From 86a0d9b245830d3a4fec3557b45e1f726bbca706 Mon Sep 17 00:00:00 2001
From: sooyeon <sooyeon.kim@samsung.com>
Date: Thu, 30 Jun 2022 18:33:26 +0900
Subject: [PATCH] Add privilege checker for TIDL privileges

Change-Id: Iaf23e79bf61094688579297613f7e1ec3753d618
Signed-off-by: sooyeon <sooyeon.kim@samsung.com>
---
 client/vc.c         | 31 ++++++++++++++++++++++++++++---
 client/vc_mgr.c     | 23 ++++++++++++++++++++---
 common/vc_command.c | 32 +++++++++++++++++++++++++++++---
 common/vc_defs.h    |  6 ++++--
 server/vce.c        | 34 +++++++++++++++++++++++++++++++---
 5 files changed, 112 insertions(+), 14 deletions(-)

diff --git a/client/vc.c b/client/vc.c
index 4fed631..fecde6a 100644
--- a/client/vc.c
+++ b/client/vc.c
@@ -167,15 +167,40 @@ static int __vc_check_privilege()
 		char uid[32];
 		snprintf(uid, 32, "%d", getuid());
 		ret = true;
-		ret = __check_privilege(uid, VC_PRIVILEGE);
-		__check_privilege_deinitialize();
+		ret = __check_privilege(uid, VC_PRIVILEGE_RECORDER);
 		if (false == ret) {
 			//LCOV_EXCL_START
-			SLOG(LOG_ERROR, TAG_VCC, "[ERROR] Permission is denied");
+			SLOG(LOG_ERROR, TAG_VCC, "[ERROR] Permission is denied(%s)(%s)", VC_PRIVILEGE_RECORDER, uid);
+			__check_privilege_deinitialize();
+			g_privilege_allowed = false;
 			pthread_mutex_unlock(&g_cynara_mutex);
 			return VC_ERROR_PERMISSION_DENIED;
 			//LCOV_EXCL_STOP
 		}
+
+		ret = __check_privilege(uid, VC_PRIVILEGE_DATASHARING);
+		if (false == ret) {
+			//LCOV_EXCL_START
+			SLOG(LOG_ERROR, TAG_VCC, "[ERROR] Permission is denied(%s)(%s)", VC_PRIVILEGE_DATASHARING, uid);
+			__check_privilege_deinitialize();
+			g_privilege_allowed = false;
+			pthread_mutex_unlock(&g_cynara_mutex);
+			return VC_ERROR_PERMISSION_DENIED;
+			//LCOV_EXCL_STOP
+		}
+
+		ret = __check_privilege(uid, VC_PRIVILEGE_APPMGR);
+		if (false == ret) {
+			//LCOV_EXCL_START
+			SLOG(LOG_ERROR, TAG_VCC, "[ERROR] Permission is denied(%s)(%s)", VC_PRIVILEGE_APPMGR, uid);
+			__check_privilege_deinitialize();
+			g_privilege_allowed = false;
+			pthread_mutex_unlock(&g_cynara_mutex);
+			return VC_ERROR_PERMISSION_DENIED;
+			//LCOV_EXCL_STOP
+		}
+
+		__check_privilege_deinitialize();
 	}
 
 	g_privilege_allowed = true;
diff --git a/client/vc_mgr.c b/client/vc_mgr.c
index 5019344..4fe673d 100644
--- a/client/vc_mgr.c
+++ b/client/vc_mgr.c
@@ -229,16 +229,15 @@ static int __vc_mgr_check_privilege()
 		char uid[32];
 		snprintf(uid, 32, "%d", getuid());
 		ret = true;
-		ret = __check_privilege(uid, VC_PRIVILEGE);
+		ret = __check_privilege(uid, VC_PRIVILEGE_RECORDER);
 		if (false == ret) {
-			SLOG(LOG_ERROR, TAG_VCM, "[ERROR] Permission is denied(%s)(%s)", VC_PRIVILEGE, uid);
+			SLOG(LOG_ERROR, TAG_VCM, "[ERROR] Permission is denied(%s)(%s)", VC_PRIVILEGE_RECORDER, uid);
 			__check_privilege_deinitialize();
 			g_privilege_allowed = false;
 			pthread_mutex_unlock(&g_cynara_mutex);
 			return VC_ERROR_PERMISSION_DENIED;
 		}
 
-		ret = true;
 		ret = __check_privilege(uid, VC_MGR_PRIVILEGE);
 		if (false == ret) {
 			SLOG(LOG_ERROR, TAG_VCM, "[ERROR] Permission is denied(%s)(%s)", VC_MGR_PRIVILEGE, uid);
@@ -248,6 +247,24 @@ static int __vc_mgr_check_privilege()
 			return VC_ERROR_PERMISSION_DENIED;
 		}
 
+		ret = __check_privilege(uid, VC_PRIVILEGE_DATASHARING);
+		if (false == ret) {
+			SLOG(LOG_ERROR, TAG_VCM, "[ERROR] Permission is denied(%s)(%s)", VC_PRIVILEGE_DATASHARING, uid);
+			__check_privilege_deinitialize();
+			g_privilege_allowed = false;
+			pthread_mutex_unlock(&g_cynara_mutex);
+			return VC_ERROR_PERMISSION_DENIED;
+		}
+
+		ret = __check_privilege(uid, VC_PRIVILEGE_APPMGR);
+		if (false == ret) {
+			SLOG(LOG_ERROR, TAG_VCM, "[ERROR] Permission is denied(%s)(%s)", VC_PRIVILEGE_APPMGR, uid);
+			__check_privilege_deinitialize();
+			g_privilege_allowed = false;
+			pthread_mutex_unlock(&g_cynara_mutex);
+			return VC_ERROR_PERMISSION_DENIED;
+		}
+
 		__check_privilege_deinitialize();
 	}
 
diff --git a/common/vc_command.c b/common/vc_command.c
index 3f1b32b..34138f3 100644
--- a/common/vc_command.c
+++ b/common/vc_command.c
@@ -160,14 +160,40 @@ static int __vc_cmd_check_privilege()
 		char uid[32];
 		snprintf(uid, 32, "%d", getuid());
 		ret = true;
-		ret = __check_privilege(uid, VC_PRIVILEGE);
-		__check_privilege_deinitialize();
+		ret = __check_privilege(uid, VC_PRIVILEGE_RECORDER);
+		if (false == ret) {
+			//LCOV_EXCL_START
+			SLOG(LOG_ERROR, TAG_VCCMD, "[ERROR] Permission is denied(%s)(%s)", VC_PRIVILEGE_RECORDER, uid);
+			__check_privilege_deinitialize();
+			g_privilege_allowed = false;
+			pthread_mutex_unlock(&g_cynara_mutex);
+			return VC_ERROR_PERMISSION_DENIED;
+			//LCOV_EXCL_STOP
+		}
+
+		ret = __check_privilege(uid, VC_PRIVILEGE_DATASHARING);
 		if (false == ret) {
-			SLOG(LOG_ERROR, TAG_VCCMD, "[ERROR] Permission is denied");
+			//LCOV_EXCL_START
+			SLOG(LOG_ERROR, TAG_VCCMD, "[ERROR] Permission is denied(%s)(%s)", VC_PRIVILEGE_DATASHARING, uid);
+			__check_privilege_deinitialize();
 			g_privilege_allowed = false;
 			pthread_mutex_unlock(&g_cynara_mutex);
 			return VC_ERROR_PERMISSION_DENIED;
+			//LCOV_EXCL_STOP
 		}
+
+		ret = __check_privilege(uid, VC_PRIVILEGE_APPMGR);
+		if (false == ret) {
+			//LCOV_EXCL_START
+			SLOG(LOG_ERROR, TAG_VCCMD, "[ERROR] Permission is denied(%s)(%s)", VC_PRIVILEGE_APPMGR, uid);
+			__check_privilege_deinitialize();
+			g_privilege_allowed = false;
+			pthread_mutex_unlock(&g_cynara_mutex);
+			return VC_ERROR_PERMISSION_DENIED;
+			//LCOV_EXCL_STOP
+		}
+
+		__check_privilege_deinitialize();
 	}
 
 	g_privilege_allowed = true;
diff --git a/common/vc_defs.h b/common/vc_defs.h
index d217052..d9a07b5 100644
--- a/common/vc_defs.h
+++ b/common/vc_defs.h
@@ -276,8 +276,10 @@ extern "C" {
 #define VC_MGR_FEATURE_PATH		"tizen.org/feature/speech.control_manager"
 #define VC_MIC_FEATURE_PATH		"tizen.org/feature/microphone"
 
-#define VC_PRIVILEGE			"http://tizen.org/privilege/recorder"
-#define VC_MGR_PRIVILEGE		"http://tizen.org/privilege/voicecontrol.manager"
+#define VC_PRIVILEGE_RECORDER		"http://tizen.org/privilege/recorder"
+#define VC_MGR_PRIVILEGE			"http://tizen.org/privilege/voicecontrol.manager"
+#define VC_PRIVILEGE_DATASHARING	"http://tizen.org/privilege/datasharing"
+#define VC_PRIVILEGE_APPMGR			"http://tizen.org/privilege/appmanager.launch"
 
 /******************************************************************************************
 * Definitions for common enum
diff --git a/server/vce.c b/server/vce.c
index be70147..7ea2327 100644
--- a/server/vce.c
+++ b/server/vce.c
@@ -130,13 +130,41 @@ static int __vce_check_privilege()
 		char uid[32];
 		snprintf(uid, 32, "%d", getuid());
 		ret = true;
-		ret = __check_privilege(uid, VC_PRIVILEGE);
-		__check_privilege_deinitialize();
+		ret = __check_privilege(uid, VC_PRIVILEGE_RECORDER);
+		if (false == ret) {
+			//LCOV_EXCL_START
+			SLOG(LOG_ERROR, TAG_VCD, "[ERROR] Permission is denied(%s)(%s)", VC_PRIVILEGE_RECORDER, uid);
+			__check_privilege_deinitialize();
+			g_privilege_allowed = false;
+			pthread_mutex_unlock(&g_cynara_mutex);
+			return VCE_ERROR_PERMISSION_DENIED;
+			//LCOV_EXCL_STOP
+		}
+
+		ret = __check_privilege(uid, VC_PRIVILEGE_DATASHARING);
+		if (false == ret) {
+			//LCOV_EXCL_START
+			SLOG(LOG_ERROR, TAG_VCD, "[ERROR] Permission is denied(%s)(%s)", VC_PRIVILEGE_DATASHARING, uid);
+			__check_privilege_deinitialize();
+			g_privilege_allowed = false;
+			pthread_mutex_unlock(&g_cynara_mutex);
+			return VCE_ERROR_PERMISSION_DENIED;
+			//LCOV_EXCL_STOP
+		}
+
+		ret = __check_privilege(uid, VC_PRIVILEGE_APPMGR);
 		if (false == ret) {
-			SLOG(LOG_ERROR, TAG_VCD, "[ERROR] Permission is denied");
+			//LCOV_EXCL_START
+			SLOG(LOG_ERROR, TAG_VCD, "[ERROR] Permission is denied(%s)(%s)", VC_PRIVILEGE_APPMGR, uid);
+			__check_privilege_deinitialize();
+			g_privilege_allowed = false;
 			pthread_mutex_unlock(&g_cynara_mutex);
 			return VCE_ERROR_PERMISSION_DENIED;
+			//LCOV_EXCL_STOP
 		}
+
+		__check_privilege_deinitialize();
+
 	}
 
 	g_privilege_allowed = true;
-- 
2.34.1