Check privacy before executing an application

If the security_manager_prepare_app_privacy() returns an error,
the launch request will be rejected.

Change-Id: Iaa4f1341ff684cef33cfeea35921fa3c017bce80
Signed-off-by: Hwankyu Jhun <h.jhun@samsung.com>

2 files changed, 17 insertions, 2 deletions

diff --git a/src/launchpad.c b/src/launchpad.c
index 5cf71de..fef9868 100755
--- a/src/launchpad.c
+++ b/src/launchpad.c
@@ -707,8 +707,15 @@ static int __prepare_exec(const char *appid, const char *app_path,
 	/* TODO : should be add to check permission in the kernel*/
 	setsid();
 
-	/* SET PRIVILEGES*/
 	if (bundle_get_val(kb, AUL_K_PRIVACY_APPID) == NULL) {
+		/* CHECK PRIVACY */
+		ret = security_manager_prepare_app_privacy(appid);
+		if (ret != SECURITY_MANAGER_SUCCESS) {
+			_W("Launching %s has been prohibited", appid);
+			return PAD_ERR_REJECTED;
+		}
+
+		/* SET PRIVILEGES*/
 		ret = security_manager_prepare_app(appid);
 		if (ret != SECURITY_MANAGER_SUCCESS)
 			return PAD_ERR_REJECTED;
diff --git a/src/launchpad_lib.c b/src/launchpad_lib.c
index 927046e..c73c4fd 100644
--- a/src/launchpad_lib.c
+++ b/src/launchpad_lib.c
@@ -67,9 +67,17 @@ static int __prepare_exec(const char *appid, const char *app_path,
 
 	__preexec_run(pkg_type, appid, app_path);
 
-	/* SET PRIVILEGES*/
 	SECURE_LOGD("[candidata] appid : %s / pkg_type : %s / app_path : %s",
 		appid, pkg_type, app_path);
+
+	/* CHECK PRIVACY */
+	ret = security_manager_prepare_app_privacy(appid);
+	if (ret != SECURITY_MANAGER_SUCCESS) {
+		_W("Launching %s has been prohibited", appid);
+		return -1;
+	}
+
+	/* SET PRIVILEGES*/
 	ret = security_manager_prepare_app(appid);
 	if (ret != SECURITY_MANAGER_SUCCESS) {
 		_D("fail to set privileges - " \