diff options
author | Hwankyu Jhun <h.jhun@samsung.com> | 2017-04-05 09:01:27 +0900 |
---|---|---|
committer | Hwankyu Jhun <h.jhun@samsung.com> | 2017-04-05 15:51:17 +0900 |
commit | aea0dfef35062ac64e64ac733f77c8b66c034f7a (patch) | |
tree | 204e5423375cb48e16253d6977c93a1ea8e328e8 | |
parent | 9c1d0a0b1241306627e928a80b8a367c40479dc7 (diff) | |
download | launchpad-aea0dfef35062ac64e64ac733f77c8b66c034f7a.tar.gz launchpad-aea0dfef35062ac64e64ac733f77c8b66c034f7a.tar.bz2 launchpad-aea0dfef35062ac64e64ac733f77c8b66c034f7a.zip |
Check privacy before executing an application
If the security_manager_prepare_app_privacy() returns an error,
the launch request will be rejected.
Change-Id: Iaa4f1341ff684cef33cfeea35921fa3c017bce80
Signed-off-by: Hwankyu Jhun <h.jhun@samsung.com>
-rwxr-xr-x | src/launchpad.c | 9 | ||||
-rw-r--r-- | src/launchpad_lib.c | 10 |
2 files changed, 17 insertions, 2 deletions
diff --git a/src/launchpad.c b/src/launchpad.c index 5cf71de..e316954 100755 --- a/src/launchpad.c +++ b/src/launchpad.c @@ -707,8 +707,15 @@ static int __prepare_exec(const char *appid, const char *app_path, /* TODO : should be add to check permission in the kernel*/ setsid(); - /* SET PRIVILEGES*/ if (bundle_get_val(kb, AUL_K_PRIVACY_APPID) == NULL) { + /* CHECK PRIVACY */ + ret = security_manager_prepare_app_privacy(appid); + if (ret != SECURITY_MANAGER_SUCCESS) { + _W("Launching %s has been denied.", appid); + return PAD_ERR_REJECTED; + } + + /* SET PRIVILEGES*/ ret = security_manager_prepare_app(appid); if (ret != SECURITY_MANAGER_SUCCESS) return PAD_ERR_REJECTED; diff --git a/src/launchpad_lib.c b/src/launchpad_lib.c index 927046e..ce13216 100644 --- a/src/launchpad_lib.c +++ b/src/launchpad_lib.c @@ -67,9 +67,17 @@ static int __prepare_exec(const char *appid, const char *app_path, __preexec_run(pkg_type, appid, app_path); - /* SET PRIVILEGES*/ SECURE_LOGD("[candidata] appid : %s / pkg_type : %s / app_path : %s", appid, pkg_type, app_path); + + /* CHECK PRIVACY */ + ret = security_manager_prepare_app_privacy(appid); + if (ret != SECURITY_MANAGER_SUCCESS) { + _W("Launching %s has been denied.", appid); + return -1; + } + + /* SET PRIVILEGES*/ ret = security_manager_prepare_app(appid); if (ret != SECURITY_MANAGER_SUCCESS) { _D("fail to set privileges - " \ |