)