diff options
author | Keebum Kim <keebum.kim@samsung.com> | 2013-05-03 17:13:52 +0900 |
---|---|---|
committer | Keebum Kim <keebum.kim@samsung.com> | 2013-05-03 17:13:52 +0900 |
commit | 6d563fd0f7c82e31e0193d15a3e49062347eb27c (patch) | |
tree | 08170d20f416d97dfac4d9ab90c2da8d643b419c | |
parent | bf53013f035152dd2d0b3c811cf5030972ccb345 (diff) | |
download | msg-service-6d563fd0f7c82e31e0193d15a3e49062347eb27c.tar.gz msg-service-6d563fd0f7c82e31e0193d15a3e49062347eb27c.tar.bz2 msg-service-6d563fd0f7c82e31e0193d15a3e49062347eb27c.zip |
Apply SMACK Privilege.
Change-Id: I2126565d0e65b068377fc3d2403b103d7b76ab1c
-rwxr-xr-x | framework/transaction-manager/MsgTransManager.cpp | 128 | ||||
-rwxr-xr-x | include/framework/MsgTransManager.h | 2 |
2 files changed, 57 insertions, 73 deletions
diff --git a/framework/transaction-manager/MsgTransManager.cpp b/framework/transaction-manager/MsgTransManager.cpp index dfffac3..f4f5bda 100755 --- a/framework/transaction-manager/MsgTransManager.cpp +++ b/framework/transaction-manager/MsgTransManager.cpp @@ -320,27 +320,24 @@ void MsgTransactionManager::handleRequest(int fd) if (pCmd->cmdType > MSG_CMD_NUM) THROW(MsgException::OUT_OF_RANGE, "request CMD is not defined"); - if (pCmd->cmdType < MSG_CMD_GET_REPORT_STATUS) - { - // check privilege - if (checkPrivilege(pCmd->cmdType, pCmd->cmdCookie) == false) - { + // check privilege + if (checkPrivilege(fd, pCmd->cmdType) == false) { + MSG_DEBUG("No Privilege rule. Not allowed."); #ifdef MSG_CHECK_PRIVILEGE - eventSize = sizeof(MSG_EVENT_S); + eventSize = sizeof(MSG_EVENT_S); - pEventData = new char[eventSize]; + pEventData = new char[eventSize]; - MSG_EVENT_S* pMsgEvent = (MSG_EVENT_S*)pEventData; + MSG_EVENT_S* pMsgEvent = (MSG_EVENT_S*)pEventData; - pMsgEvent->eventType = pCmd->cmdType; - pMsgEvent->result = MSG_ERR_SECURITY_ERROR; + pMsgEvent->eventType = pCmd->cmdType; + pMsgEvent->result = MSG_ERR_SECURITY_ERROR; - MSG_DEBUG("Replying to fd [%d], size [%d]", fd, eventSize); - servSock.write(fd, pEventData, eventSize); + MSG_DEBUG("Replying to fd [%d], size [%d]", fd, eventSize); + servSock.write(fd, pEventData, eventSize); - return; + return; #endif - } } // determine the handler based on pCmd->cmdType @@ -504,78 +501,65 @@ void MsgTransactionManager::cleanup(int fd) } -bool MsgTransactionManager::checkPrivilege(MSG_CMD_TYPE_T CmdType, const char *pCookie) +bool MsgTransactionManager::checkPrivilege(int fd, MSG_CMD_TYPE_T CmdType) { - if (CmdType >= MSG_CMD_PLG_SENT_STATUS_CNF && CmdType <= MSG_CMD_PLG_INIT_SIM_BY_SAT) + bool bAllowed = true; + switch(CmdType) { - MSG_DEBUG("Request from Plug-in"); - return true; - } - - // Get Cookie from APP - if (pCookie == NULL) + case MSG_CMD_GET_MSG: + case MSG_CMD_COUNT_MSG: + case MSG_CMD_COUNT_BY_MSGTYPE: { - MSG_DEBUG("Cookie is NULL"); - return false; + int ret = security_server_check_privilege_by_sockfd(fd, "msg-service::read", "rw"); + if (ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED) { + MSG_DEBUG("No msg-service::read rw rule."); + bAllowed = false; + } } - -#ifdef MSG_FOR_DEBUG - for (int i = 0; i < MAX_COOKIE_LEN; i++) + break; + case MSG_CMD_OPEN_HANDLE: + case MSG_CMD_SUBMIT_REQ: + case MSG_CMD_SET_CB_OPT: + case MSG_CMD_ADD_PUSH_EVENT: + case MSG_CMD_DELETE_PUSH_EVENT: { - MSG_DEBUG("cookie : [%02x]", pCookie[i]); - } -#endif - - // Check Cookie - size_t cookieSize; - gid_t gid; - - cookieSize = security_server_get_cookie_size(); - - MSG_DEBUG("cookie size : [%d]", cookieSize); - -// char cookie[MAX_COOKIE_LEN]; - - // Get GID - if (CmdType == MSG_CMD_REG_INCOMING_SYNCML_MSG_CB) - { - MSG_DEBUG("get GID for message_sync"); - gid = security_server_get_gid("message_sync"); + int ret = security_server_check_privilege_by_sockfd(fd, "msg-service::write", "rw"); + if (ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED) { + MSG_DEBUG("No msg-service::write rw rule."); + bAllowed = false; + } } - else if (CmdType == MSG_CMD_REG_INCOMING_LBS_MSG_CB) + break; + case MSG_CMD_REG_INCOMING_MSG_CB: { - MSG_DEBUG("get GID for message_lbs"); - gid = security_server_get_gid("message_lbs"); + int ret = security_server_check_privilege_by_sockfd(fd, "msg-service::smstrigger", "rw"); + if (ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED) { + MSG_DEBUG("No msg-service::smstrigger rw rule."); + bAllowed = false; + } } - else + break; + case MSG_CMD_REG_INCOMING_CB_MSG_CB: { - MSG_DEBUG("get GID for message"); - gid = security_server_get_gid("message"); + int ret = security_server_check_privilege_by_sockfd(fd, "msg-service::cellbroadcast", "rw"); + if (ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED) { + MSG_DEBUG("No msg-service::cellbroadcast rw rule."); + bAllowed = false; + } } - - MSG_DEBUG("gid [%d]", gid); - - int retVal = 0; - - retVal = security_server_check_privilege(pCookie, gid); - - if (retVal < 0) + break; + case MSG_CMD_REG_INCOMING_PUSH_MSG_CB: { - if (retVal == SECURITY_SERVER_API_ERROR_ACCESS_DENIED) - { - MSG_DEBUG("access denied !! [%d]", retVal); - } - else - { - MSG_DEBUG("fail to check privilege [%d]", retVal); + int ret = security_server_check_privilege_by_sockfd(fd, "msg-service::wappush", "rw"); + if (ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED) { + MSG_DEBUG("No msg-service::wappush rw rule."); + bAllowed = false; } - - return false; + } + break; } - MSG_DEBUG("privilege check success !!"); - - return true; + return bAllowed; } diff --git a/include/framework/MsgTransManager.h b/include/framework/MsgTransManager.h index 6263801..129a411 100755 --- a/include/framework/MsgTransManager.h +++ b/include/framework/MsgTransManager.h @@ -100,7 +100,7 @@ private: void handleRequest(int fd); void cleanup(int fd); - bool checkPrivilege(MSG_CMD_TYPE_T CmdType, const char *pCookie); + bool checkPrivilege(int fd, MSG_CMD_TYPE_T CmdType); static MsgTransactionManager* pInstance; |