From e7d04cef30dd590c945ede87c156cd089951fec6 Mon Sep 17 00:00:00 2001
From: "sungwook79.park" <sungwook79.park@samsung.com>
Date: Thu, 9 Jan 2025 14:36:30 +0900
Subject: [PATCH] Adopt cynara api to check privilege

Change-Id: I05bb0e3b1396b364232b991bc2b3c2fa6cdd86d3
Signed-off-by: sungwook79.park <sungwook79.park@samsung.com>
---
 CMakeLists.txt                 |  2 +-
 client/ma.c                    | 33 +++++++++++++++++----------------
 client/ma_ap.c                 | 33 +++++++++++++++++----------------
 client/ma_ui.c                 | 33 +++++++++++++++++----------------
 packaging/multi-assistant.spec |  1 +
 tests/CMakeLists.txt           |  1 +
 6 files changed, 54 insertions(+), 49 deletions(-)

diff --git a/CMakeLists.txt b/CMakeLists.txt
index 1c2757b..4b76a7a 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -43,7 +43,7 @@ INCLUDE_DIRECTORIES("${CMAKE_SOURCE_DIR}/include")
 ## Dependent packages ##
 INCLUDE(FindPkgConfig)
 pkg_check_modules(pkgs REQUIRED
-    capi-base-common capi-system-info cynara-client cynara-session dbus-1 dlog ecore bundle capi-message-port glib-2.0 json-glib-1.0 libtzplatform-config libxml-2.0 vconf
+    capi-base-common capi-system-info cynara-client cynara-session cynara-creds-self dbus-1 dlog ecore bundle capi-message-port glib-2.0 json-glib-1.0 libtzplatform-config libxml-2.0 vconf
 )
 
 SET(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DUSE_TRUSTED_MESSAGE_PORT=${USE_TRUSTED_MESSAGE_PORT}")
diff --git a/client/ma.c b/client/ma.c
index 67d0916..a01baa3 100644
--- a/client/ma.c
+++ b/client/ma.c
@@ -18,6 +18,7 @@
 #include <cynara-client.h>
 #include <cynara-error.h>
 #include <cynara-session.h>
+#include <cynara-creds-self.h>
 #include <system_info.h>
 #include <vconf/vconf.h>
 #include <stdlib.h>
@@ -123,31 +124,31 @@ static int __check_privilege_initialize()
 
 static int __check_privilege(const char* uid, const char * privilege)
 {
-	FILE *fp = NULL;
-	char label_path[1024] = "/proc/self/attr/current";
-	char smack_label[1024] = {'\0',};
+	char *client_identification = NULL;
+	char *session = NULL;
+	int ret;
 
 	if (!p_cynara) {
 		return false;
 	}
 
-	fp = fopen(label_path, "r");
-	if (fp != NULL) {
-		if (0 >= fread(smack_label, 1, sizeof(smack_label), fp))
-			MA_SLOGE("[ERROR] fail to fread"); //LCOV_EXCL_LINE
-
-		fclose(fp);
+	if (cynara_creds_self_get_client(CLIENT_METHOD_DEFAULT, &client_identification) != CYNARA_API_SUCCESS) {
+		MA_SLOGE("Failed to get client.");
+		return false;
 	}
 
-	pid_t pid = getpid();
-	char *session = cynara_session_from_pid(pid);
-	int ret = cynara_check(p_cynara, smack_label, session, uid, privilege);
-	MA_SLOGD("[Client]cynara_check returned %d(%s)", ret, (CYNARA_API_ACCESS_ALLOWED == ret) ? "Allowed" : "Denied"); //LCOV_EXCL_LINE
-	if (session)
-		free(session);
+	session = cynara_session_from_pid(getpid());
+	ret = cynara_check(p_cynara, client_identification, session, uid, privilege);
 
-	if (ret != CYNARA_API_ACCESS_ALLOWED)
+	free(session);
+	session = NULL;
+	free(client_identification);
+	client_identification = NULL;
+
+	if (ret != CYNARA_API_ACCESS_ALLOWED) {
+		MA_SLOGE("[Client]cynara_check returned %d(Denied)", ret);
 		return false;
+	}
 	return true;
 }
 
diff --git a/client/ma_ap.c b/client/ma_ap.c
index de295e6..a8ce8d2 100644
--- a/client/ma_ap.c
+++ b/client/ma_ap.c
@@ -18,6 +18,7 @@
 #include <cynara-client.h>
 #include <cynara-error.h>
 #include <cynara-session.h>
+#include <cynara-creds-self.h>
 #include <system_info.h>
 #include <vconf/vconf.h>
 #include <stdlib.h>
@@ -85,31 +86,31 @@ static int __check_privilege_initialize()
 
 static int __check_privilege(const char* uid, const char * privilege)
 {
-	FILE *fp = NULL;
-	char label_path[1024] = "/proc/self/attr/current";
-	char smack_label[1024] = {'\0',};
+	char *client_identification = NULL;
+	char *session = NULL;
+	int ret;
 
 	if (!p_cynara) {
 		return false;
 	}
 
-	fp = fopen(label_path, "r");
-	if (fp != NULL) {
-		if (0 >= fread(smack_label, 1, sizeof(smack_label), fp))
-			MAAP_SLOGE("[ERROR] fail to fread"); //LCOV_EXCL_LINE
-
-		fclose(fp);
+	if (cynara_creds_self_get_client(CLIENT_METHOD_DEFAULT, &client_identification) != CYNARA_API_SUCCESS) {
+		MAAP_SLOGE("Failed to get client.");
+		return false;
 	}
 
-	pid_t pid = getpid();
-	char *session = cynara_session_from_pid(pid);
-	int ret = cynara_check(p_cynara, smack_label, session, uid, privilege);
-	MAAP_SLOGD("[Client]cynara_check returned %d(%s)", ret, (CYNARA_API_ACCESS_ALLOWED == ret) ? "Allowed" : "Denied");
-	if (session)
-		free(session);
+	session = cynara_session_from_pid(getpid());
+	ret = cynara_check(p_cynara, client_identification, session, uid, privilege);
 
-	if (ret != CYNARA_API_ACCESS_ALLOWED)
+	free(session);
+	session = NULL;
+	free(client_identification);
+	client_identification = NULL;
+
+	if (ret != CYNARA_API_ACCESS_ALLOWED) {
+		MAAP_SLOGE("[Client]cynara_check returned %d(Denied)", ret);
 		return false;
+	}
 	return true;
 }
 
diff --git a/client/ma_ui.c b/client/ma_ui.c
index 6257551..bea0e02 100644
--- a/client/ma_ui.c
+++ b/client/ma_ui.c
@@ -19,6 +19,7 @@
 #include <cynara-client.h>
 #include <cynara-error.h>
 #include <cynara-session.h>
+#include <cynara-creds-self.h>
 #include <system_info.h>
 
 
@@ -89,31 +90,31 @@ static int __check_privilege_initialize()
 
 static int __check_privilege(const char* uid, const char * privilege)
 {
-	FILE *fp = NULL;
-	char label_path[1024] = "/proc/self/attr/current";
-	char smack_label[1024] = {'\0',};
+	char *client_identification = NULL;
+	char *session = NULL;
+	int ret;
 
 	if (!p_cynara) {
 		return false;
 	}
 
-	fp = fopen(label_path, "r");
-	if (fp != NULL) {
-		if (0 >= fread(smack_label, 1, sizeof(smack_label), fp))
-			MAUI_SLOGE("[ERROR] fail to fread"); //LCOV_EXCL_LINE
-
-		fclose(fp);
+	if (cynara_creds_self_get_client(CLIENT_METHOD_DEFAULT, &client_identification) != CYNARA_API_SUCCESS) {
+		MAUI_SLOGE("Failed to get client.");
+		return false;
 	}
 
-	pid_t pid = getpid();
-	char *session = cynara_session_from_pid(pid);
-	int ret = cynara_check(p_cynara, smack_label, session, uid, privilege);
-	MAUI_SLOGD("[Client]cynara_check returned %d(%s)", ret, (CYNARA_API_ACCESS_ALLOWED == ret) ? "Allowed" : "Denied");
-	if (session)
-		free(session);
+	session = cynara_session_from_pid(getpid());
+	ret = cynara_check(p_cynara, client_identification, session, uid, privilege);
 
-	if (ret != CYNARA_API_ACCESS_ALLOWED)
+	free(session);
+	session = NULL;
+	free(client_identification);
+	client_identification = NULL;
+
+	if (ret != CYNARA_API_ACCESS_ALLOWED) {
+		MAUI_SLOGE("[Client]cynara_check returned %d(Denied)", ret);
 		return false;
+	}
 	return true;
 }
 
diff --git a/packaging/multi-assistant.spec b/packaging/multi-assistant.spec
index 5a4138b..0925707 100644
--- a/packaging/multi-assistant.spec
+++ b/packaging/multi-assistant.spec
@@ -14,6 +14,7 @@ BuildRequires:  pkgconfig(capi-base-common)
 BuildRequires:  pkgconfig(capi-system-info)
 BuildRequires:  pkgconfig(cynara-client)
 BuildRequires:  pkgconfig(cynara-session)
+BuildRequires:  pkgconfig(cynara-creds-self)
 BuildRequires:  pkgconfig(dbus-1)
 BuildRequires:  pkgconfig(dlog)
 BuildRequires:  pkgconfig(ecore)
diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt
index f2d0a4e..5570f28 100644
--- a/tests/CMakeLists.txt
+++ b/tests/CMakeLists.txt
@@ -21,6 +21,7 @@ pkg_check_modules(pkgs REQUIRED
 	libxml-2.0
 	vconf
 	gmock
+	cynara-creds-self
 )
 
 FOREACH(flag ${pkgs_CFLAGS})
-- 
2.34.1