diff options
author | Sung-jae Park <nicesj.park@samsung.com> | 2013-06-24 17:15:47 +0900 |
---|---|---|
committer | Sung-jae Park <nicesj.park@samsung.com> | 2013-06-24 17:15:47 +0900 |
commit | 82454a2906c1c2cc0dcfd75efe6e8ef431072ba9 (patch) | |
tree | 2bb94359d9c568ca5216bdf3d67896c158ddb2eb | |
parent | a72f340ff2ccb4e5ced0dbd825399f882a649657 (diff) | |
download | data-provider-master-82454a2906c1c2cc0dcfd75efe6e8ef431072ba9.tar.gz data-provider-master-82454a2906c1c2cc0dcfd75efe6e8ef431072ba9.tar.bz2 data-provider-master-82454a2906c1c2cc0dcfd75efe6e8ef431072ba9.zip |
User level smack control added for notification
Change-Id: I58b89984321e8a249fbd976eeb8eb613e29ad439
-rw-r--r-- | src/badge_service.c | 9 | ||||
-rw-r--r-- | src/notification_service.c | 40 |
2 files changed, 48 insertions, 1 deletions
diff --git a/src/badge_service.c b/src/badge_service.c index 5b50595..9a91fc8 100644 --- a/src/badge_service.c +++ b/src/badge_service.c @@ -41,6 +41,8 @@ static struct info { .svc_ctx = NULL, /*!< \WARN: This is only used for MAIN THREAD */ }; +#define ENABLE_BS_ACCESS_CONTROL 0 + struct context { struct tcb *tcb; double seq; @@ -292,7 +294,6 @@ static int _is_valid_permission(int fd, struct badge_service *service) ret = security_server_check_privilege_by_sockfd(fd, service->rule, service->access); if (ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED) { ErrPrint("SMACK:Access denied\n"); - return 0; } } @@ -365,8 +366,14 @@ static int service_thread_main(struct tcb *tcb, struct packet *packet, void *dat if (strcmp(service_req_table[i].cmd, command)) continue; +#if ENABLE_BS_ACCESS_CONTROL + if (_is_valid_permission(tcb_fd(tcb), &(service_req_table[i])) == 1) { + service_req_table[i].handler(tcb, packet, data); + } +#else _is_valid_permission(tcb_fd(tcb), &(service_req_table[i])); service_req_table[i].handler(tcb, packet, data); +#endif break; } diff --git a/src/notification_service.c b/src/notification_service.c index fec5fa4..4f89bae 100644 --- a/src/notification_service.c +++ b/src/notification_service.c @@ -22,6 +22,7 @@ #include <packet.h> #include <sys/smack.h> +#include <security-server.h> #include <notification_ipc.h> #include <notification_noti.h> @@ -35,6 +36,7 @@ #ifndef NOTIFICATION_DEL_PACKET_UNIT #define NOTIFICATION_DEL_PACKET_UNIT 10 #endif +#define ENABLE_NS_ACCESS_CONTROL 0 static struct info { Eina_List *context_list; @@ -52,6 +54,8 @@ struct context { struct noti_service { const char *cmd; void (*handler)(struct tcb *tcb, struct packet *packet, void *data); + const char *rule; + const char *access; }; /*! @@ -345,6 +349,21 @@ static void _handler_service_register(struct tcb *tcb, struct packet *packet, vo } } +static int _is_valid_permission(int fd, struct noti_service *service) +{ + int ret; + + if (service->rule != NULL && service->access != NULL) { + ret = security_server_check_privilege_by_sockfd(fd, service->rule, service->access); + if (ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED) { + ErrPrint("SMACK:Access denied\n"); + return 0; + } + } + + return 1; +} + /*! * SERVICE THREAD */ @@ -356,30 +375,44 @@ static int service_thread_main(struct tcb *tcb, struct packet *packet, void *dat { .cmd = "add_noti", .handler = _handler_insert, + .rule = "data-provider-master::notification.client", + .access = "w", }, { .cmd = "update_noti", .handler = _handler_update, + .rule = "data-provider-master::notification.client", + .access = "w", }, { .cmd = "refresh_noti", .handler = _handler_refresh, + .rule = "data-provider-master::notification.client", + .access = "w", }, { .cmd = "del_noti_single", .handler = _handler_delete_single, + .rule = "data-provider-master::notification.client", + .access = "w", }, { .cmd = "del_noti_multiple", .handler = _handler_delete_multiple, + .rule = "data-provider-master::notification.client", + .access = "w", }, { .cmd = "service_register", .handler = _handler_service_register, + .rule = NULL, + .access = NULL, }, { .cmd = NULL, .handler = NULL, + .rule = NULL, + .access = NULL, }, }; @@ -403,7 +436,14 @@ static int service_thread_main(struct tcb *tcb, struct packet *packet, void *dat if (strcmp(service_req_table[i].cmd, command)) continue; +#if ENABLE_NS_ACCESS_CONTROL + if (_is_valid_permission(tcb_fd(tcb), &(service_req_table[i])) == 1) { + service_req_table[i].handler(tcb, packet, data); + } +#else + _is_valid_permission(tcb_fd(tcb), &(service_req_table[i])); service_req_table[i].handler(tcb, packet, data); +#endif break; } |