update privilgesandbox/chanwoochoi/privilge

Change-Id: Ie4dbad7bae308aab6641657fd6f9678b3cadf10c
Signed-off-by: Chanwoo Choi <cw00.choi@samsung.com>

5 files changed, 29 insertions, 6 deletions

diff --git a/CMakeLists.txt b/CMakeLists.txt
index 18f595b..8af0f5a 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -33,6 +33,7 @@ SET(SRCS
 	src/util/thread.c
 	src/util/queue.c
 	src/util/kernel.c
+	src/util/privilege.c
 	src/main.c
 	#Generated by a custom command 'gdbus-codegen' below
 	src/pass/pass-dbus-stub.c
@@ -74,6 +75,9 @@ SET(PKG_MODULES
 	libnl-genl-3.0
 	json-c
 	hal-api-power
+	cynara-client
+	cynara-creds-socket
+	cynara-session
 )
 
 INCLUDE(FindPkgConfig)
diff --git a/include/util/privilege.h b/include/util/privilege.h
index c1bd97f..8295f67 100644
--- a/include/util/privilege.h
+++ b/include/util/privilege.h
@@ -21,6 +21,6 @@
 
 #include <stdbool.h>
 
-bool is_privilege_supported(const char *privilege_name);
+bool is_privilege_supported(int sock_fd, const char *privilege_name);
 
 #endif
diff --git a/packaging/pass.spec b/packaging/pass.spec
index dac786f..558ddd8 100644
--- a/packaging/pass.spec
+++ b/packaging/pass.spec
@@ -28,6 +28,7 @@ BuildRequires:  pkgconfig(libsystemd)
 BuildRequires:  pkgconfig(json-c)
 BuildRequires:  pkgconfig(hal-api-power)
 BuildRequires:  pkgconfig(cynara-client)
+BuildRequires:  pkgconfig(cynara-creds-socket)
 BuildRequires:  pkgconfig(cynara-session)
 
 %description
diff --git a/src/monitor/request-handler.c b/src/monitor/request-handler.c
index 324d0fc..fad5b21 100644
--- a/src/monitor/request-handler.c
+++ b/src/monitor/request-handler.c
@@ -28,6 +28,7 @@
 #include <util/log.h>
 #include <util/resource.h>
 #include <util/thread.h>
+#include <util/privilege.h>
 #include <monitor/request.h>
 #include <monitor/monitor.h>
 
@@ -40,6 +41,8 @@
 #include <sys/time.h>
 #include <assert.h>
 
+#define PRIVILEGE_SYSTEMMONITOR        "http://tizen.org/privilege/systemmonitor"
+
 #define PENDING_MAX 3
 #define REQUEST_SERVER_PORT 10001
 
@@ -1221,6 +1224,11 @@ static int request_server_func(void *ctx, void **result)
 				goto error_out_close;
 			}
 
+			if (!is_privilege_supported(new_socket, PRIVILEGE_SYSTEMMONITOR)) {
+				_E("privilige is not supported");
+				break;
+			}
+
 			create_request_client(new_socket);
 		}
 
diff --git a/src/util/privilege.c b/src/util/privilege.c
index d577223..4295531 100644
--- a/src/util/privilege.c
+++ b/src/util/privilege.c
@@ -22,6 +22,7 @@
 #include <stdlib.h>
 
 #include <cynara-client.h>
+#include <cynara-creds-socket.h>
 #include <cynara-session.h>
 
 #include <util/log.h>
@@ -30,21 +31,29 @@
 
 extern char *program_invocation_name;
 
-bool is_privilege_supported(const char *privilege_name)
+bool is_privilege_supported(int sock_fd, const char *privilege_name)
 {
 	cynara *cynara = NULL;
 	FILE *fp = NULL;
 	char uid[16];
 	char *session = NULL;
 	char smack_label[BUFF_MAX] = {0, };
+	char attr_path[BUFF_MAX] = {0, };
 	int ret;
+	pid_t pid;
 
 	if (cynara_initialize(&cynara, NULL) != CYNARA_API_SUCCESS) {
 		_E("failed to initialize cynara");
 		return false;
 	}
 
-	fp = fopen("/proc/self/attr/current", "r");
+	if (cynara_creds_socket_get_pid(sock_fd, &pid) != CYNARA_API_SUCCESS) {
+		_E("failed to get pid via cynara");
+		return false;
+	}
+	snprintf(attr_path, BUFF_MAX, "/proc/%d/attr/current", pid);
+
+	fp = fopen(attr_path, "r");
 	if (fp != NULL) {
 		int ch = 0;
 		int idx = 0;
@@ -55,7 +64,8 @@ bool is_privilege_supported(const char *privilege_name)
 		fclose(fp);
 	}
 
-	pid_t pid = getpid();
+	_I("sock_fd(%d) pid(%d), smack_lable(%s)", sock_fd, pid, smack_label);
+
 	session = cynara_session_from_pid(pid);
 	snprintf(uid, 16, "%d", getuid());
 	uid[15] = '\0';
@@ -66,8 +76,8 @@ bool is_privilege_supported(const char *privilege_name)
 	if (cynara)
 		cynara_finish(cynara);
 	if (ret != CYNARA_API_ACCESS_ALLOWED) {
-		_E("'%s' privilege is not supported on %s",
-				privilege_name, program_invocation_name);
+		_E("'%s' privilege is not supported on pid(%d)",
+					privilege_name, pid);
 		return false;
 	}