From 33a03a1b8c833aad6ff39e6f4835074c8925f9b2 Mon Sep 17 00:00:00 2001 From: SukhyungKang Date: Mon, 6 Jan 2025 17:35:44 +0900 Subject: [PATCH] Change to use cynara api instead of direct access to check privilege Change-Id: Iefc0bca70e6e891b0c9e27b2127366efbc80b738 Signed-off-by: SukhyungKang --- packaging/libwidget_viewer.spec | 1 + tests/unit_tests/CMakeLists.txt | 1 + widget_viewer_evas/CMakeLists.txt | 1 + widget_viewer_evas/src/widget_viewer_evas.c | 28 +++++++++------------ 4 files changed, 15 insertions(+), 16 deletions(-) diff --git a/packaging/libwidget_viewer.spec b/packaging/libwidget_viewer.spec index 151bb7ea..4bfca16e 100644 --- a/packaging/libwidget_viewer.spec +++ b/packaging/libwidget_viewer.spec @@ -35,6 +35,7 @@ BuildRequires: pkgconfig(wayland-client) BuildRequires: pkgconfig(libtbm) BuildRequires: pkgconfig(libtzplatform-config) BuildRequires: pkgconfig(cynara-client) +BuildRequires: pkgconfig(cynara-creds-self) BuildRequires: pkgconfig(appsvc) BuildRequires: pkgconfig(ecore-wl2) BuildRequires: pkgconfig(wayland-tbm-client) diff --git a/tests/unit_tests/CMakeLists.txt b/tests/unit_tests/CMakeLists.txt index 8ddc0ff4..1e6d81eb 100644 --- a/tests/unit_tests/CMakeLists.txt +++ b/tests/unit_tests/CMakeLists.txt @@ -21,6 +21,7 @@ PKG_CHECK_MODULES(${PROJECT_NAME}-unittests REQUIRED libtbm libtzplatform-config cynara-client + cynara-creds-self appsvc ecore-wl2 wayland-tbm-client diff --git a/widget_viewer_evas/CMakeLists.txt b/widget_viewer_evas/CMakeLists.txt index e7cd95fe..b228af26 100644 --- a/widget_viewer_evas/CMakeLists.txt +++ b/widget_viewer_evas/CMakeLists.txt @@ -22,6 +22,7 @@ pkg_check_modules(viewer_evas REQUIRED capi-appfw-application aul cynara-client + cynara-creds-self screen_connector_watcher_evas ) diff --git a/widget_viewer_evas/src/widget_viewer_evas.c b/widget_viewer_evas/src/widget_viewer_evas.c index d59a9b6b..5b711661 100644 --- a/widget_viewer_evas/src/widget_viewer_evas.c +++ b/widget_viewer_evas/src/widget_viewer_evas.c @@ -33,6 +33,7 @@ #include #include #include +#include #include #include @@ -383,12 +384,9 @@ static inline bool __is_widget_feature_enabled(void) #define SMACK_LABEL_LEN 255 static int __check_privilege(const char *privilege) { - cynara *p_cynara; - - int fd = 0; + cynara *p_cynara = NULL; int ret = 0; - - char subject_label[SMACK_LABEL_LEN +1] = ""; + char *cynara_client = NULL; char uid[10] = {0, }; char *client_session = ""; @@ -396,23 +394,17 @@ static int __check_privilege(const char *privilege) if (ret != CYNARA_API_SUCCESS) return -1; - fd = open("/proc/self/attr/current", O_RDONLY); - if (fd < 0) { - ret = -1; - goto ERROR; - } + ret = cynara_creds_self_get_client(CLIENT_METHOD_DEFAULT, &cynara_client); + if (ret != CYNARA_API_SUCCESS) { + LOGD("failed to get cynara client : %d", ret); - ret = read(fd, subject_label, SMACK_LABEL_LEN); - if (ret < 0) { - LOGE("read is failed");/* LCOV_EXCL_LINE */ - close(fd);/* LCOV_EXCL_LINE */ + ret = -1; goto ERROR; } - close(fd); snprintf(uid, 10, "%d", getuid()); - ret = cynara_check(p_cynara, subject_label, client_session, uid, privilege); + ret = cynara_check(p_cynara, cynara_client, client_session, uid, privilege); if (ret != CYNARA_API_ACCESS_ALLOWED) { ret = -1; goto ERROR; @@ -423,6 +415,10 @@ static int __check_privilege(const char *privilege) ERROR: if (p_cynara) cynara_finish(p_cynara); + + if (cynara_client) + free(cynara_client); + return ret; } -- 2.34.1