From ebbd65bca1de41051d8a3005d66b9dca27bff853 Mon Sep 17 00:00:00 2001
From: Minje Ahn <minje.ahn@samsung.com>
Date: Tue, 22 Sep 2015 14:33:32 +0900
Subject: [PATCH] Add cynara for check requested path [temporary code]

Change-Id: I3de0420ee385a70a671c0d90049d072b944f18d4
Signed-off-by: Minje Ahn <minje.ahn@samsung.com>
---
 CMakeLists.txt                            |  2 +-
 packaging/capi-content-media-content.spec |  2 +
 src/media_content.c                       | 77 +++++++++++++++++++++++++++++++
 3 files changed, 80 insertions(+), 1 deletion(-)

diff --git a/CMakeLists.txt b/CMakeLists.txt
index 3f2bf0d..845a360 100755
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -9,7 +9,7 @@ SET(PREFIX ${CMAKE_INSTALL_PREFIX})
 SET(INC_DIR include)
 INCLUDE_DIRECTORIES(${INC_DIR})
 
-SET(dependents "dlog libmedia-service media-thumbnail libmedia-utils capi-base-common vconf")
+SET(dependents "dlog libmedia-service media-thumbnail libmedia-utils capi-base-common vconf cynara-client cynara-creds-socket cynara-session")
 SET(pc_dependents "dlog capi-base-common")
 
 INCLUDE(FindPkgConfig)
diff --git a/packaging/capi-content-media-content.spec b/packaging/capi-content-media-content.spec
index 9d408ee..cc65da3 100755
--- a/packaging/capi-content-media-content.spec
+++ b/packaging/capi-content-media-content.spec
@@ -14,6 +14,8 @@ BuildRequires:  pkgconfig(media-thumbnail)
 BuildRequires:  pkgconfig(libmedia-utils)
 BuildRequires:  pkgconfig(vconf)
 BuildRequires:  pkgconfig(libtzplatform-config)
+BuildRequires:  pkgconfig(cynara-client)
+BuildRequires:  pkgconfig(cynara-session)
 
 %description
 A Media content library in SLP C API package.
diff --git a/src/media_content.c b/src/media_content.c
index 2a373c9..7ba9e05 100755
--- a/src/media_content.c
+++ b/src/media_content.c
@@ -27,12 +27,26 @@
 #include <dirent.h>
 #include <fcntl.h>
 
+#include <grp.h>
+#include <pwd.h>
+
+#include <cynara-client.h>
+#include <cynara-session.h>
+#include <cynara-error.h>
+#include <cynara-creds-socket.h>
+
 
 static attribute_h g_attr_handle = NULL;
 static attribute_h g_alias_attr_handle = NULL;
 static MediaSvcHandle *db_handle = NULL;
 static int ref_count = 0;
 static GMutex db_mutex;
+#ifndef SCM_SECURITY
+#define SCM_SECURITY 0x03
+#endif
+
+static cynara *_cynara = NULL;
+G_LOCK_DEFINE_STATIC(cynara_mutex);
 
 static __thread media_noti_cb_s *g_noti_info = NULL;
 
@@ -555,6 +569,60 @@ static int __media_content_destroy_attribute_handle(void)
 	return ret;
 }
 
+/* Temporary Code [remove after  inserted gid patch by security part] */
+int __media_content_cynara_check(const char *privilege)
+{
+	int ret = MEDIA_CONTENT_ERROR_NONE;
+	int result;
+	char *session = NULL;
+	pid_t pid;
+	char c_uid[20] = {0, };
+	char *smack = NULL;
+	FILE *pFile = NULL;
+	char buf[255] = {0, };
+
+	ret = cynara_initialize(&_cynara, NULL);
+	if (ret != CYNARA_API_SUCCESS) {
+		media_content_error("cynara_initialize", ret);
+		return MEDIA_CONTENT_ERROR_INVALID_OPERATION;
+	}
+
+	sprintf(c_uid, "%d", tzplatform_getuid(TZ_USER_NAME));
+
+	pid = getpid();
+
+	session = cynara_session_from_pid(pid);
+	if (session == NULL) {
+		media_content_error("cynara_session_from_pid failed");
+		return MEDIA_CONTENT_ERROR_INVALID_OPERATION;
+	}
+
+	pFile = fopen( "/proc/self/attr/current", "r" );
+	if (pFile != NULL) {
+		smack = fgets(buf, sizeof(buf), pFile);
+		fclose(pFile);
+	} else {
+		media_content_error("current info read failed");
+		return MEDIA_CONTENT_ERROR_INVALID_OPERATION;
+	}
+
+
+	G_LOCK(cynara_mutex);
+	result = cynara_check(_cynara, smack, session, c_uid, privilege);
+	G_UNLOCK(cynara_mutex);
+
+	if (result != CYNARA_API_ACCESS_ALLOWED)
+		media_content_error("cynara_check", result);
+
+	SAFE_FREE(session);
+
+	cynara_finish(_cynara);
+	_cynara = NULL;
+
+	return result == CYNARA_API_ACCESS_ALLOWED ? MEDIA_CONTENT_ERROR_NONE : MEDIA_CONTENT_ERROR_PERMISSION_DENIED;
+}
+
+
 attribute_h _content_get_attirbute_handle(void)
 {
 	return g_attr_handle;
@@ -907,6 +975,15 @@ int media_content_scan_folder(const char *path, bool is_recursive, media_scan_co
 
 	media_content_retvm_if(!STRING_VALID(path), MEDIA_CONTENT_ERROR_INVALID_PARAMETER, "Invalid path");
 
+	/* Temporary Code [remove after  inserted gid patch by security part] */
+	if (strncmp(path, "/usr/storage", strlen("/usr/storage")) == 0) {
+		ret = __media_content_cynara_check("http://tizen.org/privilege/externalstorage");
+		media_content_retvm_if(ret == MEDIA_CONTENT_ERROR_PERMISSION_DENIED, ret, "Permission Denied");
+	} else {
+		ret = __media_content_cynara_check("http://tizen.org/privilege/mediastorage");
+		media_content_retvm_if(ret == MEDIA_CONTENT_ERROR_PERMISSION_DENIED, ret, "Permission Denied");
+	}
+
 	memset(storage_id, 0x00, sizeof(storage_id));
 
 	ret = __media_content_check_dir(path);
-- 
2.7.4