From aec384948ca516b84d53750bc9501f4fc584aa92 Mon Sep 17 00:00:00 2001 From: "jaekuk, lee" Date: Mon, 13 Jun 2016 13:18:14 +0900 Subject: [PATCH] change the download-provider permission from root to web_fw Change-Id: I8f54848443c6a4e0b59ea9c56b2c565b847fd203 Signed-off-by: jaekuk, lee --- packaging/download-provider.spec | 9 ++++++-- provider/download-provider-plugin-download-agent.c | 24 +--------------------- systemd/download-provider.service | 3 +++ 3 files changed, 11 insertions(+), 25 deletions(-) mode change 100644 => 100755 systemd/download-provider.service diff --git a/packaging/download-provider.spec b/packaging/download-provider.spec index ccf9113..01d4c67 100755 --- a/packaging/download-provider.spec +++ b/packaging/download-provider.spec @@ -1,7 +1,7 @@ %define _ux_define tizen2.3 Name: download-provider Summary: Download the contents in background -Version: 2.1.55 +Version: 2.1.56 Release: 0 Group: Development/Libraries License: Apache-2.0 @@ -9,6 +9,7 @@ Source0: %{name}-%{version}.tar.gz Requires(post): libdevice-node Requires(post): sqlite Requires(post): connman +Requires: security-config BuildRequires: cmake BuildRequires: pkgconfig(dlog) BuildRequires: pkgconfig(gobject-2.0) @@ -195,12 +196,16 @@ ln -s ../download-provider.socket %{buildroot}/lib/systemd/system/sockets.target #make notify dir in post section for smack mkdir %{TZ_SYS_DATA}/download-provider mkdir -p %{_notifydir} +chown -R web_fw:web_fw %{_notifydir} chsmack -a 'System::Shared' %{_notifydir} -chsmack -t %{_notifydir} +chsmack -t %{_notifydir} mkdir -p --mode=0700 %{_databasedir} +chown -R web_fw:web_fw %{_databasedir} #chsmack -a 'download-provider' %{_databasedir} mkdir -p --mode=0700 %{_database_client_dir} #chsmack -a 'download-provider' %{_database_client_dir} +chown -R web_fw:web_fw %{_database_client_dir} +chown -R web_fw:web_fw %{_data_install_path} %files %defattr(-,root,root,-) diff --git a/provider/download-provider-plugin-download-agent.c b/provider/download-provider-plugin-download-agent.c index abba454..f65f86b 100755 --- a/provider/download-provider-plugin-download-agent.c +++ b/provider/download-provider-plugin-download-agent.c @@ -216,9 +216,7 @@ static int __set_file_permission_to_client(dp_client_slots_fmt *slot, dp_request if (lstat_info.st_mode == fstat_info.st_mode && lstat_info.st_ino == fstat_info.st_ino && lstat_info.st_dev == fstat_info.st_dev) { - if ((fchown(fd, cred.uid, cred.gid) != 0) || - (fchmod(fd, S_IRUSR | S_IWUSR | - S_IRGRP | S_IROTH) != 0)) { + if (fchown(fd, cred.uid, cred.gid) != 0) { TRACE_ERROR("[ERROR][%d] permission user:%d group:%d", request->id, cred.uid, cred.gid); errorcode = DP_ERROR_PERMISSION_DENIED; @@ -240,26 +238,6 @@ static int __set_file_permission_to_client(dp_client_slots_fmt *slot, dp_request TRACE_ERROR("lstat call failed"); errorcode = DP_ERROR_PERMISSION_DENIED; } - if (errorcode == DP_ERROR_NONE && dp_smack_is_mounted() == 1) { - // get smack_label from sql - char *smack_label = dp_db_get_client_smack_label(slot->pkgname); - if (smack_label == NULL) { - TRACE_SECURE_ERROR("[SMACK][%d] no label", request->id); - errorcode = DP_ERROR_PERMISSION_DENIED; - } else { - size_t len = str - (saved_path); - char *dir_path = (char *)calloc(len + 1, sizeof(char)); - if (dir_path != NULL) { - strncpy(dir_path, saved_path, len); - errorcode = dp_smack_set_label(smack_label, dir_path, saved_path); - free(dir_path); - } else { - TRACE_ERROR("[ERROR] calloc"); - errorcode = DP_ERROR_OUT_OF_MEMORY; - } - free(smack_label); - } - } return errorcode; } diff --git a/systemd/download-provider.service b/systemd/download-provider.service old mode 100644 new mode 100755 index 4286283..732d017 --- a/systemd/download-provider.service +++ b/systemd/download-provider.service @@ -3,6 +3,9 @@ Description=Download provider service After=check-mount.service [Service] +User=web_fw +Group=web_fw +SupplementaryGroups=priv_mediastorage Type=simple ExecStart=/usr/bin/download-provider MemoryLimit=100M -- 2.7.4