From 4335e6ba42b0fcd55fe5b4aa65a78f2e71f55bac Mon Sep 17 00:00:00 2001
From: Sangkoo Kim <sangkoo.kim@samsung.com>
Date: Mon, 18 Apr 2016 14:34:33 +0900
Subject: [PATCH] change uid/gid

Change-Id: Icb47ed8a5335c8ceab26058387230e289c611ef6
---
 framework/main.cpp                              |  5 ---
 framework/setting-handler/MsgSettingHandler.cpp | 14 ++++----
 include/utils/MsgUtilFile.h                     |  1 -
 packaging/msg-server.service                    |  2 ++
 packaging/msg-server.socket                     |  2 ++
 packaging/msg-service.spec                      | 34 ++++++++++++------
 utils/CMakeLists.txt                            |  2 +-
 utils/MsgIpcSocket.cpp                          |  1 +
 utils/MsgUtilFile.cpp                           | 47 -------------------------
 9 files changed, 36 insertions(+), 72 deletions(-)

diff --git a/framework/main.cpp b/framework/main.cpp
index ba9249c..f025111 100755
--- a/framework/main.cpp
+++ b/framework/main.cpp
@@ -56,11 +56,6 @@ void* InitMsgServer(void*)
 	MsgInitCallStatusManager();
 
 	try {
-		/* ipc data folder set acl for priv_read and priv_write */
-		if (!MsgAclInit()) {
-			MSG_ERR("FAIL TO INITIALIZE ACL [%d]", err);
-		}
-
 		/* storage handler initialize */
 		err = MsgStoInitDB(false);
 		if (err != MSG_SUCCESS) {
diff --git a/framework/setting-handler/MsgSettingHandler.cpp b/framework/setting-handler/MsgSettingHandler.cpp
index 5d850d6..37c4cf0 100755
--- a/framework/setting-handler/MsgSettingHandler.cpp
+++ b/framework/setting-handler/MsgSettingHandler.cpp
@@ -27,13 +27,13 @@
 
 /* To store latest setting values */
 /* when it sets to vconf, it will be compared with below values */
-MSG_GENERAL_OPT_S		g_generalOpt;
-MSG_SMS_SENDOPT_S		g_smsSendOpt;
-MSG_SMSC_LIST_S			g_smscList;
-MSG_MMS_SENDOPT_S		g_mmsSendOpt;
-MSG_MMS_RECVOPT_S		g_mmsRecvOpt;
-MSG_MMS_STYLEOPT_S		g_mmsStyleOpt;
-MSG_PUSHMSG_OPT_S		g_pushMsgOpt;
+MSG_GENERAL_OPT_S		g_generalOpt = {0,};
+MSG_SMS_SENDOPT_S		g_smsSendOpt = {0,};
+MSG_SMSC_LIST_S			g_smscList = {0,};
+MSG_MMS_SENDOPT_S		g_mmsSendOpt = {0,};
+MSG_MMS_RECVOPT_S		g_mmsRecvOpt = {0,};
+MSG_MMS_STYLEOPT_S		g_mmsStyleOpt = {0,};
+MSG_PUSHMSG_OPT_S		g_pushMsgOpt = {0,};
 
 /*==================================================================================================
                                      FUNCTION IMPLEMENTATION
diff --git a/include/utils/MsgUtilFile.h b/include/utils/MsgUtilFile.h
index 0407143..691546b 100755
--- a/include/utils/MsgUtilFile.h
+++ b/include/utils/MsgUtilFile.h
@@ -65,6 +65,5 @@ int MsgCheckFilepathSmack(const char *app_smack_label, char *file_path);
 
 void MsgGetMimeType(char *filePath, char *mimeType, int size);
 int MsgTcsScanFile(const char *filepath, int *bLevel);
-bool MsgAclInit();
 #endif /* MSG_UTIL_FILE_H */
 
diff --git a/packaging/msg-server.service b/packaging/msg-server.service
index 4ad8912..cd2d14a 100755
--- a/packaging/msg-server.service
+++ b/packaging/msg-server.service
@@ -4,6 +4,8 @@ After=contacts-service.service
 
 [Service]
 Type=simple
+User=messaging
+Group=messaging
 ExecStart=/usr/bin/msg-server
 Restart=always
 MemoryLimit=10M
diff --git a/packaging/msg-server.socket b/packaging/msg-server.socket
index e9787a6..018a133 100644
--- a/packaging/msg-server.socket
+++ b/packaging/msg-server.socket
@@ -1,4 +1,6 @@
 [Socket]
+SocketUser=messaging
+SocketGroup=messaging
 ListenStream=/tmp/.msgfw_socket
 Service=msg-server.service
 
diff --git a/packaging/msg-service.spec b/packaging/msg-service.spec
index bb9f740..707a182 100755
--- a/packaging/msg-service.spec
+++ b/packaging/msg-service.spec
@@ -17,8 +17,9 @@ Requires(post): /sbin/ldconfig
 Requires(postun): /sbin/ldconfig
 Requires(post): systemd
 Requires(postun): systemd
+Requires: acl
+Requires: security-config
 BuildRequires: cmake
-BuildRequires: libacl-devel
 BuildRequires: pkgconfig(alarm-service)
 BuildRequires: pkgconfig(aul)
 BuildRequires: pkgconfig(boost)
@@ -191,26 +192,37 @@ rm %{buildroot}/usr/share/msg-service/msg-service-db.sql
 chmod 640 %{TZ_SYS_DB}/.msg_service.db
 chmod 660 %{TZ_SYS_DB}/.msg_service.db-journal
 
-mkdir -p -m 775 %{TZ_SYS_DATA}/msg-service
-mkdir -p -m 770 %{TZ_SYS_DATA}/msg-service/msgdata
-mkdir -p -m 770 %{TZ_SYS_DATA}/msg-service/smildata
+mkdir -p -m 770 %{TZ_SYS_DATA}/msg-service
+mkdir -p -m 750 %{TZ_SYS_DATA}/msg-service/msgdata
+mkdir -p -m 750 %{TZ_SYS_DATA}/msg-service/smildata
 mkdir -p -m 770 %{TZ_SYS_DATA}/msg-service/ipcdata
-mkdir -p -m 770 %{TZ_SYS_DATA}/msg-service/msgdata/thumbnails
+mkdir -p -m 750 %{TZ_SYS_DATA}/msg-service/msgdata/thumbnails
 
+chown messaging:priv_message_read %{TZ_SYS_DB}/.msg_service.db
+chown messaging:priv_message_read %{TZ_SYS_DB}/.msg_service.db-journal
+chown messaging:priv_message_read %{TZ_SYS_DATA}/msg-service
+chown messaging:priv_message_read %{TZ_SYS_DATA}/msg-service/msgdata
+chown messaging:priv_message_read %{TZ_SYS_DATA}/msg-service/smildata
+chown messaging:priv_message_read %{TZ_SYS_DATA}/msg-service/ipcdata
+chown messaging:priv_message_read %{TZ_SYS_DATA}/msg-service/msgdata/thumbnails
 
-chgrp priv_message_read %{TZ_SYS_DB}/.msg_service.db
-chgrp priv_message_read %{TZ_SYS_DATA}/msg-service/msgdata
-chgrp priv_message_read %{TZ_SYS_DATA}/msg-service/smildata
-chgrp priv_message_write %{TZ_SYS_DATA}/msg-service/ipcdata
-chgrp priv_message_read %{TZ_SYS_DATA}/msg-service/msgdata/thumbnails
-
+chmod g+s %{TZ_SYS_DATA}/msg-service/msgdata
+chmod g+s %{TZ_SYS_DATA}/msg-service/smildata
+chmod g+s %{TZ_SYS_DATA}/msg-service/ipcdata
+chmod g+s %{TZ_SYS_DATA}/msg-service/msgdata/thumbnails
 
 chsmack -a "*" %{TZ_SYS_DB}/.msg_service.db
+chsmack -a "*" %{TZ_SYS_DB}/.msg_service.db-journal
+chsmack -a "System::Shared" %{TZ_SYS_DATA}/msg-service/
 chsmack -a "System::Shared" %{TZ_SYS_DATA}/msg-service/msgdata -t
 chsmack -a "System::Shared" %{TZ_SYS_DATA}/msg-service/smildata -t
 chsmack -a "System::Run" %{TZ_SYS_DATA}/msg-service/ipcdata -t
 chsmack -a "System::Shared" %{TZ_SYS_DATA}/msg-service/msgdata/thumbnails -t
 
+#Multi group to ipcdata directory
+chmod o= %{TZ_SYS_DATA}/msg-service/ipcdata
+setfacl -m group:priv_message_write:rw %{TZ_SYS_DATA}/msg-service/ipcdata
+
 %post -n sms-plugin -p /sbin/ldconfig
 %post -n mms-plugin -p /sbin/ldconfig
 
diff --git a/utils/CMakeLists.txt b/utils/CMakeLists.txt
index cb248ee..4302373 100755
--- a/utils/CMakeLists.txt
+++ b/utils/CMakeLists.txt
@@ -61,7 +61,7 @@ SET(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} ${EXTRA_CFLAGS}")
 SET(CMAKE_EXE_LINKER_FLAGS "-Wl,--as-needed")
 
 ADD_LIBRARY(${UTILS-LIB} SHARED ${UTILS-SRCS})
-TARGET_LINK_LIBRARIES(${UTILS-LIB} ${utils_pkgs_LDFLAGS} rt ${VOBJECT-LIB} acl)
+TARGET_LINK_LIBRARIES(${UTILS-LIB} ${utils_pkgs_LDFLAGS} rt ${VOBJECT-LIB})
 
 INSTALL(TARGETS ${UTILS-LIB} DESTINATION ${LIBDIR} COMPONENT RuntimeLibraries)
 
diff --git a/utils/MsgIpcSocket.cpp b/utils/MsgIpcSocket.cpp
index bd8b18d..c7ac95e 100755
--- a/utils/MsgIpcSocket.cpp
+++ b/utils/MsgIpcSocket.cpp
@@ -61,6 +61,7 @@ msg_error_t MsgIpcClientSocket::connect(const char* path)
 	int len = strlen(serverSA.sun_path) + sizeof(serverSA.sun_family);
 
 	if (::connect(sockfd, (struct sockaddr *)&serverSA, len) == CUSTOM_SOCKET_ERROR) {
+		MSG_DEBUG("errno=[%d]", errno);
 		if(errno == EACCES)
 			THROW(MsgException::SECURITY_ERROR, "cannot connect server %s", g_strerror(errno));
 		else
diff --git a/utils/MsgUtilFile.cpp b/utils/MsgUtilFile.cpp
index 71fc128..5aa59dd 100755
--- a/utils/MsgUtilFile.cpp
+++ b/utils/MsgUtilFile.cpp
@@ -26,7 +26,6 @@
 #include <unistd.h>
 #include <fcntl.h>
 #include <libgen.h>
-#include <acl/libacl.h>
 
 #include <thumbnail_util.h>
 #include <image_util.h>
@@ -1113,7 +1112,6 @@ bool MsgChown(const char *filepath, int uid, int gid)
 	}
 
 	close(fd);
-
 	return true;
 }
 
@@ -1296,48 +1294,3 @@ int MsgTcsScanFile(const char *filepath, int *bLevel)
 
 	return 0;
 }
-
-
-bool MsgAclInit()
-{
-	/* ACL */
-	/* In msg-service.spec file use libacl-devel. Because acl get not process open API */
-	/* So have to set TARGET_LINK_LIBRARIES(acl) in makefile */
-	/* After GPL-3.0, not supply shell commend (setfacl, getfacl) by license issue, use the API */
-	MSG_BEGIN();
-
-	const char *priv_read =
-			"user::rwx\n"
-			"group::rwx\n"
-			"group:priv_message_read:rwx\n"
-			"mask::rwx\n"
-			"other::---";
-	acl_t acl = NULL;
-	int ret = 0;
-
-	acl = acl_from_text(priv_read);
-	if (!acl) {
-		MSG_ERR("%s: `%s': %s\n", MSG_IPC_DATA_PATH, priv_read, g_strerror(errno));
-		return false;
-	}
-
-	ret = acl_check(acl, NULL);
-	if (ret != 0) {
-		acl_free(acl);
-		if (ret == ACL_DUPLICATE_ERROR) {
-			MSG_DEBUG("Already Set ACL");
-			return true;
-		}
-		MSG_ERR("acl_check Fail : [%d],[%s]", ret, acl_error(ret));
-		return false;
-	}
-
-	ret = acl_set_file((const char *)MSG_IPC_DATA_PATH, ACL_TYPE_ACCESS, acl);
-	if (ret != 0) {
-		MSG_ERR("acl_set_file Fail : [%d][%s]", ret, g_strerror(errno));
-	}
-	acl_free(acl);
-
-	MSG_END();
-	return true;
-}
-- 
2.7.4