diff options
| -rw-r--r-- | CMakeLists.txt | 1 | ||||
| -rw-r--r-- | packaging/libwidget_service.spec | 1 | ||||
| -rw-r--r-- | src/widget_service.c | 59 |
3 files changed, 61 insertions, 0 deletions
diff --git a/CMakeLists.txt b/CMakeLists.txt index 7ff419b..215c621 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -28,6 +28,7 @@ pkg_check_modules(pkgs REQUIRED aul libtzplatform-config uuid + cynara-client ) FOREACH(flag ${pkgs_CFLAGS}) diff --git a/packaging/libwidget_service.spec b/packaging/libwidget_service.spec index aaf5bf5..43c30f8 100644 --- a/packaging/libwidget_service.spec +++ b/packaging/libwidget_service.spec @@ -24,6 +24,7 @@ BuildRequires: pkgconfig(capi-system-info) BuildRequires: pkgconfig(libtzplatform-config) BuildRequires: pkgconfig(libxml-2.0) BuildRequires: pkgconfig(aul) +BuildRequires: pkgconfig(cynara-client) %if "%{model_build_feature_widget}" == "0" ExclusiveArch: diff --git a/src/widget_service.c b/src/widget_service.c index 60681a6..3897bee 100644 --- a/src/widget_service.c +++ b/src/widget_service.c @@ -28,6 +28,9 @@ #include <pkgmgr-info.h> #include <system_info.h> #include <dlog.h> +#include <cynara-client.h> +#include <stdio.h> +#include <fcntl.h> #include "widget_errno.h" #include "debug.h" @@ -36,6 +39,7 @@ #include "widget_service.h" #define MAX_BUF_SIZE 4096 +#define SMACK_LABEL_LEN 255 static GList *lifecycle_cbs; @@ -60,6 +64,58 @@ static inline bool _is_widget_feature_enabled(void) return feature; } +static int check_privilege(const char *privilege) +{ + cynara *p_cynara; + + int fd = 0; + int ret = 0; + + char subject_label[SMACK_LABEL_LEN + 1] = ""; + char uid[10] = {0,}; + char *client_session = ""; + + ret = cynara_initialize(&p_cynara, NULL); + if (ret != CYNARA_API_SUCCESS) { + LOGE("cannot init cynara [%d] failed!", ret); + ret = -1; + goto out; + } + + fd = open("/proc/self/attr/current", O_RDONLY); + if (fd < 0) { + LOGE("open [%d] failed!", errno); + ret = -1; + goto out; + } + + ret = read(fd, subject_label, SMACK_LABEL_LEN); + if (ret < 0) { + LOGE("read [%d] failed!", errno); + close(fd); + ret = -1; + goto out; + } + close(fd); + + snprintf(uid, 10, "%d", getuid()); + + ret = cynara_check(p_cynara, subject_label, client_session, uid, + privilege); + if (ret != CYNARA_API_ACCESS_ALLOWED) { + LOGE("cynara access check [%d] failed!", ret); + ret = -1; + goto out; + } + + ret = 0; +out: + if (p_cynara) + cynara_finish(p_cynara); + + return ret; +} + #define ROOT_USER 0 #define GLOBALAPP_USER tzplatform_getuid(TZ_SYS_GLOBALAPP_USER) static int _is_global(uid_t uid) @@ -423,6 +479,9 @@ EAPI int widget_service_get_widget_list(widget_list_cb cb, void *data) return WIDGET_ERROR_INVALID_PARAMETER; } + if (check_privilege("http://tizen.org/privilege/widget.viewer") < 0) + return WIDGET_ERROR_PERMISSION_DENIED; + ret = _get_widget_list(NULL, getuid(), &list); if (ret == WIDGET_ERROR_NONE) ret = _get_widget_list(NULL, GLOBALAPP_USER, &list); |