[common] Use thread_local (instead of static) objects for access checks

Beginning with Tizen 6.5, a new web service app model has been
introduced. Each service is now a thread of the "master" service
process, instead of having the whole process for its disposal, as it
used to be earlier.
To control privileges of particular services, we need to initialize
the cynara and related objects for each thread separately. Thus we
make them thread_local (one instance per thread) instead of static
(one instance per process).
Similarily, we make RequestStoragePrivilegeChecker thread_local,
so that each app will create its own instance of such object.

[Verification] The code was tested manually in a web service app.
Before this commit, all web services were using the same smack label to
initialize cynara object (the label of the thread that first
initialized the static objects).
Now, each thread initializes cynara with its own smack label.
Each thread uses separate RequestStoragePrivilegeChecker.

Change-Id: I5e6ffae05ed12e60d09c23fdbdc462a6022e926b
Signed-off-by: Pawel Wasowski <p.wasowski2@samsung.com>

diff --git a/src/common/tools.cc b/src/common/tools.cc
index 332a79b..b39b2cd 100644 (file)
--- a/src/common/tools.cc
+++ b/src/common/tools.cc
@@ -301,7 +301,7 @@ class AccessControlImpl {
 class AccessControl {
  public:
   static AccessControl& GetInstance() {
-    static AccessControl instance;
+    thread_local AccessControl instance;
     return instance;
   }
 
@@ -345,7 +345,7 @@ PlatformResult CheckAccess(const std::vector<std::string>& privileges) {
   // the underlying databases. This is especially the case since the same mappings can end up
   // being retrieved several times.
   using MappedPrivilegeCache = std::map<std::string, std::vector<std::string>>;
-  static MappedPrivilegeCache mapped_privilege_cache;
+  thread_local MappedPrivilegeCache mapped_privilege_cache;
 
   std::string api_version;
   PlatformResult res = common::tools::GetPkgApiVersion(&api_version);
@@ -415,6 +415,9 @@ PlatformResult GetPkgApiVersion(std::string* api_version) {
   // Local cache of API version string.  This can be expensive to retrieve from
   // underlying databases and this routine can be called many times during
   // application launch.
+
+  // TODO: don't use PID to identify the application when getting
+  // API version (since Tizen 6.5 web service apps share PID)
   static std::string cached_api_version;
   static int cached_pid = -1;
 
@@ -529,7 +532,7 @@ struct RequestStoragePrivilegeChecker {
 };
 
 bool IsStoragePrivilegeCheckNeeded() {
-  static RequestStoragePrivilegeChecker checker{};
+  thread_local RequestStoragePrivilegeChecker checker{};
   return checker.isStorageAccessCheckNeeded;
 }