From: Youngjae Cho Date: Thu, 16 Jan 2025 08:34:33 +0000 (+0900) Subject: shared: Replace syscommon_proc_is_app() with security-manager API X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=refs%2Fheads%2Ftizen-next;p=platform%2Fcore%2Fsystem%2Fdeviced.git shared: Replace syscommon_proc_is_app() with security-manager API Instead of syscommon_proc_is_app() which had been accessing smack node '/proc//attr/current' directly, use security-manager API instead. It is especially important where smack is not support. The security-manager API can handle such case in contrast to accessing the smack node directly. Change-Id: I2c3ae99bf7c0ec265d89ecf2a842c42d3903544a Signed-off-by: Youngjae Cho --- diff --git a/packaging/deviced.spec b/packaging/deviced.spec index 86258fcb..b69d32dc 100644 --- a/packaging/deviced.spec +++ b/packaging/deviced.spec @@ -47,6 +47,7 @@ BuildRequires: pkgconfig(argos_watchdog) BuildRequires: pkgconfig(cmocka) BuildRequires: pkgconfig(gtest) BuildRequires: pkgconfig(gmock) +BuildRequires: pkgconfig(security-manager) Requires: %{name}-tools = %{version}-%{release} %{?systemd_requires} diff --git a/src/display/display-lock.c b/src/display/display-lock.c index 824376ee..dd0959d8 100644 --- a/src/display/display-lock.c +++ b/src/display/display-lock.c @@ -391,7 +391,7 @@ static gboolean lock_watchdog_callback(void *data) return G_SOURCE_REMOVE; } - if (!syscommon_proc_is_app(dl->pid)) { + if (!is_app(dl->pid)) { /* For daemon, no need to ask resourced if it is abnormal lock */ // TODO: is it correct? broadcast_lock_watchdog_expired(dl->pid, dl->state, NULL, dl->time); diff --git a/src/shared/CMakeLists.txt b/src/shared/CMakeLists.txt index 44ad9400..5d7d3b76 100644 --- a/src/shared/CMakeLists.txt +++ b/src/shared/CMakeLists.txt @@ -4,7 +4,8 @@ PKG_CHECK_MODULES(SHARED_REQUIRED_PKGS REQUIRED dlog bundle capi-system-info - eventsystem) + eventsystem + security-manager) FILE(GLOB SHARED_SRCS "*.c") ADD_LIBRARY(deviced-common-private SHARED ${SHARED_SRCS}) diff --git a/src/shared/apps.c b/src/shared/apps.c index fb6df4ff..44a5200b 100644 --- a/src/shared/apps.c +++ b/src/shared/apps.c @@ -17,6 +17,7 @@ */ #include +#include #include #include #include @@ -194,6 +195,18 @@ void set_app_state(pid_t pid, enum application_state as) _E("Invalid as=%d", as); } +int is_app(pid_t pid) +{ + bool is_app = false; + int ret; + + ret = security_manager_is_app_from_pid(pid, &is_app); + if (ret != SECURITY_MANAGER_SUCCESS) + return -1; + + return is_app; +} + static void __CONSTRUCTOR__ initialize(void) { init_bm_background(); diff --git a/src/shared/apps.h b/src/shared/apps.h index 92f753ef..52327ede 100644 --- a/src/shared/apps.h +++ b/src/shared/apps.h @@ -44,5 +44,6 @@ int add_async_notification(char *type, dbus_pending_cb func, GVariant *param); int remove_notification(char *type, int id); void set_app_state(pid_t pid, enum application_state as); bool is_app_background (pid_t pid); +int is_app(pid_t pid); #endif /* __APPS_H__ */ diff --git a/src/tzip/tzip.c b/src/tzip/tzip.c index 5035280e..3ffb3b48 100644 --- a/src/tzip/tzip.c +++ b/src/tzip/tzip.c @@ -42,6 +42,7 @@ #include "shared/devices.h" #include "shared/device-notifier.h" #include "shared/common.h" +#include "shared/apps.h" #include "tzip-utility.h" #define PACKAGE_UNPACK_PATH "/opt/usr/share/package-unpacked" @@ -913,7 +914,7 @@ static GVariant *dbus_request_mount_tzip_internal(GDBusConnection *conn, const g } pid = gdbus_connection_get_sender_pid(conn, sender); - if (syscommon_proc_is_app(pid) != 0) { + if (is_app(pid) != 0) { _E("PID(%d) is not privileged to use tzip.", pid); ret = -EPERM; goto out; @@ -998,7 +999,7 @@ static GVariant *dbus_request_unmount_tzip_internal(GDBusConnection *conn, const } pid = gdbus_connection_get_sender_pid(conn, sender); - if (syscommon_proc_is_app(pid) != 0) { + if (is_app(pid) != 0) { _E("PID(%d) is not privileged to use tzip.", pid); ret = -EPERM; goto out; diff --git a/tests/deviced-common-private-test/CMakeLists.txt b/tests/deviced-common-private-test/CMakeLists.txt index 535c231f..fe497541 100644 --- a/tests/deviced-common-private-test/CMakeLists.txt +++ b/tests/deviced-common-private-test/CMakeLists.txt @@ -10,7 +10,8 @@ PKG_CHECK_MODULES(ORIG_REQUIRED_PKGS REQUIRED libsyscommon bundle capi-system-info - eventsystem) + eventsystem + security-manager) SET(WRAP_FLAGS "-Wl,--wrap=dlopen") SET(WRAP_FLAGS "${WRAP_FLAGS} -Wl,--wrap=access")