Check thread smack label for thread-based app model

Web app has been launched on a process but
web service app is launched on a thread and has thread-based app sandboxing
by smack rule. So, the thread smack label needs to be checked
from the path |/proc/<tid>/attr/current|.

Also, checking thread smack label is compatible with process-based web app
because main thread inherits its process smack label from the path
|/proc/self/attr/current|.

Change-Id: I7098ff0672ab4fbb41d1df4e05e435a6cff6e5fc
Signed-off-by: Youngsoo Choi <kenshin.choi@samsung.com>

diff --git a/src/package_manager_internal.c b/src/package_manager_internal.c
index 74fe41b..512821c 100644 (file)
--- a/src/package_manager_internal.c
+++ b/src/package_manager_internal.c
@@ -17,6 +17,7 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <fcntl.h>
+#include <sys/syscall.h>
 #include <unistd.h>
 
 #include <pkgmgr-info.h>
@@ -29,6 +30,7 @@
 #include "package_manager_internal.h"
 
 #define MAX_SMACK_LABEL_LEN 255
+#define gettid() syscall(SYS_gettid)
 
 typedef struct _foreach_pkg_context_ {
        package_manager_package_info_cb callback;
@@ -44,8 +46,18 @@ int check_privilege(privilege_type type)
        char uid[10];
        char *session;
        const char *privilege;
+       unsigned long pid = getpid();
+       unsigned long tid = gettid();
 
-       fd = open("/proc/self/attr/current", O_RDONLY);
+       if (pid == tid) {
+               fd = open("/proc/self/attr/current", O_RDONLY);
+       } else {
+               // Check current thread smack label.
+               char path[256] = { 0 };
+               pid = tid;
+               snprintf(path, sizeof(path), "/proc/%lu/attr/current", tid);
+               fd = open(path, O_RDONLY);
+       }
        if (fd < 0) {
                LOGE("open failed: %d", errno);
                return PACKAGE_MANAGER_ERROR_IO_ERROR;
@@ -66,7 +78,7 @@ int check_privilege(privilege_type type)
        }
 
        snprintf(uid, 10, "%d", getuid());
-       session = cynara_session_from_pid(getpid());
+       session = cynara_session_from_pid(pid);
 
        switch (type) {
        case PRIVILEGE_PACKAGE_MANAGER_INFO: