Apply SMACK Privilege.

Change-Id: I2126565d0e65b068377fc3d2403b103d7b76ab1c

2 files changed, 57 insertions, 73 deletions

diff --git a/framework/transaction-manager/MsgTransManager.cpp b/framework/transaction-manager/MsgTransManager.cpp
index dfffac3..f4f5bda 100755
--- a/framework/transaction-manager/MsgTransManager.cpp
+++ b/framework/transaction-manager/MsgTransManager.cpp
@@ -320,27 +320,24 @@ void MsgTransactionManager::handleRequest(int fd)
 	if (pCmd->cmdType > MSG_CMD_NUM)
 		THROW(MsgException::OUT_OF_RANGE, "request CMD is not defined");
 
-	if (pCmd->cmdType < MSG_CMD_GET_REPORT_STATUS)
-	{
-		// check privilege
-		if (checkPrivilege(pCmd->cmdType, pCmd->cmdCookie) == false)
-		{
+	// check privilege
+	if (checkPrivilege(fd, pCmd->cmdType) == false) {
+		MSG_DEBUG("No Privilege rule. Not allowed.");
 #ifdef MSG_CHECK_PRIVILEGE
-			eventSize = sizeof(MSG_EVENT_S);
+		eventSize = sizeof(MSG_EVENT_S);
 
-			pEventData = new char[eventSize];
+		pEventData = new char[eventSize];
 
-			MSG_EVENT_S* pMsgEvent = (MSG_EVENT_S*)pEventData;
+		MSG_EVENT_S* pMsgEvent = (MSG_EVENT_S*)pEventData;
 
-			pMsgEvent->eventType = pCmd->cmdType;
-			pMsgEvent->result = MSG_ERR_SECURITY_ERROR;
+		pMsgEvent->eventType = pCmd->cmdType;
+		pMsgEvent->result = MSG_ERR_SECURITY_ERROR;
 
-			MSG_DEBUG("Replying to fd [%d], size [%d]", fd, eventSize);
-			servSock.write(fd, pEventData, eventSize);
+		MSG_DEBUG("Replying to fd [%d], size [%d]", fd, eventSize);
+		servSock.write(fd, pEventData, eventSize);
 
-			return;
+		return;
 #endif
-		}
 	}
 
 	// determine the handler based on pCmd->cmdType
@@ -504,78 +501,65 @@ void MsgTransactionManager::cleanup(int fd)
 }
 
 
-bool MsgTransactionManager::checkPrivilege(MSG_CMD_TYPE_T CmdType, const char *pCookie)
+bool MsgTransactionManager::checkPrivilege(int fd, MSG_CMD_TYPE_T CmdType)
 {
-	if (CmdType >= MSG_CMD_PLG_SENT_STATUS_CNF && CmdType <= MSG_CMD_PLG_INIT_SIM_BY_SAT)
+	bool bAllowed = true;
+	switch(CmdType)
 	{
-		MSG_DEBUG("Request from Plug-in");
-		return true;
-	}
-
-	// Get Cookie from APP
-	if (pCookie == NULL)
+	case MSG_CMD_GET_MSG:
+	case MSG_CMD_COUNT_MSG:
+	case MSG_CMD_COUNT_BY_MSGTYPE:
 	{
-		MSG_DEBUG("Cookie is NULL");
-		return false;
+		int ret = security_server_check_privilege_by_sockfd(fd, "msg-service::read", "rw");
+		if (ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED) {
+			MSG_DEBUG("No msg-service::read rw rule.");
+			bAllowed = false;
+		}
 	}
-
-#ifdef MSG_FOR_DEBUG
-	for (int i = 0; i < MAX_COOKIE_LEN; i++)
+	break;
+	case MSG_CMD_OPEN_HANDLE:
+	case MSG_CMD_SUBMIT_REQ:
+	case MSG_CMD_SET_CB_OPT:
+	case MSG_CMD_ADD_PUSH_EVENT:
+	case MSG_CMD_DELETE_PUSH_EVENT:
 	{
-		MSG_DEBUG("cookie : [%02x]", pCookie[i]);
-	}
-#endif
-
-	// Check Cookie
-	size_t cookieSize;
-	gid_t gid;
-
-	cookieSize = security_server_get_cookie_size();
-
-	MSG_DEBUG("cookie size : [%d]", cookieSize);
-
-//	char cookie[MAX_COOKIE_LEN];
-
-	// Get GID
-	if (CmdType == MSG_CMD_REG_INCOMING_SYNCML_MSG_CB)
-	{
-		MSG_DEBUG("get GID for message_sync");
-		gid = security_server_get_gid("message_sync");
+		int ret = security_server_check_privilege_by_sockfd(fd, "msg-service::write", "rw");
+		if (ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED) {
+			MSG_DEBUG("No msg-service::write rw rule.");
+			bAllowed = false;
+		}
 	}
-	else if (CmdType == MSG_CMD_REG_INCOMING_LBS_MSG_CB)
+	break;
+	case MSG_CMD_REG_INCOMING_MSG_CB:
 	{
-		MSG_DEBUG("get GID for message_lbs");
-		gid = security_server_get_gid("message_lbs");
+		int ret = security_server_check_privilege_by_sockfd(fd, "msg-service::smstrigger", "rw");
+		if (ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED) {
+			MSG_DEBUG("No msg-service::smstrigger rw rule.");
+			bAllowed = false;
+		}
 	}
-	else
+	break;
+	case MSG_CMD_REG_INCOMING_CB_MSG_CB:
 	{
-		MSG_DEBUG("get GID for message");
-		gid = security_server_get_gid("message");
+		int ret = security_server_check_privilege_by_sockfd(fd, "msg-service::cellbroadcast", "rw");
+		if (ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED) {
+			MSG_DEBUG("No msg-service::cellbroadcast rw rule.");
+			bAllowed = false;
+		}
 	}
-
-	MSG_DEBUG("gid [%d]", gid);
-
-	int retVal = 0;
-
-	retVal = security_server_check_privilege(pCookie, gid);
-
-	if (retVal < 0)
+	break;
+	case MSG_CMD_REG_INCOMING_PUSH_MSG_CB:
 	{
-		if (retVal == SECURITY_SERVER_API_ERROR_ACCESS_DENIED)
-		{
-			MSG_DEBUG("access denied !! [%d]", retVal);
-		}
-		else
-		{
-			MSG_DEBUG("fail to check privilege [%d]", retVal);
+		int ret = security_server_check_privilege_by_sockfd(fd, "msg-service::wappush", "rw");
+		if (ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED) {
+			MSG_DEBUG("No msg-service::wappush rw rule.");
+			bAllowed = false;
 		}
-
-		return false;
+	}
+	break;
 	}
 
-	MSG_DEBUG("privilege check success !!");
-
-	return true;
+	return bAllowed;
 }
 
 
diff --git a/include/framework/MsgTransManager.h b/include/framework/MsgTransManager.h
index 6263801..129a411 100755
--- a/include/framework/MsgTransManager.h
+++ b/include/framework/MsgTransManager.h
@@ -100,7 +100,7 @@ private:
 
 	void handleRequest(int fd);
 	void cleanup(int fd);
-	bool checkPrivilege(MSG_CMD_TYPE_T CmdType, const char *pCookie);
+	bool checkPrivilege(int fd, MSG_CMD_TYPE_T CmdType);
 
 	static MsgTransactionManager* pInstance;