From: Changgyu Choi <changyu.choi@samsung.com>
Date: Fri, 3 Jan 2025 10:35:00 +0000 (+0900)
Subject: Add uid checking logic for APP_GET_APPID_BYPID
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=refs%2Fheads%2Ftizen_6.0;p=platform%2Fcore%2Fappfw%2Famd.git

Add uid checking logic for APP_GET_APPID_BYPID

This patch prevents non-Tizen application from querying itself.

Change-Id: Ice4bb29f2e581de3814d4d7477ea8d0820def44f
Signed-off-by: Changgyu Choi <changyu.choi@samsung.com>
---

diff --git a/src/lib/amd_app_status.c b/src/lib/amd_app_status.c
index 2c562cf9..741c555b 100644
--- a/src/lib/amd_app_status.c
+++ b/src/lib/amd_app_status.c
@@ -1786,6 +1786,17 @@ static int __dispatch_app_get_appid_by_pid(request_h req)
 	}
 
 	pid = atoi(pid_str);
+	pid_t caller_pid = _request_get_pid(req);
+	if (pid == caller_pid) {
+		uid_t uid = _request_get_uid(req);
+		if (uid < REGULAR_UID_MIN) {
+			_E("pid(%d) is not an application", pid);
+			aul_sock_send_raw_with_fd(_request_remove_fd(req),
+					APP_GET_INFO_ERROR, NULL, 0, AUL_SOCK_NOREPLY);
+			return -1;
+		}
+	}
+
 	ret = _app_status_get_appid_bypid(_request_remove_fd(req), pid);
 	_D("app_status_get_appid_bypid : %d : %d", pid, ret);