From 2c80ceaa5fb9d98acb87c85b3baac06d3c60065d Mon Sep 17 00:00:00 2001
From: jongmyeongko <jongmyeong.ko@samsung.com>
Date: Fri, 19 Feb 2016 11:56:13 +0900
Subject: [PATCH] fix TODO items

checking privilege by appid.
checking app runnig status by uid.
checking certficate for trusted event peers.

Change-Id: I3b7a9d1fbbf211c95778ba7df8e399c2390c1af8
Signed-off-by: jongmyeongko <jongmyeong.ko@samsung.com>
---
 CMakeLists.txt     |  2 +-
 packaging/esd.spec |  1 +
 src/esd_main.c     | 73 ++++++++++--------------------------------------------
 3 files changed, 15 insertions(+), 61 deletions(-)

diff --git a/CMakeLists.txt b/CMakeLists.txt
index 0208eef..5d620f0 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -18,7 +18,7 @@ INCLUDE_DIRECTORIES(${CMAKE_SOURCE_DIR}/include ${CMAKE_SOURCE_DIR}/src)
 ### Required packages
 INCLUDE(FindPkgConfig)
 
-pkg_check_modules(pkgs REQUIRED dlog bundle pkgmgr-info glib-2.0 gio-2.0 appsvc aul ecore vconf libtzplatform-config libsystemd-daemon cynara-client cynara-creds-gdbus cynara-session)
+pkg_check_modules(pkgs REQUIRED dlog bundle pkgmgr-info glib-2.0 gio-2.0 appsvc aul ecore vconf libtzplatform-config libsystemd-daemon cynara-client cynara-creds-gdbus cynara-session security-manager)
 
 FOREACH(flag ${pkgs_CFLAGS})
 	SET(EXTRA_CFLAGS "${EXTRA_CFLAGS} ${flag}")
diff --git a/packaging/esd.spec b/packaging/esd.spec
index a84789f..74fd236 100644
--- a/packaging/esd.spec
+++ b/packaging/esd.spec
@@ -23,6 +23,7 @@ BuildRequires:  pkgconfig(libsystemd-daemon)
 BuildRequires:  pkgconfig(cynara-client)
 BuildRequires:  pkgconfig(cynara-creds-gdbus)
 BuildRequires:  pkgconfig(cynara-session)
+BuildRequires:  pkgconfig(security-manager)
 
 Requires(post): /sbin/ldconfig
 Requires(postun): /sbin/ldconfig
diff --git a/src/esd_main.c b/src/esd_main.c
index 5488d15..a21fade 100644
--- a/src/esd_main.c
+++ b/src/esd_main.c
@@ -18,6 +18,7 @@
 #include <cynara-client.h>
 #include <cynara-creds-gdbus.h>
 #include <cynara-session.h>
+#include <security-manager.h>
 #include "eventsystem_daemon.h"
 
 #define GLOBAL_USER tzplatform_getuid(TZ_SYS_GLOBALAPP_USER)
@@ -43,11 +44,6 @@ static const struct privilege_info privilege_check_list[] = {
 	{SYS_EVENT_INCOMMING_MSG, "http://tizen.org/privilege/message.read"}
 };
 
-typedef struct __esd_privilege_check {
-	char *privilege_name;
-	int validation;
-} esd_privilege_check;
-
 static int privilege_check_size = sizeof(privilege_check_list)/sizeof(struct privilege_info);
 
 #ifdef APPFW_EVENT_SYSTEM_EARLIER_FEATURE
@@ -256,12 +252,7 @@ static int __esd_check_certificate_match(uid_t uid, const char *app_id, uid_t fr
 
 	_D("uid(%d), app_id(%s), from_uid(%d), from_appid(%s)", uid, app_id, from_uid, from_appid);
 
-	if (uid != from_uid) {
-		/* TODO(jongmyeong.ko): check cert result if uids are not same */
-		_D("not same uid");
-	}
-
-	ret = pkgmgrinfo_pkginfo_compare_usr_app_cert_info(app_id, from_appid, uid, &res);
+	ret = pkgmgrinfo_pkginfo_compare_usr_app_cert_info(app_id, from_appid, from_uid, &res);
 	if (ret < 0) {
 		_E("failed to check certificate");
 		return ES_R_ERROR;
@@ -286,11 +277,8 @@ static bool __esd_check_application_validation(uid_t uid, const char *appid)
 
 	pkgmgrinfo_appinfo_destroy_appinfo(handle);
 
-	/* FIXME(jongmyeong.ko) */
-	/*
-	if (!aul_app_is_running(appid))
+	if (!aul_app_is_running_for_uid(appid, uid))
 		return false;
-	*/
 
 	return true;
 }
@@ -456,43 +444,26 @@ static bool __esd_check_valid_privilege_by_cynara(const char *appid, const char
 	return has_privilege;
 }
 
-#if 0
-static int __esd_privilege_func(const char *name, void *user_data)
-{
-	esd_privilege_check *epc = (esd_privilege_check *)user_data;
-
-	if (strcmp(name, epc->privilege_name) == 0) {
-		epc->validation = 1;
-		return -1;
-	} else {
-		epc->validation = 0;
-		return 0;
-	}
-}
-#endif
-
 static int __esd_check_app_privileged_event(uid_t uid, const char *appid, const char *pkgid, const char *event_name)
 {
 	char *privilege_name = NULL;
-	char client[256] = {0, };
-	char *user = NULL;
-	int retval = 1;
+	int ret = 0;
+	int result = 0;
 
 	_D("event_name(%s), uid(%d), appid(%s), pkgid(%s)", event_name, uid, appid, pkgid);
 
 	__esd_check_privilege_name(event_name, &privilege_name);
 
 	if (privilege_name) {
-		/* TODO(jongmyeong.ko): getting client should be replaced by cynara api */
-		snprintf(client, 256, "User::App::%s", pkgid);
-		user = (char *)g_strdup_printf("%u", uid);
-		if (!__esd_check_valid_privilege_by_cynara(appid, client, "", user, privilege_name)) {
-			_E("app(%s) has NOT privilege(%s)", appid, privilege_name);
-			retval = 0;
-		}
+		ret = security_manager_app_has_privilege(appid, privilege_name, uid, &result);
+		if (ret != SECURITY_MANAGER_SUCCESS)
+			_E("failed to check privilege(%d)", ret);
+		_D("result(%d)", result);
+	} else {
+		result = 1;
 	}
 
-	return retval;
+	return result;
 }
 
 static void __esd_print_appid_with_eventid(gpointer data, gpointer user_data)
@@ -754,28 +725,10 @@ static void __esd_event_launch_with_appid(gpointer data, gpointer user_data)
 	int pid;
 	char event_uri[1024];
 	bundle *b;
-	/* char *from_appid = (char *)eep->user_data; */
-	/* uid_t from_uid = 0; */
-	/* int ret = 0; */
 
 	_D("launch_on_event: app_id(%s), event_name(%s)", app_id, eep->event_name);
 
-	/* TODO(jongmyeong.ko): for launch by user-event */
-	/*
-	if (from_appid && from_appid[0] != '\0') {
-		ret = __esd_check_certificate_match(uid, app_id, from_uid, from_appid);
-		if (ret != ES_R_OK) {
-			_D("from_appid(%s), no same cert", from_appid);
-			return;
-		}
-	}
-	*/
-
-	/* FIXME(jongmyeong.ko): aul_app_is_running */
-	/*
-	if (!aul_app_is_running(app_id)) {
-	*/
-	if (1) {
+	if (aul_app_is_running_for_uid(app_id, uid)) {
 		snprintf(event_uri, sizeof(event_uri), "event://%s", eep->event_name);
 		b = bundle_dup(eep->event_data);
 		appsvc_set_operation(b, APPSVC_OPERATION_LAUNCH_ON_EVENT);
-- 
2.7.4