From 2f71ccfddcf54295092429d3b987fdc8ad010217 Mon Sep 17 00:00:00 2001
From: "taeyoon0.lee" <taeyoon0.lee@samsung.com>
Date: Mon, 22 Jan 2018 17:55:13 +0900
Subject: [PATCH] Addd to check privilege for capture

Change-Id: I666d80e1350f2f8c0cdb80861d8317837d4ff99f
---
 build/tizen/adaptor/Makefile.am               |  6 +-
 build/tizen/adaptor/configure.ac              |  1 +
 .../system/tizen/capture-impl-tizen.cpp       | 72 ++++++++++++++++---
 dali/internal/system/tizen/capture-impl.h     | 13 ++--
 dali/public-api/capture/capture.h             |  6 ++
 packaging/dali-adaptor.spec                   |  1 +
 6 files changed, 84 insertions(+), 15 deletions(-)

diff --git a/build/tizen/adaptor/Makefile.am b/build/tizen/adaptor/Makefile.am
index f5171f167..eb692bebc 100644
--- a/build/tizen/adaptor/Makefile.am
+++ b/build/tizen/adaptor/Makefile.am
@@ -471,11 +471,13 @@ LIBDALI_ADAPTOR_LA_CXXFLAGS += \
                       $(HAPTIC_CFLAGS) \
                       $(EFL_ASSIST_CFLAGS) \
                       $(SCREENCONNECTORPROVIDER_CFLAGS) \
-                      $(APPCORE_WATCH_CFLAGS)
+                      $(APPCORE_WATCH_CFLAGS) \
+                      $(CYNARA_CLIENT_CFLAGS)
 
 LIBDALI_ADAPTOR_LA_LIBADD += \
                       $(SCREENCONNECTORPROVIDER_LIBS) \
-                      $(APPCORE_WATCH_LIBS)
+                      $(APPCORE_WATCH_LIBS) \
+                      $(CYNARA_CLIENT_LIBS)
 endif
 
 if TV_PROFILE
diff --git a/build/tizen/adaptor/configure.ac b/build/tizen/adaptor/configure.ac
index cb48b5f5e..79126f4bc 100644
--- a/build/tizen/adaptor/configure.ac
+++ b/build/tizen/adaptor/configure.ac
@@ -236,6 +236,7 @@ PKG_CHECK_MODULES(SCREENCONNECTORPROVIDER, screen_connector_provider)
 PKG_CHECK_MODULES(APPFW_WATCH, capi-appfw-watch-application,
    [watch_available=yes], [watch_available=no] )
 PKG_CHECK_MODULES(APPCORE_WATCH, appcore-watch)
+PKG_CHECK_MODULES(CYNARA_CLIENT, cynara-client)
 if test "x$watch_available" = "xyes"; then
   DALI_ADAPTOR_CFLAGS="$DALI_ADAPTOR_CFLAGS -DAPPCORE_WATCH_AVAILABLE"
 fi
diff --git a/dali/internal/system/tizen/capture-impl-tizen.cpp b/dali/internal/system/tizen/capture-impl-tizen.cpp
index 8384bee80..98d60773c 100644
--- a/dali/internal/system/tizen/capture-impl-tizen.cpp
+++ b/dali/internal/system/tizen/capture-impl-tizen.cpp
@@ -25,6 +25,10 @@
 #include <dali/integration-api/debug.h>
 #include <fstream>
 #include <string.h>
+#include <cynara-client.h>
+#include <fcntl.h>
+#include <unistd.h>
+#include <system_info.h>
 
 // INTERNAL INCLUDES
 #include <adaptor.h>
@@ -32,6 +36,10 @@
 namespace
 {
 unsigned int TIME_OUT_DURATION = 1000;
+const int SMACK_LABEL_LENGTH = 255;
+
+const char* const CYNARA_CHECK_FILE = "/proc/self/attr/current";
+const char* const SCREEN_SHOT_PRIVILEGE = "http://tizen.org/privilege/screenshot";
 }
 
 namespace Dali
@@ -68,8 +76,11 @@ CapturePtr Capture::New()
 {
   CapturePtr pWorker = new Capture();
 
-  // Second-phase construction
-  pWorker->Initialize();
+  if( pWorker->CheckPrivilege( SCREEN_SHOT_PRIVILEGE ) == false )
+  {
+    DALI_LOG_ERROR( "Capture privilege error: permission denied\n" );
+    return NULL;
+  }
 
   return pWorker;
 }
@@ -78,8 +89,11 @@ CapturePtr Capture::New( Dali::CameraActor cameraActor )
 {
   CapturePtr pWorker = new Capture( cameraActor );
 
-  // Second-phase construction
-  pWorker->Initialize();
+  if( pWorker->CheckPrivilege( SCREEN_SHOT_PRIVILEGE ) == false )
+  {
+    DALI_LOG_ERROR( "Capture privilege error: permission denied\n" );
+    return NULL;
+  }
 
   return pWorker;
 }
@@ -104,10 +118,6 @@ Dali::Capture::CaptureFinishedSignalType& Capture::FinishedSignal()
   return mFinishedSignal;
 }
 
-void Capture::Initialize()
-{
-}
-
 void Capture::CreateSurface( const Vector2& size )
 {
   DALI_ASSERT_ALWAYS(!mTbmSurface && "mTbmSurface is already created.");
@@ -368,6 +378,52 @@ bool Capture::Save()
   return mNativeImageSourcePtr->EncodeToFile( mPath );
 }
 
+bool Capture::CheckPrivilege( const char* privilege ) const
+{
+  cynara* cynara;
+  int fd = 0;
+  int ret = 0;
+  char subjectLabel[SMACK_LABEL_LENGTH + 1] = "";
+  char uid[10] = { 0, };
+  const char* clientSession = "";
+
+  ret = cynara_initialize( &cynara, NULL );
+  if( ret != CYNARA_API_SUCCESS )
+  {
+    return false;
+  }
+
+  fd = open( CYNARA_CHECK_FILE, O_RDONLY );
+  if( fd < 0 )
+  {
+    cynara_finish( cynara );
+    return false;
+  }
+
+  ret = read( fd, subjectLabel, SMACK_LABEL_LENGTH );
+  if( ret < 0 )
+  {
+    close( fd );
+    cynara_finish( cynara );
+    return false;
+  }
+
+  close( fd );
+
+  snprintf( uid, 10, "%d", getuid() );
+
+  ret = cynara_check( cynara, subjectLabel, clientSession, uid, privilege );
+  if( ret != CYNARA_API_ACCESS_ALLOWED )
+  {
+    cynara_finish( cynara );
+    return false;
+  }
+
+  cynara_finish( cynara );
+
+  return true;
+}
+
 }  // End of namespace Adaptor
 
 }  // End of namespace Internal
diff --git a/dali/internal/system/tizen/capture-impl.h b/dali/internal/system/tizen/capture-impl.h
index 040cfaf67..d172fdd08 100644
--- a/dali/internal/system/tizen/capture-impl.h
+++ b/dali/internal/system/tizen/capture-impl.h
@@ -78,11 +78,6 @@ public:
 
 protected:
 
-  /**
-   * @brief Second-phase constructor. Must be called immediately after creating a new Capture;
-   */
-  void Initialize();
-
   /**
    * @brief A reference counted object may only be deleted by calling Unreference()
    */
@@ -204,6 +199,14 @@ private:
    */
   bool Save();
 
+  /**
+   * @brief Checks privilege for Capture
+   *
+   * @param[in] privilege The capture privilege
+   * @return True if input is capture privilege, false otherwise
+   */
+  bool CheckPrivilege( const char* privilege ) const;
+
 private:
 
   // Undefined
diff --git a/dali/public-api/capture/capture.h b/dali/public-api/capture/capture.h
index 635a1e05d..58ee9d87b 100644
--- a/dali/public-api/capture/capture.h
+++ b/dali/public-api/capture/capture.h
@@ -106,22 +106,28 @@ public:
   Capture();
 
   /**
+   * @PRIVLEVEL_PLATFORM
    * @brief Create an initialized Capture.
    *
    * @SINCE_1_3_4
+   * @PRIVILEGE_CAPTURE
    *
    * @return A handle to a newly allocated Dali resource.
    * @note Projection mode of default cameraActor is Dali::Camera::PERSPECTIVE_PROJECTION
+   * @note If permission denied by privilege occurs, a uninitialized handle is returned
    */
   static Capture New();
 
   /**
+   * @PRIVLEVEL_PLATFORM
    * @brief Create an initialized Capture.
    *
    * @SINCE_1_3_4
+   * @PRIVILEGE_CAPTURE
    *
    * @param[in] cameraActor An initialized CameraActor.
    * @return A handle to a newly allocated Dali resource.
+   * @note If permission denied by privilege occurs, a uninitialized handle is returned
    */
   static Capture New( Dali::CameraActor cameraActor );
 
diff --git a/packaging/dali-adaptor.spec b/packaging/dali-adaptor.spec
index a4ae2739c..5d9c7d0e6 100644
--- a/packaging/dali-adaptor.spec
+++ b/packaging/dali-adaptor.spec
@@ -53,6 +53,7 @@ BuildRequires:  pkgconfig(libtzplatform-config)
 BuildRequires:  pkgconfig(capi-appfw-watch-application)
 BuildRequires:  pkgconfig(appcore-watch)
 BuildRequires:  pkgconfig(screen_connector_provider)
+BuildRequires:  pkgconfig(cynara-client)
 %endif
 
 BuildRequires:  pkgconfig(gles20)
-- 
2.34.1