From 8bfa7e9593d231ec82fdac5b313a7d6c335b5595 Mon Sep 17 00:00:00 2001 From: jaekuk lee Date: Sun, 12 Jun 2016 21:10:23 -0700 Subject: [PATCH] Revert "change the download-provider permission from root to web_fw" This reverts commit d1d80aa5c12ff72d08075bf43d08a2310902fdfc. Change-Id: If18cde3cb9796457f350f9bfe5b27e325a321efe --- packaging/download-provider.spec | 7 +------ provider/download-provider-plugin-download-agent.c | 24 +++++++++++++++++++++- systemd/download-provider.service | 3 --- 3 files changed, 24 insertions(+), 10 deletions(-) mode change 100755 => 100644 systemd/download-provider.service diff --git a/packaging/download-provider.spec b/packaging/download-provider.spec index fbb47c3..ccf9113 100755 --- a/packaging/download-provider.spec +++ b/packaging/download-provider.spec @@ -1,7 +1,7 @@ %define _ux_define tizen2.3 Name: download-provider Summary: Download the contents in background -Version: 2.1.56 +Version: 2.1.55 Release: 0 Group: Development/Libraries License: Apache-2.0 @@ -9,7 +9,6 @@ Source0: %{name}-%{version}.tar.gz Requires(post): libdevice-node Requires(post): sqlite Requires(post): connman -Requires: security-config BuildRequires: cmake BuildRequires: pkgconfig(dlog) BuildRequires: pkgconfig(gobject-2.0) @@ -196,16 +195,12 @@ ln -s ../download-provider.socket %{buildroot}/lib/systemd/system/sockets.target #make notify dir in post section for smack mkdir %{TZ_SYS_DATA}/download-provider mkdir -p %{_notifydir} -chown -R web_fw:web_fw %{_notifydir} chsmack -a 'System::Shared' %{_notifydir} chsmack -t %{_notifydir} mkdir -p --mode=0700 %{_databasedir} -chown -R web_fw:web_fw %{_databasedir} #chsmack -a 'download-provider' %{_databasedir} mkdir -p --mode=0700 %{_database_client_dir} #chsmack -a 'download-provider' %{_database_client_dir} -chown -R web_fw:web_fw %{_database_client_dir} -chown -R web_fw:web_fw %{_data_install_path} %files %defattr(-,root,root,-) diff --git a/provider/download-provider-plugin-download-agent.c b/provider/download-provider-plugin-download-agent.c index f65f86b..abba454 100755 --- a/provider/download-provider-plugin-download-agent.c +++ b/provider/download-provider-plugin-download-agent.c @@ -216,7 +216,9 @@ static int __set_file_permission_to_client(dp_client_slots_fmt *slot, dp_request if (lstat_info.st_mode == fstat_info.st_mode && lstat_info.st_ino == fstat_info.st_ino && lstat_info.st_dev == fstat_info.st_dev) { - if (fchown(fd, cred.uid, cred.gid) != 0) { + if ((fchown(fd, cred.uid, cred.gid) != 0) || + (fchmod(fd, S_IRUSR | S_IWUSR | + S_IRGRP | S_IROTH) != 0)) { TRACE_ERROR("[ERROR][%d] permission user:%d group:%d", request->id, cred.uid, cred.gid); errorcode = DP_ERROR_PERMISSION_DENIED; @@ -238,6 +240,26 @@ static int __set_file_permission_to_client(dp_client_slots_fmt *slot, dp_request TRACE_ERROR("lstat call failed"); errorcode = DP_ERROR_PERMISSION_DENIED; } + if (errorcode == DP_ERROR_NONE && dp_smack_is_mounted() == 1) { + // get smack_label from sql + char *smack_label = dp_db_get_client_smack_label(slot->pkgname); + if (smack_label == NULL) { + TRACE_SECURE_ERROR("[SMACK][%d] no label", request->id); + errorcode = DP_ERROR_PERMISSION_DENIED; + } else { + size_t len = str - (saved_path); + char *dir_path = (char *)calloc(len + 1, sizeof(char)); + if (dir_path != NULL) { + strncpy(dir_path, saved_path, len); + errorcode = dp_smack_set_label(smack_label, dir_path, saved_path); + free(dir_path); + } else { + TRACE_ERROR("[ERROR] calloc"); + errorcode = DP_ERROR_OUT_OF_MEMORY; + } + free(smack_label); + } + } return errorcode; } diff --git a/systemd/download-provider.service b/systemd/download-provider.service old mode 100755 new mode 100644 index 732d017..4286283 --- a/systemd/download-provider.service +++ b/systemd/download-provider.service @@ -3,9 +3,6 @@ Description=Download provider service After=check-mount.service [Service] -User=web_fw -Group=web_fw -SupplementaryGroups=priv_mediastorage Type=simple ExecStart=/usr/bin/download-provider MemoryLimit=100M -- 2.7.4