From fccfb02d128c9504e0ba1182416e7e86c8a5a310 Mon Sep 17 00:00:00 2001 From: Chanwoo Choi Date: Thu, 1 Sep 2022 15:36:41 +0900 Subject: [PATCH] lib: resource-monitor: Check systemmonitor privilege In order to prevent the unauthorized client, check the systemmonitor privilege[1] . [1] http://tizen.org/privilege/systemmonitor For example of rejection when don't have systemmonitor privilege - Connect sdb without root and then executes resource-monitor/resource-monitor-tests. In result, cannot use the resource monitor. I checked it the log as following: E/PASS ( 1395): privilege.c: is_privilege_supported(69) > 'http://tizen.org/privilege/systemmonitor' privilege is not supported on resource-monitor E/PASS ( 1395): privilege.c: is_privilege_supported(69) > 'http://tizen.org/privilege/systemmonitor' privilege is not supported on resource-monitor (snip) E/PASS ( 1429): privilege.c: is_privilege_supported(69) > 'http://tizen.org/privilege/systemmonitor' privilege is not supported on resource-monitor-tests E/PASS ( 1429): privilege.c: is_privilege_supported(69) > 'http://tizen.org/privilege/systemmonitor' privilege is not supported on resource-monitor-tests Change-Id: I77531ca1717b3592f0803cc585e0f205c46edcee Signed-off-by: Chanwoo Choi --- lib/CMakeLists.txt | 7 ++++++- lib/resource-monitor/resource-monitor.c | 18 ++++++++++++++++++ tests/integration-test/CMakeLists.txt | 3 +++ tools/resource-monitor/CMakeLists.txt | 3 +++ 4 files changed, 30 insertions(+), 1 deletion(-) diff --git a/lib/CMakeLists.txt b/lib/CMakeLists.txt index 78a3b9c..fd2f3d1 100644 --- a/lib/CMakeLists.txt +++ b/lib/CMakeLists.txt @@ -17,6 +17,8 @@ SET(PKG_MODULES dlog gio-2.0 glib-2.0 + cynara-client + cynara-session ) INCLUDE(FindPkgConfig) @@ -31,7 +33,10 @@ SET(EXTRA_CFLAGS "${EXTRA_CFLAGS} -g -fno-omit-frame-pointer -finstrument-functi SET(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} ${EXTRA_CFLAGS} -lrt") SET(CMAKE_EXE_LINKER_FLAGS "-pie") -SET(SRCS ./resource-monitor/resource-monitor.c) +SET(SRCS + ${CMAKE_SOURCE_DIR}/src/util/privilege.c + ${CMAKE_SOURCE_DIR}/lib/resource-monitor/resource-monitor.c +) ADD_LIBRARY( ${PROJECT_NAME} SHARED ${SRCS}) TARGET_LINK_LIBRARIES( ${PROJECT_NAME} ${pkgs_LDFLAGS} -ldl -Wl,-z,nodelete,--no-undefined) diff --git a/lib/resource-monitor/resource-monitor.c b/lib/resource-monitor/resource-monitor.c index 062bfad..e7b567e 100644 --- a/lib/resource-monitor/resource-monitor.c +++ b/lib/resource-monitor/resource-monitor.c @@ -23,6 +23,7 @@ #include #include #include +#include #include #include @@ -38,6 +39,8 @@ #include "resource-monitor.h" +#define PRIVILEGE_SYSTEMMONITOR "http://tizen.org/privilege/systemmonitor" + #define REQUEST_SERVER_IP "127.0.0.1" #define REQUEST_SERVER_PORT 10001 @@ -125,6 +128,9 @@ static inline int handle_request(struct request_data *data) if (!data) return TIZEN_ERROR_INVALID_PARAMETER; + if (!is_privilege_supported(PRIVILEGE_SYSTEMMONITOR)) + return TIZEN_ERROR_PERMISSION_DENIED; + /* Make buffer with struct request_data according to request */ switch (data->request) { case REQUEST_UPDATE_RESOURCE_ALL: @@ -290,6 +296,9 @@ int pass_resource_monitor_init(void) struct sockaddr_in server_addr; int ret = TIZEN_ERROR_NO_DATA; + if (!is_privilege_supported(PRIVILEGE_SYSTEMMONITOR)) + return TIZEN_ERROR_PERMISSION_DENIED; + client = malloc(sizeof(struct pass_resource_monitor_client)); if (!client) { _E("[libpass] failed to allocate memory"); @@ -334,6 +343,9 @@ int pass_resource_monitor_exit(int id) { struct pass_resource_monitor_client *client; + if (!is_privilege_supported(PRIVILEGE_SYSTEMMONITOR)) + return TIZEN_ERROR_PERMISSION_DENIED; + client = find_client_by_id(id); if (!client) { _E("[libpass] cannot find client-%d", id); @@ -506,6 +518,9 @@ static int pass_resource_monitor_get_json(int id, char *json_string, int request char *buffer; va_list args; + if (!is_privilege_supported(PRIVILEGE_SYSTEMMONITOR)) + return TIZEN_ERROR_PERMISSION_DENIED; + buffer = malloc(HUGE_BUFF_MAX + 1); if (!buffer) return TIZEN_ERROR_OUT_OF_MEMORY; @@ -705,6 +720,9 @@ pass_resource_monitor_get_array(int id, int res_id, u_int64_t attr_id, int data_ int response_req; int ret, i; + if (!is_privilege_supported(PRIVILEGE_SYSTEMMONITOR)) + return TIZEN_ERROR_PERMISSION_DENIED; + buffer = malloc(HUGE_BUFF_MAX + 1); if (!buffer) return TIZEN_ERROR_OUT_OF_MEMORY; diff --git a/tests/integration-test/CMakeLists.txt b/tests/integration-test/CMakeLists.txt index 69ec8ff..24600cd 100644 --- a/tests/integration-test/CMakeLists.txt +++ b/tests/integration-test/CMakeLists.txt @@ -3,6 +3,7 @@ PROJECT(pass C CXX) SET(SRCS ${CMAKE_SOURCE_DIR}/src/pass/pass-hal.c ${CMAKE_SOURCE_DIR}/src/pass/pass-parser.c ${CMAKE_SOURCE_DIR}/src/util/common.c + ${CMAKE_SOURCE_DIR}/src/util/privilege.c ${CMAKE_SOURCE_DIR}/lib/resource-monitor/resource-monitor.c ) @@ -20,6 +21,8 @@ pkg_check_modules(gtest_pkgs REQUIRED dlog json-c hal-api-power + cynara-client + cynara-session ) FOREACH(flag ${gtest_pkgs_CFLAGS}) diff --git a/tools/resource-monitor/CMakeLists.txt b/tools/resource-monitor/CMakeLists.txt index 3e28063..8746e13 100644 --- a/tools/resource-monitor/CMakeLists.txt +++ b/tools/resource-monitor/CMakeLists.txt @@ -2,6 +2,7 @@ PROJECT(pass C CXX) SET(SRCS ${CMAKE_SOURCE_DIR}/src/util/common.c + ${CMAKE_SOURCE_DIR}/src/util/privilege.c ${CMAKE_SOURCE_DIR}/lib/resource-monitor/resource-monitor.c ) @@ -17,6 +18,8 @@ pkg_check_modules(gtest_pkgs REQUIRED gio-2.0 dlog json-c + cynara-client + cynara-session ) FOREACH(flag ${gtest_pkgs_CFLAGS}) -- 2.7.4