From e8fdcd2c341c8329850f2f2a75e37d2ad96e5107 Mon Sep 17 00:00:00 2001
From: Hwankyu Jhun <h.jhun@samsung.com>
Date: Thu, 20 Aug 2020 09:53:06 +0900
Subject: [PATCH] Add privilege level check for plugin parser

App-defined loader feature is only for platform developers.

Change-Id: Icbb87b3835bf3e4b866aeb9f8e66896256bc9e71
Signed-off-by: Hwankyu Jhun <h.jhun@samsung.com>
---
 packaging/launchpad.spec              |  1 +
 src/parser/CMakeLists.txt             |  1 +
 src/parser/launchpad_parser_plugin.cc | 15 ++++++++++++---
 3 files changed, 14 insertions(+), 3 deletions(-)

diff --git a/packaging/launchpad.spec b/packaging/launchpad.spec
index 2994a02..83a9da1 100644
--- a/packaging/launchpad.spec
+++ b/packaging/launchpad.spec
@@ -31,6 +31,7 @@ BuildRequires:  pkgconfig(dbus-1)
 BuildRequires:  pkgconfig(iniparser)
 BuildRequires:  pkgconfig(libxml-2.0)
 BuildRequires:  pkgconfig(libsmack)
+BuildRequires:  pkgconfig(pkgmgr-installer)
 
 Requires(post): /sbin/ldconfig
 Requires(post): /usr/bin/systemctl
diff --git a/src/parser/CMakeLists.txt b/src/parser/CMakeLists.txt
index f98579f..29374bd 100644
--- a/src/parser/CMakeLists.txt
+++ b/src/parser/CMakeLists.txt
@@ -5,6 +5,7 @@ INCLUDE(FindPkgConfig)
 pkg_check_modules(PKGS REQUIRED
 	dlog
 	libxml-2.0
+	pkgmgr-installer
 )
 
 FOREACH(FLAGS ${PKGS_CFLAGS})
diff --git a/src/parser/launchpad_parser_plugin.cc b/src/parser/launchpad_parser_plugin.cc
index 9abaeb2..b7734c0 100644
--- a/src/parser/launchpad_parser_plugin.cc
+++ b/src/parser/launchpad_parser_plugin.cc
@@ -14,12 +14,14 @@
  * limitations under the License.
  */
 
-#include <fstream>
-#include <string>
-
+#include <sys/types.h>
+#include <pkgmgr_installer_info.h>
 #include <sys/stat.h>
 #include <unistd.h>
 
+#include <fstream>
+#include <string>
+
 #include "launchpad_parser_plugin.hh"
 #include "log_private.hh"
 
@@ -85,6 +87,13 @@ bool LaunchpadParser::IsValidId(string loader_id, string pkgid) {
 }
 
 int LaunchpadParser::Install(xmlDocPtr doc, string pkgid) {
+  pkgmgr_privilege_level level;
+  pkgmgr_installer_info_get_privilege_level(&level);
+  if (level != PM_PRIVILEGE_PLATFORM) {
+    LOGE("Privilege level(%d) is not platform", static_cast<int>(level));
+    return -1;
+  }
+
   xmlNode* root = xmlDocGetRootElement(doc);
   for (xmlNode* node = root->children; node; node = node->next) {
     if (!node->name)
-- 
2.7.4