From 3338a78833f58fa923cc5c90019dad464c5bb338 Mon Sep 17 00:00:00 2001 From: "Junseok, Kim" Date: Fri, 28 Aug 2020 15:26:36 +0900 Subject: [PATCH] e_policy_wl: add privilege check of all tzsh services from now on, all of tzsh_service needs privilege. (default: internal/default/platform) Change-Id: I03bc29034c900b5148f37d4b8c940854054da7d1 Signed-off-by: Junseok, Kim --- src/bin/e_policy_wl.c | 84 +++++++++++++++++++++++++++++-------------- src/bin/e_privilege.c | 7 ++++ src/bin/e_privilege.h | 7 ++++ 3 files changed, 71 insertions(+), 27 deletions(-) diff --git a/src/bin/e_policy_wl.c b/src/bin/e_policy_wl.c index 1c63301dd0..12a8f810ba 100644 --- a/src/bin/e_policy_wl.c +++ b/src/bin/e_policy_wl.c @@ -4121,6 +4121,57 @@ static const struct tws_service_interface _tzsh_srv_iface = _tzsh_srv_iface_cb_launcher_get, }; +static Eina_Bool +_e_policy_wl_tzsh_service_check_privilege(struct wl_client *client, int role) +{ + const char *privilege; + pid_t pid; + uid_t uid; + Eina_Bool res; + + switch (role) + { + case TZSH_SRV_ROLE_QUICKPANEL_SYSTEM_DEFAULT: + case TZSH_SRV_ROLE_QUICKPANEL_CONTEXT_MENU: + case TZSH_SRV_ROLE_QUICKPANEL_APPS_MENU: + privilege = E_PRIVILEGE_QUICKPANEL_SERVICE; + break; + case TZSH_SRV_ROLE_VOLUME: + privilege = E_PRIVILEGE_VOLUME_SERVICE; + break; + case TZSH_SRV_ROLE_LOCKSCREEN: + privilege = E_PRIVILEGE_LOCKSCREEN_SERVICE; + break; + case TZSH_SRV_ROLE_INDICATOR: + privilege = E_PRIVILEGE_INDICATOR_SERVICE; + break; + case TZSH_SRV_ROLE_SCREENSAVER_MNG: + case TZSH_SRV_ROLE_SCREENSAVER: + privilege = E_PRIVILEGE_SCREENSAVER_SERVICE; + break; + case TZSH_SRV_ROLE_CBHM: + privilege = E_PRIVILEGE_CBHM_SERVICE; + break; + case TZSH_SRV_ROLE_SOFTKEY: + privilege = E_PRIVILEGE_SOFTKEY_SERVICE; + break; + case TZSH_SRV_ROLE_MAGNIFIER: + privilege = E_PRIVILEGE_MAGNIFIER_SERVICE; + break; + case TZSH_SRV_ROLE_LAUNCHER: + privilege = E_PRIVILEGE_LAUNCHER_SERVICE; + break; + default: + return EINA_TRUE; + } + + wl_client_get_credentials(client, &pid, &uid, NULL); + res = e_security_privilege_check(pid, + uid, + privilege); + return res; +} + static void _tzsh_cb_srv_destroy(struct wl_resource *res_tzsh_srv) { @@ -4144,8 +4195,6 @@ _tzsh_iface_cb_srv_create(struct wl_client *client, struct wl_resource *res_tzsh E_Client *ec; E_Pixmap *cp; int role; - pid_t pid; - uid_t uid; Eina_Bool res; role = _e_policy_wl_tzsh_srv_role_get(name); @@ -4159,32 +4208,13 @@ _tzsh_iface_cb_srv_create(struct wl_client *client, struct wl_resource *res_tzsh } /* check whether client has a privilege */ - if (role == TZSH_SRV_ROLE_MAGNIFIER) - { - wl_client_get_credentials(client, &pid, &uid, NULL); - res = e_security_privilege_check(pid, - uid, - E_PRIVILEGE_MAGNIFIER_SERVICE); - if (!res) - { - ERR("Could not get privilege of resource: %m"); - tizen_ws_shell_send_error(res_tzsh, - TIZEN_WS_SHELL_ERROR_PERMISSION_DENIED); - return; - } - } - else if (role == TZSH_SRV_ROLE_LAUNCHER) + res = _e_policy_wl_tzsh_service_check_privilege(client, role); + if (!res) { - wl_client_get_credentials(client, &pid, &uid, NULL); - res = e_security_privilege_check(pid, uid, - E_PRIVILEGE_LAUNCHER_SERVICE); - if (!res) - { - ERR("Could not get privilege of resource: %m"); - tizen_ws_shell_send_error(res_tzsh, - TIZEN_WS_SHELL_ERROR_PERMISSION_DENIED); - return; - } + ERR("Could not get privilege of resource: %m"); + tizen_ws_shell_send_error(res_tzsh, + TIZEN_WS_SHELL_ERROR_PERMISSION_DENIED); + return; } /* to avoid sending a wayland error after tzsh ERROR_NONE for every cases diff --git a/src/bin/e_privilege.c b/src/bin/e_privilege.c index e3baa1240c..6b17a9f5ba 100644 --- a/src/bin/e_privilege.c +++ b/src/bin/e_privilege.c @@ -10,6 +10,13 @@ EINTERN const char *E_PRIVILEGE_SCREENSHOT = "http://tizen.org/pr EINTERN const char *E_PRIVILEGE_SOFTKEY = "http://tizen.org/privilege/windowsystem.admin"; EINTERN const char *E_PRIVILEGE_MAGNIFIER_SERVICE = "http://tizen.org/privilege/internal/default/platform"; EINTERN const char *E_PRIVILEGE_LAUNCHER_SERVICE = "http://tizen.org/privilege/internal/default/platform"; +EINTERN const char *E_PRIVILEGE_QUICKPANEL_SERVICE = "http://tizen.org/privilege/internal/default/platform"; +EINTERN const char *E_PRIVILEGE_VOLUME_SERVICE = "http://tizen.org/privilege/internal/default/platform"; +EINTERN const char *E_PRIVILEGE_LOCKSCREEN_SERVICE = "http://tizen.org/privilege/internal/default/platform"; +EINTERN const char *E_PRIVILEGE_INDICATOR_SERVICE = "http://tizen.org/privilege/internal/default/platform"; +EINTERN const char *E_PRIVILEGE_SCREENSAVER_SERVICE = "http://tizen.org/privilege/internal/default/platform"; +EINTERN const char *E_PRIVILEGE_CBHM_SERVICE = "http://tizen.org/privilege/internal/default/platform"; +EINTERN const char *E_PRIVILEGE_SOFTKEY_SERVICE = "http://tizen.org/privilege/internal/default/platform"; E_API const char *E_PRIVILEGE_GESTURE_GRAB = "http://tizen.org/privilege/gesturegrab"; E_API const char *E_PRIVILEGE_GESTURE_ACTIVATE = "http://tizen.org/privilege/gestureactivation"; diff --git a/src/bin/e_privilege.h b/src/bin/e_privilege.h index d1935ce988..ed8e19ac0a 100644 --- a/src/bin/e_privilege.h +++ b/src/bin/e_privilege.h @@ -13,6 +13,13 @@ extern EINTERN const char *E_PRIVILEGE_SCREENSHOT; extern EINTERN const char *E_PRIVILEGE_SOFTKEY; extern EINTERN const char *E_PRIVILEGE_MAGNIFIER_SERVICE; extern EINTERN const char *E_PRIVILEGE_LAUNCHER_SERVICE; +extern EINTERN const char *E_PRIVILEGE_QUICKPANEL_SERVICE; +extern EINTERN const char *E_PRIVILEGE_VOLUME_SERVICE; +extern EINTERN const char *E_PRIVILEGE_LOCKSCREEN_SERVICE; +extern EINTERN const char *E_PRIVILEGE_INDICATOR_SERVICE; +extern EINTERN const char *E_PRIVILEGE_SCREENSAVER_SERVICE; +extern EINTERN const char *E_PRIVILEGE_CBHM_SERVICE; +extern EINTERN const char *E_PRIVILEGE_SOFTKEY_SERVICE; extern E_API const char *E_PRIVILEGE_GESTURE_GRAB; extern E_API const char *E_PRIVILEGE_GESTURE_ACTIVATE; -- 2.34.1