From f47be2f7c4dc5e76912d814fb5dd72c1bf108090 Mon Sep 17 00:00:00 2001
From: Hyotaek Shim <hyotaek.shim@samsung.com>
Date: Fri, 13 Apr 2018 14:52:29 +0900
Subject: [PATCH] Add defense code for wrong use cases Only Tizen applications
 and user session daemons can use
 storage_get_root_directory(STORAGE_TYPE_INTERNAL, ...).

Change-Id: I107b027a06843bbd88f7a1008f8051b6c5430b79
Signed-off-by: Hyotaek Shim <hyotaek.shim@samsung.com>
---
 src/storage.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/src/storage.c b/src/storage.c
index cd3e29a..33bfc8e 100644
--- a/src/storage.c
+++ b/src/storage.c
@@ -28,6 +28,8 @@
 #include "storage-external.h"
 
 #define BLOCK_CONF_FILE         "/etc/storaged/block.conf"
+#define USER_UID_START		5000
+
 const char *dir_path[STORAGE_DIRECTORY_MAX];
 
 const int tz_id[STORAGE_DIRECTORY_MAX] = {
@@ -123,6 +125,12 @@ API int storage_get_root_directory(int storage_id, char **path)
 		return STORAGE_ERROR_INVALID_PARAMETER;
 	}
 
+	if (storage_id == STORAGE_TYPE_INTERNAL && getuid() < USER_UID_START) {
+		_E("Only Tizen applications and user session daemons can use \
+			storage_get_root_directory(STORAGE_TYPE_INTERNAL, ...)");
+		return STORAGE_ERROR_INVALID_PARAMETER;
+	}
+
 	/* internal storage */
 	DD_LIST_FOREACH(st_int_head, elem, st) {
 		if (st->storage_id != storage_id)
-- 
2.7.4