diff options
| author | Jiwoong Im <jiwoong.im@samsung.com> | 2015-12-16 14:21:57 +0900 |
|---|---|---|
| committer | Jiwoong Im <jiwoong.im@samsung.com> | 2015-12-16 17:45:48 +0900 |
| commit | 4ca22e9235206b42b35ae66b410e8cda4391acd3 (patch) | |
| tree | ce7388109abb5be4ebabde24984cec46682dce6a | |
| parent | e9eada61304bc8aa696926f504bf5660934ce6ec (diff) | |
| download | aul-1-4ca22e9235206b42b35ae66b410e8cda4391acd3.tar.gz aul-1-4ca22e9235206b42b35ae66b410e8cda4391acd3.tar.bz2 aul-1-4ca22e9235206b42b35ae66b410e8cda4391acd3.zip | |
check call/download privilege only in regular user launch.
Change-Id: Idede215859c4a602238b22a78523bf4319ba1733
Signed-off-by: Jiwoong Im <jiwoong.im@samsung.com>
| -rw-r--r-- | am_daemon/amd_launch.c | 35 | ||||
| -rw-r--r-- | am_daemon/amd_request.c | 38 |
2 files changed, 38 insertions, 35 deletions
diff --git a/am_daemon/amd_launch.c b/am_daemon/amd_launch.c index 92daffdc..02687806 100644 --- a/am_daemon/amd_launch.c +++ b/am_daemon/amd_launch.c @@ -682,30 +682,6 @@ static void __send_mount_request(const struct appinfo *ai, const char *tep_name, } } -static int __check_app_control_privilege(int fd, const char *operation) -{ - int ret = 0; - - if (operation == NULL || fd < 0) - return 0; - - if (!strcmp(operation, AUL_SVC_OPERATION_DOWNLOAD)) { - ret = check_privilege_by_cynara(fd, "http://tizen.org/privilege/download"); - if (ret != 0) { - _E("no privilege for DOWNLOAD operation"); - return -EILLEGALACCESS; - } - } else if (!strcmp(operation, AUL_SVC_OPERATION_CALL)) { - ret = check_privilege_by_cynara(fd, "http://tizen.org/privilege/call"); - if (ret != 0) { - _E("no privilege for CALL operation"); - return -EILLEGALACCESS; - } - } - - return 0; -} - int _send_hint_for_visibility(uid_t uid) { bundle *b = NULL; @@ -741,7 +717,6 @@ int _start_app(const char* appid, bundle* kb, int cmd, int caller_pid, const char *component_type = NULL; const char *process_pool = NULL; const char *tep_name = NULL; - const char *operation = NULL; int pid = -1; char tmpbuf[MAX_PID_STR_BUFSZ]; const char *hwacc; @@ -799,16 +774,6 @@ int _start_app(const char* appid, bundle* kb, int cmd, int caller_pid, if ((ret = __compare_signature(ai, cmd, caller_uid, appid, caller_appid, fd)) != 0) return ret; - /* check privilege */ - operation = bundle_get_val(kb, AUL_SVC_K_OPERATION); - if (operation) { - ret = __check_app_control_privilege(fd, operation); - if (ret != 0) { - __real_send(fd, ret); - return ret; - } - } - multiple = appinfo_get_value(ai, AIT_MULTI); if (!multiple || strncmp(multiple, "false", 5) == 0) pid = _status_app_is_running(appid, caller_uid); diff --git a/am_daemon/amd_request.c b/am_daemon/amd_request.c index 029f2ffb..62c66a9d 100644 --- a/am_daemon/amd_request.c +++ b/am_daemon/amd_request.c @@ -52,6 +52,8 @@ #include "amd_app_group.h" #include "amd_cynara.h" #include "launch.h" +#include "aul_svc.h" +#include "aul_svc_priv_key.h" #define INHOUSE_UID tzplatform_getuid(TZ_USER_NAME) #define REGULAR_UID_MIN 5000 @@ -59,6 +61,8 @@ #define PRIVILEGE_APPMANAGER_LAUNCH "http://tizen.org/privilege/appmanager.launch" #define PRIVILEGE_APPMANAGER_KILL "http://tizen.org/privilege/appmanager.kill" #define PRIVILEGE_APPMANAGER_KILL_BGAPP "http://tizen.org/privilege/appmanager.kill.bgapp" +#define PRIVILEGE_DOWNLOAD "http://tizen.org/privilege/download" +#define PRIVILEGE_CALL "http://tizen.org/privilege/call" #define MAX_NR_OF_DESCRIPTORS 2 #define PENDING_REQUEST_TIMEOUT 5000 /* msec */ @@ -414,6 +418,30 @@ static void __handle_agent_dead_signal(struct ucred *pcr) __agent_dead_handler(pcr->uid); } +static int __check_app_control_privilege(int fd, const char *operation) +{ + int ret = 0; + + if (operation == NULL || fd < 0) + return 0; + + if (!strcmp(operation, AUL_SVC_OPERATION_DOWNLOAD)) { + ret = check_privilege_by_cynara(fd, PRIVILEGE_DOWNLOAD); + if (ret != 0) { + _E("no privilege for DOWNLOAD operation"); + return -EILLEGALACCESS; + } + } else if (!strcmp(operation, AUL_SVC_OPERATION_CALL)) { + ret = check_privilege_by_cynara(fd, PRIVILEGE_CALL); + if (ret != 0) { + _E("no privilege for CALL operation"); + return -EILLEGALACCESS; + } + } + + return 0; +} + static int __dispatch_get_socket_pair(int clifd, const app_pkt_t *pkt, struct ucred *cr) { char *caller; @@ -698,6 +726,7 @@ static int __dispatch_app_start(int clifd, const app_pkt_t *pkt, struct ucred *c rua_stat_pkt_t *rua_stat_item = NULL; bool pending = false; struct pending_item *pending_item; + const char *operation = NULL; kb = bundle_decode(pkt->data, pkt->len); if (kb == NULL) { @@ -728,6 +757,15 @@ static int __dispatch_app_start(int clifd, const app_pkt_t *pkt, struct ucred *c GLOBAL_USER, clifd, &pending); } } else { + operation = bundle_get_val(kb, AUL_SVC_K_OPERATION); + if (operation) { + ret = __check_app_control_privilege(clifd, operation); + if (ret != 0) { + __real_send(clifd, ret); + goto error; + } + } + ret = _start_app(appid, kb, pkt->cmd, cr->pid, cr->uid, clifd, &pending); } |