From fac3dcb3501756666b3a987fc299243de123a1ab Mon Sep 17 00:00:00 2001 From: Chanwoo Choi Date: Thu, 1 Sep 2022 15:34:57 +0900 Subject: [PATCH] util: privilege: Add is_privilege_supported function is_privilege_supported checks privilege permission of self process. Change-Id: Ife85a74a494e12de1e1418036d8c84d389518c4b Signed-off-by: Chanwoo Choi --- include/util/privilege.h | 26 +++++++++++++++++ packaging/pass.spec | 2 ++ src/util/privilege.c | 75 ++++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 103 insertions(+) create mode 100644 include/util/privilege.h create mode 100644 src/util/privilege.c diff --git a/include/util/privilege.h b/include/util/privilege.h new file mode 100644 index 0000000..c1bd97f --- /dev/null +++ b/include/util/privilege.h @@ -0,0 +1,26 @@ +/* + * PASS + * + * Copyright (c) 2022 Samsung Electronics Co., Ltd. + * + * Licensed under the Apache License, Version 2.0 (the License); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef __PRIVILEGE_H__ +#define __PRIVILEGE_H__ + +#include + +bool is_privilege_supported(const char *privilege_name); + +#endif diff --git a/packaging/pass.spec b/packaging/pass.spec index bde3967..4444495 100644 --- a/packaging/pass.spec +++ b/packaging/pass.spec @@ -27,6 +27,8 @@ BuildRequires: pkgconfig(libnl-3.0) BuildRequires: pkgconfig(libsystemd) BuildRequires: pkgconfig(json-c) BuildRequires: pkgconfig(hal-api-power) +BuildRequires: pkgconfig(cynara-client) +BuildRequires: pkgconfig(cynara-session) %description PASS (Power-Aware System Service) diff --git a/src/util/privilege.c b/src/util/privilege.c new file mode 100644 index 0000000..d577223 --- /dev/null +++ b/src/util/privilege.c @@ -0,0 +1,75 @@ +/* + * PASS (Power Aware System Service) + * + * Copyright (c) 2022 Samsung Electronics Co., Ltd. + * + * Licensed under the Apache License, Version 2.0 (the License); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include +#include +#include +#include + +#include +#include + +#include +#include +#include + +extern char *program_invocation_name; + +bool is_privilege_supported(const char *privilege_name) +{ + cynara *cynara = NULL; + FILE *fp = NULL; + char uid[16]; + char *session = NULL; + char smack_label[BUFF_MAX] = {0, }; + int ret; + + if (cynara_initialize(&cynara, NULL) != CYNARA_API_SUCCESS) { + _E("failed to initialize cynara"); + return false; + } + + fp = fopen("/proc/self/attr/current", "r"); + if (fp != NULL) { + int ch = 0; + int idx = 0; + while (EOF != (ch = fgetc(fp))) { + smack_label[idx] = ch; + idx++; + } + fclose(fp); + } + + pid_t pid = getpid(); + session = cynara_session_from_pid(pid); + snprintf(uid, 16, "%d", getuid()); + uid[15] = '\0'; + + ret = cynara_check(cynara, smack_label, session, uid, privilege_name); + if (session) + free(session); + if (cynara) + cynara_finish(cynara); + if (ret != CYNARA_API_ACCESS_ALLOWED) { + _E("'%s' privilege is not supported on %s", + privilege_name, program_invocation_name); + return false; + } + + return true; +} -- 2.7.4