Check thread smack label for thread-based app model

Legacy web service app had been launched on a process but
new web service app is launched on a thread to save memory usage.
With the thread-based app model, the thread smack label needs to be checked
from the path |/proc/<tid>/attr/current|.

Also, checking thread smack label is compatible with process-based app model
because main thread utilizes same path of |/proc/<pid>/attr/current| as well.

Change-Id: Ib02237c926a2deedcd91451a36dd2a3d832cfb04
Signed-off-by: Youngsoo Choi <kenshin.choi@samsung.com>

diff --git a/src/common/tools.cc b/src/common/tools.cc
index 2d87122..21f28b9 100644 (file)
--- a/src/common/tools.cc
+++ b/src/common/tools.cc
@@ -165,9 +165,13 @@ class AccessControlImpl {
     ScopeLogger("Privilege access checked using Cynara.");
 
     char* smack_label = nullptr;
-    int len = smack_new_label_from_self(&smack_label);
+    char path[1024] = {
+        0,
+    };
+    snprintf(path, sizeof(path), "/proc/%lu/attr/current", static_cast<unsigned long>(gettid()));
+    int ret = smack_getlabel(path, &smack_label, SMACK_LABEL_ACCESS);
 
-    if (0 < len && nullptr != smack_label) {
+    if (0 == ret && nullptr != smack_label && 0 < strlen(smack_label)) {
       auto uid = getuid();
 
       SLoggerD("uid: [%u]", uid);
@@ -182,7 +186,7 @@ class AccessControlImpl {
       return;
     }
 
-    int ret = cynara_initialize(&cynara_, nullptr);
+    ret = cynara_initialize(&cynara_, nullptr);
     if (CYNARA_API_SUCCESS != ret) {
       LoggerE("Failed to initialize Cynara");
       cynara_ = nullptr;