From 3b1b2943028ebe3334c299f619416e80e156579c Mon Sep 17 00:00:00 2001
From: Jusung Son <jusung07.son@samsung.com>
Date: Tue, 3 Dec 2019 18:57:12 +0900
Subject: [PATCH] Add uid validation for notification-ex

Change-Id: Id46391654986c7eb09ae276182b710bc84b24a69
Signed-off-by: Jusung Son <jusung07.son@samsung.com>
---
 src/notification_ex_service.cc | 65 +++++++++++++++++++++++++++++++++++-------
 1 file changed, 54 insertions(+), 11 deletions(-)

diff --git a/src/notification_ex_service.cc b/src/notification_ex_service.cc
index 79199d4..7eb32f2 100644
--- a/src/notification_ex_service.cc
+++ b/src/notification_ex_service.cc
@@ -24,6 +24,7 @@
 #include <pkgmgr-info.h>
 #include <bundle.h>
 #include <bundle_internal.h>
+#include <tzplatform_config.h>
 
 #include <iostream>
 #include <sstream>
@@ -115,6 +116,13 @@ class DPMFacade {
       ERR("Failed to launch default viewer [%d]", ret);
   }
 
+  uid_t GetUid(const IEventInfo& info) {
+    uid_t validated_uid =
+            static_cast<const IEventInfoInternal&>(info).GetValidatedUid();
+
+    return validated_uid > NORMAL_UID_BASE ?
+                    validated_uid : tzplatform_getuid(TZ_SYS_DEFAULT_USER);
+  }
   unique_ptr<Reporter> reporter_;
   unique_ptr<Manager> manager_;
   map<string, string> hide_map_;
@@ -175,7 +183,7 @@ class DPMReporter : public Reporter {
     DBG("Delete !!!");
     if (info.GetEventType() == IEventInfo::EventType::DeleteAll) {
       list<shared_ptr<item::AbstractItem>> noti_list =
-          DBManager::GetNotificationList(((const IEventInfoInternal&)info).GetUid());
+          DBManager::GetNotificationList(facade_->GetUid(info));
       for (auto& i : noti_list) {
         DoDelete(info, i);
       }
@@ -214,8 +222,7 @@ class DPMReporter : public Reporter {
     list<shared_ptr<item::AbstractItem>> item_list;
 
     DBG("Get report !!! %s", info.GetItemId().c_str());
-    item_list = DBManager::GetNotificationList(
-                ((const IEventInfoInternal&)info).GetUid(),
+    item_list = DBManager::GetNotificationList(facade_->GetUid(info),
                 ((const IEventInfoInternal&)info).GetChannel().c_str());
 
     facade_->shared_file_.SetPrivateSharing(item_list,
@@ -226,8 +233,7 @@ class DPMReporter : public Reporter {
 
   int OnRequestNumber(const IEventInfo& info) override {
     DBG("Get count !!! %s", info.GetItemId().c_str());
-    return DBManager::GetNotificationList(
-        ((const IEventInfoInternal&)info).GetUid()).size();
+    return DBManager::GetNotificationList(facade_->GetUid(info)).size();
   }
 
   int UpdateHideApp(shared_ptr<item::AbstractItem> updatedItem) {
@@ -328,6 +334,12 @@ class DPMManager : public Manager {
     DBG("Add !!!");
     int ret;
 
+    ret = ValidateUid(info, addedItem);
+    if (ret != ERROR_NONE) {
+      SendError(info, static_cast<NotificationError>(ret));
+      return;
+    }
+
     SetIndirectRequest(info, addedItem);
 
     ret = DBManager::InsertNotification(addedItem);
@@ -347,6 +359,12 @@ class DPMManager : public Manager {
     DBG("Update !!!");
     int ret;
 
+    ret = ValidateUid(info, updatedItem);
+    if (ret != ERROR_NONE) {
+      SendError(info, static_cast<NotificationError>(ret));
+      return;
+    }
+
     UpdateHideApp(updatedItem);
     SetIndirectRequest(info, updatedItem);
 
@@ -381,8 +399,7 @@ class DPMManager : public Manager {
     DBG("Delete !!!");
     if (info.GetEventType() == IEventInfo::EventType::DeleteAll) {
       list<shared_ptr<item::AbstractItem>> noti_list =
-          DBManager::GetNotificationList(info.GetOwner(),
-              ((const IEventInfoInternal&)info).GetUid());
+          DBManager::GetNotificationList(info.GetOwner(), facade_->GetUid(info));
       for (auto& i : noti_list) {
         DoDelete(info, i);
       }
@@ -396,14 +413,13 @@ class DPMManager : public Manager {
 
   list<shared_ptr<item::AbstractItem>> OnRequestEvent(const IEventInfo& info) override {
     DBG("Get !!! %s", info.GetOwner().c_str());
+    uid_t uid = facade_->GetUid(info);
     if (info.GetItemId().empty()) {
       /* get */
-      return DBManager::GetNotificationList(info.GetOwner(),
-                         ((const IEventInfoInternal&)info).GetUid());
+      return DBManager::GetNotificationList(info.GetOwner(), uid);
     } else {
       /*  FindByRootID */
-      return DBManager::GetNotificationList(info.GetOwner(), info.GetItemId(),
-                         ((const IEventInfoInternal&)info).GetUid());
+      return DBManager::GetNotificationList(info.GetOwner(), info.GetItemId(), uid);
     }
   }
 
@@ -464,6 +480,33 @@ class DPMManager : public Manager {
     bundle_free(b);
   }
 
+  int ValidateUid(const IEventInfo& info, list<shared_ptr<AbstractItem>> addedItem) {
+    int ret;
+    for (auto& i : addedItem) {
+      ret = ValidateUid(info, i);
+      if (ret != ERROR_NONE)
+        return ret;
+    }
+
+    return ERROR_NONE;
+  }
+
+  int ValidateUid(const IEventInfo& info, shared_ptr<AbstractItem> addedItem) {
+    uid_t validated_uid = static_cast<const IEventInfoInternal&>(info).GetValidatedUid();
+    uid_t item_uid = static_pointer_cast<IItemInfoInternal>
+                                  (addedItem->GetInfo())->GetUid();
+
+    if (validated_uid <= NORMAL_UID_BASE) {
+      static_pointer_cast<IItemInfoInternal>
+          (addedItem->GetInfo())->SetUid(tzplatform_getuid(TZ_SYS_DEFAULT_USER));
+    } else if (validated_uid != item_uid) {
+      ERR("Invalid sender uid[%d] noti_uid[%d]", validated_uid, item_uid);
+      return ERROR_INVALID_PARAMETER;
+    }
+
+    return ERROR_NONE;
+  }
+
  public:
   DPMManager(std::unique_ptr<IEventSender> sender,
       std::unique_ptr<IEventListener> listener)
-- 
2.7.4